Blur Marketplace Stole $240,000 Worth of NFTs

Risks abound in the crypto space, particularly when working with nfts. A recent event on Blur Marketplace brought these risks to light. One user lost $240,000 worth of nfts after falling for a phishing scam. A source from x.com/0xQuit/status/1808310280906330607″ data-wpel-link=”external” target=”_blank” rel=”nofollow external noopener noreferrer”>x(twitter) revealed this information.

nfts-in-scam-754×1024.jpg” fetchpriority=”high” decoding=”async” aria-describedby=”caption-attachment-138957″ alt=”Three Elementals, 40 Beanz and six nfts from Bored Ape Yacht Club were the targets of the fraud” width=”754″ height=”1024″ data-brsrcset=”https://technicalterrence.com/wp-content/uploads/2024/07/Blur-Marketplace-Stole-240000-Worth-of-NFTs”https://technicalterrence.com/crypto/nft/”>nfts-in-scam-754×1024.jpg 754w, https://technicalterrence.com/wp-content/uploads/2024/07/Blur-Marketplace-Stole-240000-Worth-of-NFTs”https://technicalterrence.com/crypto/nft/”>nfts-in-scam-221×300.jpg 221w, https://technicalterrence.com/wp-content/uploads/2024/07/Blur-Marketplace-Stole-240000-Worth-of-NFTs”https://technicalterrence.com/crypto/nft/”>nfts-in-scam-768×1043.jpg 768w, https://technicalterrence.com/wp-content/uploads/2024/07/Blur-Marketplace-Stole-240000-Worth-of-NFTs”https://technicalterrence.com/crypto/nft/”>nfts-in-scam.jpg 854w” data-brsizes=”(max-width: 754px) 100vw, 754px”/>

Three Elementals, 40 Beanz, and six nfts from Bored Ape Yacht Club were targeted in the scam. Source: x

The target of the scam were three Elementals, 40 Beanz, and six Bored Ape Yacht Club nfts. The stolen nfts were put up for sale on the marketplace for just one WEI dollar each. To put this into context, the WEI dollar is the smallest unit of ether, making the trading price close to zero.

How the scam worked

This scam was sophisticated. It took advantage of a loophole in Blur’s listing procedure. The scammer manipulated the copyright settings of high-value nfts. This diversion of profits to their address allowed them to profit from the scam. They used a rule that canceled existing transactions to keep their activities hidden.

The owner was unaware that the scammer had listed the nfts. Essentially, this bypassed the platform’s security measures. By manipulating the nfts’ royalty settings, the scammer bypassed the platform’s anti-private listing restriction. He was able to set up a private sale as a result, ensuring that the transaction could only be completed through his address.

Solidity developer and auditor 0xQuit shed light on the scammer’s strategies. Using the bait-and-switch technique, the scammer lured the victim by promising a free nft minting event or airdrop that was promoted on social media. The user unwittingly approved a transaction on a fake website after being tricked by the scammers.

This incident is not unique. Coinfomania reported on a similar phishing scam in May, where a scammer named PinkDrainer “stole” three Bored Ape Yacht Club nfts worth around $145,000 from user tatis.eth. This shows a worrying trend of sophisticated scams in the nft space.

Final Thoughts

The recent phishing scam on Blur Marketplace highlights the risks that exist in the cryptocurrency and nft spaces. Scammers are continually finding new ways to exploit loopholes in the system and trick users. You should stay informed regularly and take security measures, as this is critical to safeguarding digital assets.