A pseudonymous user, known as “s27,” today lost roughly $570,000 worth of non-fungible tokens (NFTs) after exchanging his Bored Ape Yacht Club (BAYC) #1584 and two Mutant Ape Yacht Club (MAYC) tokens for fraudulent NFTs deceptively disguised as genuine.
The exchange was first spotted by crypto enthusiast Quit thanks to his Discord server configured to track ape listings that are at least 5% below their floor price in Ethereum (ETH):
“The pings are rare, but when they happen it generally means one of two things: somebody is panic selling, or somebody is compromised. When I saw the notification for #1584, I instantly knew it was the latter.”
Indeed, according to NFT marketplace OpenSea’s records, BAYC #1584 as well as MAYC #13168 and MAYC #13169 were transferred from s27 to another address today — literally for free.
Further, Quit discovered that not only did s27 transfer his valuable NFTs to a scammer, but he was also the initiator of the trade. As it turned out, s27 used Swap.Kiwi, a blockchain service that allows collectors to swap certain NFTs for others — preferably of equal or greater value — just like trading cards. But as usual, there was a catch.
Do your own research
Investigating further, Quit has tracked down the scammer’s NFTs that s27 received after the swap was made. All of them appeared as genuine BAYC tokens — but only at first glance.
6/ Well, the hacker used that to his advantage. Here are the apes that s27 received in return: https://t.co/08bubCsCpLhttps://t.co/pIgu3mRGVYhttps://t.co/r3svn1PAqo
You’ll see that each has the green check added directly to the image. pic.twitter.com/qc6E3bGibg
— quit (@0xQuit) April 5, 2022
In reality, the “green checkmark” Swap.Kiwi uses to verify that tokens are really authentic can be easily counterfeited via a simple image editor — and that’s exactly what the scammer did. Essentially, he downloaded some “jpegs” depicting a few expensive BAYC apes and added a fake watermark so that they would appear like the real deal when displayed on Swap.Kiwi.
Of course, a deeper look into the scammer’s wallet would reveal that his tokens are anything but genuine, although a lot of crypto users oftentimes neglect such procedures, sadly.
Shortly after receiving the BAYC and two MAYC NFTs, the scammer sold them for 98.85 ETH (currently around $350,00), 23 ETH ($81,000), and 25.25 ETH ($90,000) — worth a total of $521,000 at press time. However, these listings were lower than their corresponding floor prices, placing s27’s potential loss in the ballpark of $570,000, according to Quit.
9/ So what can you, the tradoooor, do to protect yourself? Well, there are a few things.
– If it sounds too good to be true, it probably is.
– Close your DMs. Negotiate in public.
– Always assume everybody is out to get you. They probably are.
– Independently verify EVERYTHING— quit (@0xQuit) April 5, 2022
Meanwhile, NFT holders are seemingly becoming the prime target for scammers of all sorts who, in their turn, keep coming up with increasingly inventive schemes for their endeavors. As CryptoSlate reported, crypto users discovered a new wave of Discord NFT scams just yesterday, April 4. And it is very unlikely that bad actors are planning to dial down their activity any time soon.
Source: https://cryptoslate.com/user-loses-570000-worth-of-ape-nfts-to-fake-verification-scam/