The world of NFTs has fallen prey to an unexpected wave of school-age cyber bandits, orchestrating intricate phishing scams that have netted them millions in stolen assets.
The digital finance platform Orbiter Finance was victimized last month when a false journalist impersonating an employee of a cryptocurrency news outlet deceived a Discord moderator. This ruse allowed the false journalist to gain control of the Discord server, limiting administrators’ abilities and preventing community members from messaging.
The infiltrator used this control to promote a fictitious airdrop event, directing users to a phishing site meant to steal their NFTs. As a result, NFTs and tokens valued at approximately one million dollars were taken.
The incident involving Orbiter Finance is one of numerous exploits recorded in recent times, involving stolen NFTs and compromised Discord servers or Twitter accounts. According to the NFT analyst and security specialist OKHotshot, at least 900 Discord servers have been exploited since December 2021 to conduct phishing attacks.
These attacks have affected approximately 32,000 victim wallets in the past nine months, according to data from PeckShield and various Dune Analytics dashboards. The total value of stolen NFTs and tokens surpasses $73 million.
A trend of NFT draining exploits is facilitated by a black market for drain code.
The perpetrators acquire this code from Telegram and Discord channels managed by its developers, purchasing it with the agreement to share 20-30% of their profits with the developer. This code is then integrated into websites and used to steal NFTs and other assets from victims lured by fraudulent means, such as the fake news site used in the Orbiter Finance incident.
Interestingly, most of these perpetrators are school-age individuals, as stated by a pseudonymous security researcher named Plum from NFT marketplace OpenSea. Many of these young individuals tend to use their illicit gains to purchase consumer goods or services, and even gamble.
They make attempts to hide their activities, such as paying individuals in low-income nations to register on exchanges using their personal information. However, there is limited interest from law enforcement in pursuing these individuals.
Draining codes like Monkey, Venom, Inferno, Pussy, and Angel have been used in various exploits resulting in significant financial losses. A recent addition to these codes is Pink, linked to an individual initially known as a security researcher.
To mitigate the risks of such attacks, Plum suggests using security-focused wallet extensions and maintaining multiple wallets. Funds should be kept in cold wallets, and unnecessary permissions to interact with tokens should be revoked. Practicing such measures can help prevent devastating financial losses.