In a shocking turn of events, a savvy scammer has made off with a treasure trove of valuable NFTs worth around $239,676 in the Blur marketplace.
The unfortunate victim, known as 0xQuit on X (formerly Twitter), reported the theft, which included six Bored Ape Yacht Club NFTs, 40 Beanz, and three Elementals, all sold for a mere one wei each—essentially zero.
The scam was no ordinary heist. The attacker exploited a loophole in the Blur marketplace’s listing system to conduct private sales, despite Blur’s usual policies against such listings. 0xQuit, a Solidity developer and auditor, explained that the scammer manipulated the royalty settings of the NFTs, avoiding the public accessibility requirement.
In typical NFT scams, victims are tricked into listing their assets for virtually nothing, allowing automated bots to snap them up by paying higher fees, leaving the scammer with empty pockets. However, the game has evolved. Scammers now trick victims into listing their NFTs at high prices but ensure all proceeds go straight to the scammer’s address.
This new tactic involves setting a rule that cancels any transaction unless the scammer is buying, effectively making the sale private. This prevents other buyers from intercepting these low-priced listings.
The scam unfolded when the victim signed something on a phishing website, usually promoted by an impersonator account on social media advertising a free mint or airdrop checker. The incident underscores the ongoing risks in the NFT space and highlights the need for increased vigilance and security measures to protect valuable digital assets.