Sophisticated NFT Scam Campaign Exposed: Over 100 Projects Targeted

Recent investigations by Check Point Research have exposed a large-scale, sophisticated NFT scam campaign, marking a new era in digital asset fraud. This campaign is notable for its unique methodology, employing source spoofing techniques to target a wide range of token holders, involving over 100 popular projects.

The scam primarily targets individuals listed as token holders, such as those holding APE tokens. Attackers send an airdrop labeled as an Ape NFT airdrop, leveraging the absence of direct access to the email addresses of token owners. The attackers craft a website for each targeted token, lending transactions an appearance of legitimacy and originating from trusted sources.

This campaign’s modus operandi involves setting up dedicated websites for claiming fake rewards. Victims enticed to connect their wallets to these sites, unknowingly grant full access to their funds. The stages of the attack include:

1. Receiving an airdrop from a reputable source.
2. Claiming an NFT reward on a fraudulent website.
3. Connecting wallets to the website, authorizing the attacker.
4. Attackers then drain all funds from the victim’s wallet.

This elaborate NFT scam sheds light on increasingly sophisticated methods used by attackers in the digital asset space. It’s a stark reminder of the need for constant vigilance and skepticism, especially in high-value asset environments like NFTs and cryptocurrencies.