The Federal Bureau of Investigation (FBI) in the United States has issued a warning regarding criminal actors who are hijacking social media accounts and posing as legitimate figures in the nonfungible token (NFT) and cryptocurrency industry. These scammers have been causing concerns with spoof websites that deceive victims into believing they are using genuine platforms, ultimately leading to the theft of their NFTs and crypto assets.
The FBI's caution comes as the number of victims falling prey to these scams continues to rise. One recent incident involved hackers posting a phishing link from the X account of Uniswap founder Hayden Adams.
In a public service announcement on August 4, the FBI urged people to be cautious of "criminal actors posing as legitimate NFT developers in financial fraud schemes targeting active users within the NFT community." These criminals either gain unauthorized access to NFT developer social media accounts or create nearly identical accounts to promote new NFT releases. The fraudulent posts typically aim to create a sense of urgency by using phrases like "limited supply" and referring to the promotion as a "surprise" or an unannounced mint.
The scammers include phishing links in these posts, leading victims to spoofed websites that appear to be legitimate extensions of specific NFT projects. Once on these websites, victims are often prompted to connect their wallets to claim or purchase NFTs. However, unknowingly, they end up connecting to a drainer smart contract, resulting in the loss of their funds or assets.
There are instances where the scams can be more intricate. Users may have their funds drained even if they do not directly connect their wallet to a suspicious website. For example, a user in an X thread on August 5, going by the username StockEd, admitted mistakenly clicking on a spoof LooksRare NFT marketplace website. They didn't connect their hot wallet, yet more than $300,000 worth of NFTs were stolen from them.
Alarming situations like these occur when fake websites are promoted at the top of Google's search results as paid ads, a long-standing issue that remains unsolved by Google.
In some cases, malware might be used to gain access or control over a victim's computer, allowing scammers to drain their NFTs and crypto assets. Other times, the scam website may have a hidden MetaMask wallet signature link that can be accidentally clicked, leading to the loss of funds.
The FBI's warning includes several tips to protect oneself from these scams. First and foremost, individuals are urged to research and vet any opportunity, such as surprise NFT drops or giveaways, before clicking on any links. It is crucial to double-check website URLs and account names for any discrepancies to avoid falling victim to impersonators.
In light of the increasing sophistication of phishing scams and social media account hijackers, users in the NFT and crypto space must exercise caution and stay vigilant. By following the FBI's guidelines and being aware of the tactics employed by these criminals, users can better protect themselves and their valuable assets from falling into the wrong hands.