A user known as 0xQuit recently lost NFTs worth nearly $240,000 in a sophisticated scam on the Blur marketplace.
The theft included six Bored Ape Yacht Club NFTs, 40 Beanz, and three Elementals, all sold for a negligible amount of one wei each.
The scammer exploited a vulnerability in Blur’s listing system, enabling private sales despite the platform’s policies.
By manipulating the royalty settings, the attacker avoided public listings and carried out the theft undetected.
The victim, 0xQuit, a Solidity developer and auditor, detailed that the scam involved tricking users into signing transactions on a phishing website.
Promoted on social media, these sites often lure users with promises of free airdrops or minting opportunities.
Once signed, the scammer set rules to ensure only their transactions could proceed, effectively making the sale private.
Unlike typical NFT scams where victims list their assets for almost nothing, this new method involves listing NFTs at high prices, but diverting all proceeds to the scammer’s address.
The scammer sets a rule cancelling any transaction unless they are the buyer, preventing other buyers from intercepting the low-priced listings.
This incident highlights the ongoing risks in the NFT market and underscores the importance of vigilance and robust security measures to protect digital assets.
As scams become more sophisticated, users must remain cautious of too-good-to-be-true offers and always verify the authenticity of websites before signing any transactions.