In an unsettling turn of events within the digital marketplace, an individual fell victim to a sophisticated phishing operation on the Blur platform, resulting in a massive loss of non-fungible tokens (NFTs). According to reports circulated on X (previously known as Twitter) by user 0xQuit, the individual was deceived into listing valuable NFTs—including six from the Bored Ape Yacht Club collection, 40 Beanz, and three Elementals—at the nominal value of one wei, virtually rendering them priceless. These digital assets, crucial within the burgeoning NFT sector, were collectively valued at approximately $239,676, considering their current lowest market prices.
The orchestration of this scam capitalized on a vulnerability within Blur’s system, which typically prohibits private listings. Drawing on this loophole allowed the scammer to bypass the platform’s default settings, manipulating the royalty configurations of the NFTs for unauthorized gains. This novel approach deviates from conventional scams where victims are lured into listing assets at negligible prices for bots to exploit. Instead, the scam strategy involved enticing sellers into marking NFTs at steep prices, redirecting the sale proceeds directly to the perpetrator’s account through a meticulously placed rule that nullifies any transaction not initiated by the scammer. This effectively locks out any potential genuine buyers, ensuring the scammer remains the sole beneficiary of the transacted NFTs.
0xQuit, who has a background as a Solidity developer and auditor, further divulged that the scam was facilitated through a phishing website. Victims were often misled by impersonator accounts on X, promoting deceptive offers such as free mints or airdrop checkers, culminating in victims unknowingly authorizing transactions that compromised their assets.
The incident throws light on the persistent challenge of NFT-related scams, which have plagued the digital marketplace since NFTs’ meteoric rise in popularity between late 2020 and early 2021. Although such scams have motivated concerted efforts to clamp down on these fraudulent schemes—including law enforcement’s pursuit of culprits behind multi-million dollar thefts—they continue to pose a significant risk to both users and platforms alike. Notably, authorities in the UK recently charged three individuals involved in a $3 million scam concerning the “Evolved Apes” NFT collection last year.
While the NFT community reels from the impact of such fraudulent activities, platforms like Blur are under scrutiny to enhance security measures and protect their users from falling prey to similar scams in the future. As of now, Blur has yet to issue a formal response to the incident.