If there is one thing that the NFT space, unfortunately, has a lot of, it’s scammers who are more than happy to steal valuable assets. And these scammers target all sorts of people, from top celebrities to everyday people and sometimes, even the creators of the NFTs.
One of the latest incidents involving NFT scammers features one who stole a whopping 14 Bored Ape Yacht Club NFTs worth a combined $ 1 million. These activities were reported by a web3 security analyst who goes by the name @Serpent on a December 17, 2022 Twitter thread.
How the Scammer Pulled it Off
As Serpent explained, this heist wasn’t a quick operation but was more of a months-long ‘social engineering scam’ that involved a fake licensing deal. These days, it is fairly common for owners of Bored Ape NFTs to license them for commercial deals and this is what the scammer, who was allegedly identified on Twitter, leveraged. They claimed to be working for a company called Forte Pictures which had offices at Sony Pictures Studio and used the fake name, Jason Brubeck.
While there is actually a company called Forte Pictures, it has no association with the scammer, who created a fake website and even social media pages for the company and a fake NFT platform called ‘Unemployed’. According to Serpent, the scammer took great care to convince the user of their legitimacy, hosting Twitter spaces and creating fake accounts for nonexistent Bored Ape users to interact with Unemployed.
“They spent many hours in calls, talked with victims for weeks, created fake pitches and partnerships, formed fake legal contracts, hosting frequent Twitter spaces[..] This was a long-term sophisticated scam, slowly building credibility over a long period of time,” Serpent says.
After the victim was convinced of the legitimacy, contracts were sent via email and they were told to accept a ‘bid’ for licensing the apes on the Unemployed website. When the victim visited the site, they were told to digitally accept the bid. However, the ‘bid’ them bundled all their NFTs together, worth about $1 million, and sold it to the scammer for 0.00000001 ETH.
Once the scammer had control of the NFTs, they sold all of them privately and converted the assets to DAI and sent them to a wallet. The funds and NFTs have still not been recovered and this serves as an example to others, Serpent said. They also outlined a few steps that users can take to avoid such situations such as not signing Seaport signatures outside of OpenSea and always confirming identity. It should also be noted that centralized platforms have popped up that connect NFT holders with those looking to license their assets.
The Dangers in Licensing
Licensing is a new way for NFT holders to make money off their assets but as this incident shows, scammers are trying to take advantage of it.
While this incident is unfortunate, some guidelines can be gotten from it to avoid anyone else falling victim.