The collection of NFT, a recent format in which digital works of art have been sold to the original code of the World Wide Web, began to suffer the first scams, with a case in which cybercriminals have stolen close to 450,000 dollars, although its owner was later able to recover the files.
NFT, short for non-fungible token, is a blockchain-based technology that guarantees the authenticity of a file in digital format as a work of art, as well as who is its owner. Up to $ 69 million has been paid for a digital artwork by artist Beeple.
Cybercrime is no stranger to this trend and an NFT collector, Jeff Nicholas, suffered the theft of his entire portfolio of NFT files, valued at 150 units of the cryptocurrency ethereum, about $ 450,000.
Cybercriminals contacted Nicholas when he wrote to a fictitious version of the Discord channel on the NFT OpenSea platform, using common social engineering techniques to impersonate the company’s technical support and help him fix a rights issue.
The attackers convinced Nicholas to share his screen with them, and they used this information to scan the QR code that served as a key to his digital wallet and transfer all the NFT files it contained to another.
However, due to the functioning of the blockchain wallets, OpenSea was able to find the wallet that the criminals sent the NFTs to, although other people had already bought them without knowing that they were stolen.
The files were recovered thanks to the action of Nicholas and Sohrob Farudi, another NFT collector who on his Twitter account claims to have lost more than $ 800,000 in another social engineering scam, also on Discord and Opensea.
To prevent future similar attacks, OpenSea added an SOS button with which NFT wallet owners can lock them when they lose control of them, while the MetaMask digital wallet has disabled QR codes as keys for security.