In a worrying development, hundreds of users have recently fallen victim to phishing scams involving NFT airdrops on the Polygon network, resulting in a shocking loss of over $1.2 million.
On June 23, Scam Sniffer, an onchain anti-scam crypto platform, disclosed concerning details about this scam, warning that as the incident unfolds, more victims are being added to the list.
At the time of Scam Sniffer’s investigation, scammers had orchestrated approximately 1,354 fraudulent NFTs on the Polygon network, deceptively mimicking legitimate airdrops from well-known projects like RocketPool, ApeCoin, Polygon, Uniswap, and Aave.
Unsuspecting users who received these airdropped NFTs were enticed into visiting websites associated with Inferno Drainer, one of the “Scam As a Service” providers responsible for stealing $13 million in recent months. The malicious NFTs were then distributed to an astonishing 530,000 wallets, causing 329 victims to suffer a cumulative loss of $1.25 million.
As per the firm, the scammers executed their scheme by transferring malicious NFTs, such as ApeCoin Airdrop NFTs, to their targets using batch transfer. Recipients would open their portfolio trackers or wallets only to discover seemingly harmless NFTs. However, upon clicking on these NFTs, they were redirected to malicious websites. Tragically, victims unknowingly signed malicious signatures during the airdrop claiming process, resulting in the theft of their assets.
By scrutinizing the addresses linked to the airdropped NFTs received by victims, Scam Sniffer further uncovered numerous NFTs exhibiting similar patterns, impersonating airdrops from projects like RocketPool, ApeCoin, Arbitrum, Uniswap, Ethereum, Aave, ChainLink, and more.
At the time of reporting, data from Dune analytics showed that in total, the scammers have so far created 1,531 malicious NFTs, targeting a massive 606,414 wallets and stealing 1.29 million, with all the malicious links leading victims to websites associated with Inferno Drainer.
Surprisingly, the scammers have executed the airdrop scam with relatively low gas costs. Analysis of the on-chain data revealed that the total gas expenditure for airdropping to the targeted addresses amounted to only $17,827.
That said, as the crypto landscape continues to evolve, phishing scams targeting NFT enthusiasts have been on the rise, highlighting the immediate necessity for heightened vigilance and enhanced security measures within the cryptocurrency community.
Notably, social engineering has emerged as a major factor in these attacks, with scammers employing tactics to manipulate users and extract their personal information, passwords, or seed phrases. Another method attackers utilise is the lure of visiting a website that prompts users to connect their wallets. Unfortunately, if users unknowingly approve the transaction, their funds disappear without any trace, just like the case at hand.