Josh Chavez took to Twitter to share a sad story about a dangerous scam he was targeted by. Fraudsters used an old technique with an infected file in documents attached to an email message.
NFT artist gets scammed by malefactors from Instagram
On Jan. 19, 2022, Josh M. Chavez, an American digital artist, announced that scammers stole all tokens and NFTs from his on-chain crypto wallet MetaMask.
Today my MetaMask was drained and NFTs sold, all within a few minutes.— ⊕ Josh Chavez (@tropicalratchet) January 19, 2023
Never thought it would happen to me as I live on the internet and can spot scams a mile away, but today I forgot to double check one small detail: 🧵 pic.twitter.com/HwkIW14mTT
The artist unveiled that he had been contacted by a potential client via direct messages on Instagram. Despite the account of the "customer" being mass-followed by bots, Chavez decided to ignore this fact.
The stranger ordered cover art for their soon-to-be-released song. Chavez asked them to send details of the request, including information about the release, budget, concept, references and so on. All these details were sent to Chavez by email.
The scammer, using the name "Oscar Davies," sent the documents; one of them was labelled as a .pdf but actually had the .exe filename extension. EXE-files are designed to execute computer programs when opened.
Once the file was opened, it was immediately bound to Chrome, the browser MetaMask wallets are integrated in. In the blink of an eye, it drained tokens from MetaMask and sold all NFTs on auctions for a tiny fraction of their real prices.
Tricky scams in NFT segment are on fire
Chavez highlights that the whole procedure of social engineering was created masterfully: despite his expertise, he failed to notice red flags:
I live on the internet and can spot scams a mile away, but today I forgot to double check one small detail (...) I was not only in a rush, this was a routine thing - something I've complacently done many times on end with clients
As covered by U.Today previously, prominent actors of the NFT market were targeted by sophisticated scam campaigns in Q4, 2022, - Q1, 2023. In November, attackers hacked the social media of Greg Solano, the founder of BAYC, and started spreading phishing links.
Amid the euphoria around the FIFA World Cup in Qatar, scammers managed to pass Twitter security checks and promoted a fake Binance x Cristiano Ronaldo NFT airdrop.