Bored Ape Yacht Club (BAYC) NFT holders have lost multiple NFTs, including “Bubble Gum Ape”, after being tricked into exchanging valuable pieces for worthless PNGs in a fake swap transaction.
Pseudonym 0xQuit posted detail How the victim “s27” lost BAYC # 1584 and two Mutant Ape derivatives (# 13168 and # 13169) to a scammer.
BAYC # 1584 is one of 119 bubble gum apes, with a rarity score of 111.99 out of 10,000, according to Rarity Tools. That means it’s relatively rare.
Victims have launched swap transactions directly with scammers through a third-party service called swappiwi. Unlike regular marketplaces like OpenSea, platforms like swapkiwi allow direct NFT swaps between collectors, reducing transaction (“gas”) charges.
Unknown to s27, other participants in this transaction have set up knock-off NFTs in exchange for s27 legitimate boring apes and mutated apes. The scammers made fake replicas of real boring monkey images and uploaded the same to OpenSea.
According to 0xQuit, the attacker used the way swapkiwi displayed a validated NFT. The checkmark appears in the image, so the scammer can disguise this validation by simply taking an image of the boring monkey and editing the checkmark.
0xQuit said the checkmark should appear outside the image itself to prevent counterfeit attacks. He added that if the collection is linked to an NFT contract address, it’s easier to check if the NFT is genuine.
After the exchange, the s27 received a worthless photo, but the scammers gave up at least $ 570,000 worth of NFTs.
The rogue actor then sold a bubble gum ape for 98 ETH ($ 337,000). This is significantly lower than the current BAYC minimum rate of 111 ETH ($ 382,000). Both Mutant Ape derivatives stolen in fake swaps were also sold at a price lower than the lowest price in the collection.
In response to the incident, swapkiwi statement He said he is working on improving the platform to prevent future outbreaks.
This case presents another case where a high-value NFT owner was the victim of a social engineering hack. The poor quality of the UI / UX of the NFT platform is partially responsible, but this situation reminds web3 participants that they need to be security conscious.
BAYC holders, along with other good NFT collectors, may remain the target of rogue attackers given the value of their property.
© 2022 The Block Crypto, Inc. All rights reserved. This article is provided for informational purposes only. It is not intended to be provided or used as legal, tax, investment, financial, or other advice.
