Attackers have stolen over $377,000 in ether and many NFTs whose value is difficult to estimate, a blockchain security firm said.
Halborn observed a phishing attack targeting NFT (non-fungible token) owners. Attackers exploited a recent collaboration of luggage manufacturer RIMOWA and Nike-owned digital collectibles creator RTFKT to trick users into connecting their wallets.
“RIMOWA takes its expert techniques to the metaverse with RTFKT in a new collection that features 888 NFTs to be forged into 888 limited-edition physical suitcases — a nod to the number symbolizing luck in the crypto community. The release also includes 2222 RTFKT x RIMOWA WorkerBots for Web3 enthusiasts,” companies announced in October.
Halborn indicated that over 50 domains are involved in the attack against NFT owners. After tricking users into connecting their wallets, threat actors can create DeFi (decentralized finance) approvals and drain the connected wallets.
According to the security firm, attackers have already drained over $377,000 in ether and many NFTs whose value is difficult to estimate.
Users are lured in with promises to access a token mint for the limited collection before the official public mint. Upon clicking the link, victims are redirected to the phishing link and prompted to connect their digital wallet.
Connecting a wallet triggers a few actions. First, the attacker is notified of the activity – the specific phishing site used and the connected wallet address – using a Discord webhook.
Victims are prompted to click a “Mint Now” button, which checks the balance and uses OpenSea to determine which NFTs it owns.
“If the user clicks the Mint Now button, a transaction is generated that creates a DeFi approval for the user’s account for all NFTs they own. This will allow the phishing address to transfer all of these NFTs as well as any value held within the user’s account,” Halborn said.
More from Cybernews:
Subscribe to our newsletter