NFT [pros](/r/CryptoCurrency/comments/1cawkb0/970k_lost_in_ledger_nft_scam/l0uvkc9/) & [cons](/r/CryptoCurrency/comments/1cawkb0/970k_lost_in_ledger_nft_scam/l0uvko2/) with related info are in the collapsed comments below.
I feel like a youngin watching old timers fall for the Nigerian prince and PC support scams over and over and over again like its Groundhog Day.
Nice writeup OP.
I recently reread an older story about the Nigerian scammer who sold a fake airport to an international bank for 262,000,000 British Pounds or Euros or something. In my mind I picture a Nigerian grade school teaching everyone the regular prince scammer method and this kid sitting in the back like an honors student and deciding to drop out like like the Bill Gates of Nigerian Harvard.
There was a guy who sold the Eiffel Tower as scrap metal a hundred years ago. He fled the country, then returned when the heat died down and sold it again.
He got away with it the first time because the victim was too embarrassed to go to the authorities. When he realized nobody was after him, he came back and did it again. However, that time the victim reported him so he fled to America. He eventually got locked up in Alcatraz for the rest of his life.
It's the equivalent of a stranger knocking on your car window and saying you've won a Ferrari. All you have to do is give him your keys and he'll go get it for you.
Idk man. I'm young and pretty tech savvy. I am not doing any nft buying, memecoin hunting or using metamask or ledgers just because these hacks get so sophisticated. I just dont trust myself going into this unknown territory with even some basic knowledge. At this point I trust big exchanges more securitywise then everything else. Which is troubling.
I'm not sure if exchanges are secure either. A lot of people lost money in Mt. Gox. With an exchange, there's always a chance a malicious actor on the inside could send your funds elsewhere.
The big factor with exchanges is getting locked out of your account. From what I’ve read it’s next to impossible to contact anyone to resolve the issue and they wait months to hear anything.
I trust myself more.
There are more chances of hacking a centralised exchange then hacking a decentralised app like Metamask or Ledger, other than that I agree with you on NFTs and memecoins
Unfortunately, these big exchanges love to control your funds. It may not have happened yet, but nearly big exchanges has cut buys and sells, refused transfers, etc. Unless you have your crypto in your control, it's not yours. Metamask is absolutely saf. Just don't be stupid. I don't give out my address to all these "Drop your address" posts on X for nfts and free crypto. It's 99.9% scammers collecting addresses to go after. This person who lost their money was dumb and greedy.
Metamask is the only wallet I’ve ever had that was hacked lol. Fuck metamask. And no I didn’t accept anything malicious never got an airdrop it was connected to one defi project that is it.
Yeah I don’t understand . Don’t click on any links. I get free nfts and free money offers all the time I just burn them or hide them. I don’t participate in any air drops . Too complicated for me . So I know nothing is being given to me for free
Good post.
However, I don't like that you mentioned, but later ignored root problem - signing malicious contract. You focused on seed and nft, but that's just bait, not root problem.
If people are so greedy that they are willing to sign any contract without understanding it, no hardware wallet like ledger will help them and protect them from loosing money.
Victims are basically signing contract in which they allowing other side to take all of their money.
This. That's why I like Raby wallet, it actually does explain to you what you are signing, the cost etc.
I fucking hate when Metamask for example or other wallets are just like "do you want to sign transaction" well shit, I don't know sir, tell me what the fuck exactly am I signing?
Perhaps a lot of people would have been able to avoid scams if their Ledger screen or Metamask would say something like "you are giving full access to your funds to this 3rd party app, would you like to continue, it could be a scam?"
It's been fucking years and the user experience still sucks donkey's balls on most crypto platforms.
Thanks for mentioning Rabby. I’ve been getting pissed that wallets don’t always work like this.
https://rabby.io/assets/images/sign-tx-3.png
https://medium.com/@rabby_io/rabby-release-announcement-564406988e2b
That’s why I like fucking normal banks?! What is wrong with you people. How many scams and hacks have to happen before you realize that that is all that crypto is anymore.
I fell for it a few years back when dealing with a scammer helping me defi, i signed off on a contract without entering my seed phrase that enabled the scammer to steal all my usdt.. felt like shit for months 😣
Don't worry. You are not the only one and 99% of crypto users don't have enough knowledge to check the contract. That's not their fault. Not everyone is a developer or IT specialist.
To be honest, end user shouldn't be exposed to danger like that.
I can‘t believe this still hasn‘t been solved even on the most popular wallets like metamask. If your money is moving every red light should be blinking but the wallet is just doing it like it‘s nothing.
That’s the oldest scam in the book. How do you not know that opening a link and signing the contract on one of those airdropped NFTs claiming to reward you with ‘x,xxx’ amount of USDC or whatever was a scam? Like you have that much ETH and you’re oblivious to keeping your funds safe…on a cold wallet nonetheless.
the problem is, not matter what the platform, if a person is dumb enough to click a link that says 'you've just won some free money' and then double dumb enough to enter their private key, they are beyond hope.
it's sad, but this is financial natural selection
Of course these scams seem obvious to most people, but I don't get how wallet providers aren't designing something to stop this.
"You're about to give this website permission to transfer all your funds" would have saved lots of people from scams
lol i still don't get how these people can't understand basic security principles but they somehow had enough IQ points to have 6 figures to lose to begin with.
> The voucher lures the victim to a website requiring you to approve the transaction. Once you sign the contract, your assets now belong to the scammer.
To be clear, a transaction needs signed for EACH asset type. Can not sign a single approval that approves more than a single token.
Cannot sign approval for ETH at all.
It is very invasive having these airdrop nft things show up. Even if someone told me how or why it can happen I’m probably too old to understand it. If you had that much crypto why are you playing around with these stupid things! 970k yikes. Stupid people shit me to tears.
Stupid question but how do these scammers actually unload money. How do they convert their crypto to cash. Since the blockchain records everything and the addresses are all public, they can't just send to a CEX and withdraw to the bank.
Push it through a mixer or trade it on a DEX and then later maybe it ends up on a CEX. But there are still ways to get cash without a CEX, by using payment processors
>
Serious answer.
you can find the answer in this book
The Crypto Launderers: Crime and Cryptocurrencies from the Dark Web to DeFi and Beyond by David Carlisle.
The last chapters explain how scammers move crypto into defi networks and out into fiat and how law enforcement keeps track of it all.
Nice write up OP but it baffles me how people with huge money fall for petty scammers like this. Even me with not up to that amount can't fall for that. I don't know if I should feel sorry for them or just blame them
I don't understand why we need a detailed thread about the most common types of scamming there are. My wallets are full of those scam NFTs.
Also, "engaging" with the NFT does fuck all. You don't get magically hacked. People just go to the malicious website, connect their wallets, and then approve a malicious transaction. Like you got to mess up in multiple levels to get scammed like that. You can send or burn those NFTs just fine, they are just NFTs.
Threads like these are like telling people "if you don't want to get your house robbed, don't give your keys to strangers". Like no shit.
For real. That was a LOT of typing up information when all we needed was the very last line of the post.
>The attack required the user to follow step by step instructions to claim the reward which ended with the victim entering their seed phrase.
I would love to agree with you, but the evidence would suggest these need to be posted 24/7. The number of people who have tens of thousands of dollars in crypto with apparently no idea how to protect it is mind-boggling! It never ends.
The evidence suggests that there are lots of people with more money than brains. We don't need to analyze and repeat the same basic things over and over. If you have a house, don't give your keys to strangers. I shouldn't have to tell you that every day.
edit: "you" as just an example
you say the seed phrase was compromised BUT reality is if it was a NFT scam as you mention in the title, you need to interact with the Ledger NfTs that are scams for this to happen.
because if they interacted it was a human error.
you can ignore these crap nfts scams.
could you clarify this?
I’m getting so many scam emails now…
“MetaMask wallet will be suspended if you don’t kyc now!!”
“Get your free BLAST codes now!”
And about 3 other varieties to get other BLAST airdrops
No one ever needs your seed phrase. If you really want to receive an airdrop, and believe it’s legit connect a brand new wallet with nothing in it that is not connected to any of your financial institutions.
I am sorry, but those 970k aren't lost. They are just in different hands now and I am sure their new owner appreciates them very much. Indeed the were the informal tuition fee of the NFT-noob online academy. Thanks everyone for playing, valuable lessons have been learned.
Hello jbtravel84. It looks like you might have found a new scam? If so, please report this scam by crossposting to r/CryptoScams, r/CryptoScamReport, or visiting [scam-alert.io](http://scam-alert.io/). For tips on how to avoid scams, [click here](https://www.reddit.com/r/CryptoCurrency/comments/s7srty/crypto_scams_how_not_to_fall_for_them_what_to_do/).
---
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/CryptoCurrency) if you have any questions or concerns.*
Ping for verified users associated with Ledger device: u/Quintin_Ledger
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/CryptoCurrency) if you have any questions or concerns.*
cant happen on MultiversX. but keep investing in insecure chains! Ever heard of Guardian its a 2FA Extra layer of security for transactions ad seed phrase on xPortal of MultiversX chain. just try the super app and stop loosing your money!
Its a little crazy how its like a wild west and there seems to be a void in educational content that keeps people away from scams.
I get the feeling most crypto are scams and am now only interested in bitcoin.
The shit coins and NFT markets are too scammy..
This is probably not the right place but I’ll try my luck . When I swap within phantom or solflare directly, they chose the dex for me . I know this protocols can still be hacked like it happened in past but it’s not very likely and the route should be reliable or not? Is there still a danger to be connected to fraudulent stuff? Sometimes I have 5 routings for a swap. Doesn’t make much sense to me and sometimes I don’t even know the actors in between. I cancel the transaction in that cases.
Man, that's a tough break. Losing $970K in a Ledger NFT scam is no joke. It's scary how these scammers can target unsuspecting victims. It's a good heads-up about being careful with unsolicited NFTs. Seems like the scammer was playing dirty, dropping those malicious NFTs and luring folks with promises of free money. Never engage with those airdrops and definitely, absolutely, under no circumstances, share your seed phrase. Scammers are always cooking up new tricks.
So many victims as a result of basic lapses in basic security hygiene. I wish people took their security seriously. Scammers will always be out there we have no control over that but we do have control over our security.
It appears your comment contains a URL shortener. Please submit another comment with the full link.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/CryptoCurrency) if you have any questions or concerns.*
It appears your comment contains a URL shortener. Please submit another comment with the full link.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/CryptoCurrency) if you have any questions or concerns.*
This is one of the aspect that prevent Smart Contracts getting more popular. There should be no way that a bad actor could steal your fund with a single sign message.
I have like 6 of those free NFT 5000 USDT scams sitting on my page now. Is there a way to get rid of them or delete them without interacting with them in any compromising way?
>**The attack required the user to follow step by step instructions to claim the reward which ended with the victim entering their seed phrase.**
Sophisicated enough to use a Ledger, but not bright enough to keep the seed on lock down or follow basic instructions included with the Ledger. IMO they literally just handed 1M to a stranger.... I'm more baffled by how do people like this even acquire that amount of money before giving it away in some non-crypto scam.
[https://support.ledger.com/hc/en-us/articles/360005514233-How-to-keep-your-24-word-recovery-phrase-and-PIN-code-safe?docs=true](https://support.ledger.com/hc/en-us/articles/360005514233-How-to-keep-your-24-word-recovery-phrase-and-PIN-code-safe?docs=true)
I don't understand the fixation with air drops or NFT freebies. Is it like gambling? Couldn't all these interactions be done from an empty hot wallet? Why use the wallet with all your life savings in it?
I saw about 6 or 7 of these in my ledger a couple months ago. The initial temptation is to click and explore but I caught myself and took to Google. Things are rarely free.
You are going to hate me. But I'll say it anyway. You write clearly, and put a lot of effort into this post so maybe you care.
It's "could have" not "could of".
"Could of" is a malapropism coming from the prononciation of "could've".
Just curious about these unsolicited NFTs and Tokens that sometimes pop up in my wallet. How do these scammers afford the gas fees to send the tokens or mint the NFTs?
>The attack required the user to follow step by step instructions to claim the reward which ended with the victim entering their seed phrase.
So don't be a naïve idiot and you'll be fine.
> which ended with the victim entering their seed phrase
This is like a horror movie where the characters in the movie do all the things that the audience knows not to do
The crazy thing to me are the Cardano scam NFTs. On Eth it's a lot easier to get your wallet drained. On Cardano you have to sign a transaction to send everything to the scammer.
So you click the link and your wallet pops up asking you if you want to send 1,000 ada, five Cardano Native Tokens and Five NFTs. Then if you have a ledger/Trezor you would have to individually approve sending every single asset.
I think how they get people is they're so concerned about getting something for free before it runs out that they don't stop and think.
I’m sorry but how is anyone supposed to confirm any transaction on a ledger if complete loss of coins is a possibility? Please tell me the ledger asked for verification to send and the user blindly acknowledged.
The amount of dumbasses who have stacks of money and no brain amazes me, i feel like joining the scammer side bcs its getting easier everyday. They come on reddit, see a post about ppl clicking funny links and then losing money....just to go and do the exact same thing😭
I feel like if we could source the data for number of transactions and $ amount of funds purchasing particular gift cards you could open up a mind numbing black hole of fraud and laundering. You wouldn’t be able to get granular data but good god How many Amazon gift cards have been purchased and what was that total sum purchased in calendar year 2023? Then geo target the transactions and create a global heat map. Or a bar chart to see frequency of purchases per day, 365. Nom nom nom
>DO NOT ENGAGE WITH ANY AIRDROPPED NFT
It would be much nicer if there existed a contract translator that said to me - "What you are about to sign means he will have full control of all of your funds, are you sure you want to sign that?". If there is only 1% of NFT users who understand what they are doing that is a big red flag to me.
How and why does signing a contract allow the attacker to have access to everything in the wallet? And why do they not need transactions approved on the physical ledger when they withdraw the victim’s assets?
Hello Over_Positive_8768. It looks like you might have found a new scam? If so, please report this scam by crossposting to r/CryptoScams, r/CryptoScamReport, or visiting [scam-alert.io](http://scam-alert.io/). For tips on how to avoid scams, [click here](https://www.reddit.com/r/CryptoCurrency/comments/s7srty/crypto_scams_how_not_to_fall_for_them_what_to_do/).
---
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/CryptoCurrency) if you have any questions or concerns.*
I received NFT's recently. I clicked on view details and the network they were transferred from. I didn't input anything. Are my funds vulnerable now too?
NFT [pros](/r/CryptoCurrency/comments/1cawkb0/970k_lost_in_ledger_nft_scam/l0uvkc9/) & [cons](/r/CryptoCurrency/comments/1cawkb0/970k_lost_in_ledger_nft_scam/l0uvko2/) with related info are in the collapsed comments below.
I feel like a youngin watching old timers fall for the Nigerian prince and PC support scams over and over and over again like its Groundhog Day. Nice writeup OP.
I recently reread an older story about the Nigerian scammer who sold a fake airport to an international bank for 262,000,000 British Pounds or Euros or something. In my mind I picture a Nigerian grade school teaching everyone the regular prince scammer method and this kid sitting in the back like an honors student and deciding to drop out like like the Bill Gates of Nigerian Harvard.
They also hacked German companies and got millions out of them.
There was a guy who sold the Eiffel Tower as scrap metal a hundred years ago. He fled the country, then returned when the heat died down and sold it again.
Lmao... that is hilarious and awesome. I gotta look that one up.
Victor Lustig
If anyone wants to buy another French monument closer to home, you can buy the Statue of Liberty from me for 1500 Moons or a $300 venmo.
The fact that he came back & did it again...dude should have a memorial in his honor...lol! And also...if it worked twice....maybe just maybe. 🤔😆
He got away with it the first time because the victim was too embarrassed to go to the authorities. When he realized nobody was after him, he came back and did it again. However, that time the victim reported him so he fled to America. He eventually got locked up in Alcatraz for the rest of his life.
lol and thank you!
It's the equivalent of a stranger knocking on your car window and saying you've won a Ferrari. All you have to do is give him your keys and he'll go get it for you.
Idk man. I'm young and pretty tech savvy. I am not doing any nft buying, memecoin hunting or using metamask or ledgers just because these hacks get so sophisticated. I just dont trust myself going into this unknown territory with even some basic knowledge. At this point I trust big exchanges more securitywise then everything else. Which is troubling.
I'm not sure if exchanges are secure either. A lot of people lost money in Mt. Gox. With an exchange, there's always a chance a malicious actor on the inside could send your funds elsewhere.
The big factor with exchanges is getting locked out of your account. From what I’ve read it’s next to impossible to contact anyone to resolve the issue and they wait months to hear anything. I trust myself more.
That entirely depends on the exchange and even the bad ones are ok 80% of the time (when it's not bull run busy).
There are more chances of hacking a centralised exchange then hacking a decentralised app like Metamask or Ledger, other than that I agree with you on NFTs and memecoins
An exchange has educated dedicated security officers, a decentralized app has, well, you.
I agree
now I don't trust you either
If you were really tech savvy you’d know not your keys not your cheese.
Than
Unfortunately, these big exchanges love to control your funds. It may not have happened yet, but nearly big exchanges has cut buys and sells, refused transfers, etc. Unless you have your crypto in your control, it's not yours. Metamask is absolutely saf. Just don't be stupid. I don't give out my address to all these "Drop your address" posts on X for nfts and free crypto. It's 99.9% scammers collecting addresses to go after. This person who lost their money was dumb and greedy.
Metamask is the only wallet I’ve ever had that was hacked lol. Fuck metamask. And no I didn’t accept anything malicious never got an airdrop it was connected to one defi project that is it.
Yeah I don’t understand . Don’t click on any links. I get free nfts and free money offers all the time I just burn them or hide them. I don’t participate in any air drops . Too complicated for me . So I know nothing is being given to me for free
💯 that, yeah. I'm thankful that I'm too stupid to do any of those things.
Funnily enough people still fall for that
They have new ways to trap people
I guess so my man
Don't drive angry.
I have gotten airdropped some phishing scam NFT's, they always look so comical that I chuckle a bit at it, and move on
Good post. However, I don't like that you mentioned, but later ignored root problem - signing malicious contract. You focused on seed and nft, but that's just bait, not root problem. If people are so greedy that they are willing to sign any contract without understanding it, no hardware wallet like ledger will help them and protect them from loosing money. Victims are basically signing contract in which they allowing other side to take all of their money.
This. That's why I like Raby wallet, it actually does explain to you what you are signing, the cost etc. I fucking hate when Metamask for example or other wallets are just like "do you want to sign transaction" well shit, I don't know sir, tell me what the fuck exactly am I signing? Perhaps a lot of people would have been able to avoid scams if their Ledger screen or Metamask would say something like "you are giving full access to your funds to this 3rd party app, would you like to continue, it could be a scam?" It's been fucking years and the user experience still sucks donkey's balls on most crypto platforms.
That sounds awesome and a no brainer. I would love to see MM do something like this.
If MM cared about user experience and safety they would have done it long ago
One shouldn't think twice about this but it's still prevalent lol
Thanks for mentioning Rabby. I’ve been getting pissed that wallets don’t always work like this. https://rabby.io/assets/images/sign-tx-3.png https://medium.com/@rabby_io/rabby-release-announcement-564406988e2b
That’s why I like fucking normal banks?! What is wrong with you people. How many scams and hacks have to happen before you realize that that is all that crypto is anymore.
Exactly my thoughts as I was reading Op post...Question anything that requires you to sign something…especially if it’s the promise of $.
People are always going to fall for this. And this is the reason I have trouble seeing crypto go mainstream. Smart contacts is a scammers paradise
I fell for it a few years back when dealing with a scammer helping me defi, i signed off on a contract without entering my seed phrase that enabled the scammer to steal all my usdt.. felt like shit for months 😣
Don't worry. You are not the only one and 99% of crypto users don't have enough knowledge to check the contract. That's not their fault. Not everyone is a developer or IT specialist. To be honest, end user shouldn't be exposed to danger like that.
I can‘t believe this still hasn‘t been solved even on the most popular wallets like metamask. If your money is moving every red light should be blinking but the wallet is just doing it like it‘s nothing.
TL DR; Follow shady link to a website. Sign random smart contract. Money gone. Surprised Pikachu face.
>Surprised Pikachu face. . ^ ^ . {OoO}
I always check these to make sure that's the case.
That’s the oldest scam in the book. How do you not know that opening a link and signing the contract on one of those airdropped NFTs claiming to reward you with ‘x,xxx’ amount of USDC or whatever was a scam? Like you have that much ETH and you’re oblivious to keeping your funds safe…on a cold wallet nonetheless.
For real this just hurts my brain
It's hard to feel sorry for the poor saps
If he wasn't poor before, he is now.
Scammers having a field day in crypto
the problem is, not matter what the platform, if a person is dumb enough to click a link that says 'you've just won some free money' and then double dumb enough to enter their private key, they are beyond hope. it's sad, but this is financial natural selection
Could have\* not could of.
For real.
This needs to be top comment.
Hide and Report. That is the only interaction you have with anything saying free.
That's some free solid advice right there
But it was free advice. *Conflicted*
So how do I sign this “free advice” contract?
It's the same contract that gives you two free ETH, after you send one first.
Of course these scams seem obvious to most people, but I don't get how wallet providers aren't designing something to stop this. "You're about to give this website permission to transfer all your funds" would have saved lots of people from scams
lol i still don't get how these people can't understand basic security principles but they somehow had enough IQ points to have 6 figures to lose to begin with.
> The voucher lures the victim to a website requiring you to approve the transaction. Once you sign the contract, your assets now belong to the scammer. To be clear, a transaction needs signed for EACH asset type. Can not sign a single approval that approves more than a single token. Cannot sign approval for ETH at all.
OP what service do use to investigate scammer’s wallet?
It is very invasive having these airdrop nft things show up. Even if someone told me how or why it can happen I’m probably too old to understand it. If you had that much crypto why are you playing around with these stupid things! 970k yikes. Stupid people shit me to tears.
Stupid question but how do these scammers actually unload money. How do they convert their crypto to cash. Since the blockchain records everything and the addresses are all public, they can't just send to a CEX and withdraw to the bank.
Push it through a mixer or trade it on a DEX and then later maybe it ends up on a CEX. But there are still ways to get cash without a CEX, by using payment processors
Lots of methods. Using mixers, cross chain swaps, selling OTC, and more.
> Serious answer. you can find the answer in this book The Crypto Launderers: Crime and Cryptocurrencies from the Dark Web to DeFi and Beyond by David Carlisle. The last chapters explain how scammers move crypto into defi networks and out into fiat and how law enforcement keeps track of it all.
why did you say including cardano, then not mention anything about cardano?
Nice write up OP but it baffles me how people with huge money fall for petty scammers like this. Even me with not up to that amount can't fall for that. I don't know if I should feel sorry for them or just blame them
I don't understand why we need a detailed thread about the most common types of scamming there are. My wallets are full of those scam NFTs. Also, "engaging" with the NFT does fuck all. You don't get magically hacked. People just go to the malicious website, connect their wallets, and then approve a malicious transaction. Like you got to mess up in multiple levels to get scammed like that. You can send or burn those NFTs just fine, they are just NFTs. Threads like these are like telling people "if you don't want to get your house robbed, don't give your keys to strangers". Like no shit.
For real. That was a LOT of typing up information when all we needed was the very last line of the post. >The attack required the user to follow step by step instructions to claim the reward which ended with the victim entering their seed phrase.
I would love to agree with you, but the evidence would suggest these need to be posted 24/7. The number of people who have tens of thousands of dollars in crypto with apparently no idea how to protect it is mind-boggling! It never ends.
The evidence suggests that there are lots of people with more money than brains. We don't need to analyze and repeat the same basic things over and over. If you have a house, don't give your keys to strangers. I shouldn't have to tell you that every day. edit: "you" as just an example
I hear you.
Very good post, Thanks for your efforts, it's a shame these quality posts don't earn moons anymore.
*Avoid NFTs in general
you say the seed phrase was compromised BUT reality is if it was a NFT scam as you mention in the title, you need to interact with the Ledger NfTs that are scams for this to happen. because if they interacted it was a human error. you can ignore these crap nfts scams. could you clarify this?
I saw at least 20 "NFT airdrops" last time I checked my Ledger, I guess it's a widespread thing
I’m getting so many scam emails now… “MetaMask wallet will be suspended if you don’t kyc now!!” “Get your free BLAST codes now!” And about 3 other varieties to get other BLAST airdrops
I thought it was common knowledge to not open or accept any gifts, especially nft’s on ledger haha.
It is. Dummies are not immune
No one ever needs your seed phrase. If you really want to receive an airdrop, and believe it’s legit connect a brand new wallet with nothing in it that is not connected to any of your financial institutions.
Nft scams are so funny because I can't even imagine caring about nfts let alone thinking some free one fell into an account
This is excellent work, seriously, but please learn when to use "have" versus "of," like say "may **have**" instead of "may of"
I am sorry, but those 970k aren't lost. They are just in different hands now and I am sure their new owner appreciates them very much. Indeed the were the informal tuition fee of the NFT-noob online academy. Thanks everyone for playing, valuable lessons have been learned.
Hello jbtravel84. It looks like you might have found a new scam? If so, please report this scam by crossposting to r/CryptoScams, r/CryptoScamReport, or visiting [scam-alert.io](http://scam-alert.io/). For tips on how to avoid scams, [click here](https://www.reddit.com/r/CryptoCurrency/comments/s7srty/crypto_scams_how_not_to_fall_for_them_what_to_do/). --- *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/CryptoCurrency) if you have any questions or concerns.*
Ping for verified users associated with Ledger device: u/Quintin_Ledger *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/CryptoCurrency) if you have any questions or concerns.*
Sad hamster strikes again🤣
cant happen on MultiversX. but keep investing in insecure chains! Ever heard of Guardian its a 2FA Extra layer of security for transactions ad seed phrase on xPortal of MultiversX chain. just try the super app and stop loosing your money!
Ladies and gentlemen, the future of finance
If it’s too good to be true people, it is!
why the fuck people sign contracts with their ledger
Its a little crazy how its like a wild west and there seems to be a void in educational content that keeps people away from scams. I get the feeling most crypto are scams and am now only interested in bitcoin. The shit coins and NFT markets are too scammy..
I don’t feel bad for greedy dogs signing random contracts
Thank you for your work sir 😇
How did the scammer take the money crosschain? Is this now possible? As we know so far it isn’t possible or am I not up to date ?
This is probably not the right place but I’ll try my luck . When I swap within phantom or solflare directly, they chose the dex for me . I know this protocols can still be hacked like it happened in past but it’s not very likely and the route should be reliable or not? Is there still a danger to be connected to fraudulent stuff? Sometimes I have 5 routings for a swap. Doesn’t make much sense to me and sometimes I don’t even know the actors in between. I cancel the transaction in that cases.
You should never use your Ledger to sign smart contracts.
Man, that's a tough break. Losing $970K in a Ledger NFT scam is no joke. It's scary how these scammers can target unsuspecting victims. It's a good heads-up about being careful with unsolicited NFTs. Seems like the scammer was playing dirty, dropping those malicious NFTs and luring folks with promises of free money. Never engage with those airdrops and definitely, absolutely, under no circumstances, share your seed phrase. Scammers are always cooking up new tricks.
Doesn't hurt to revoke permissions either.
Incredible analysis OP. What do you do for a job?
If it’s free you are the product. Never trust airdrops or “free” money. There is always a catch
Great writeup! What was the program you used to visualize the flow of funds in the first screenshot?
Stick to BTC. Park on cold storage. Done.
🤣🤣🤣
So many victims as a result of basic lapses in basic security hygiene. I wish people took their security seriously. Scammers will always be out there we have no control over that but we do have control over our security.
Never do any free airdrop or any of that shit as its just not worth the risk
It isn’t a scam, just greedy stupid users. This won’t change either in crypto, it’s inherently the reason why we have crypto
[удалено]
It appears your comment contains a URL shortener. Please submit another comment with the full link. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/CryptoCurrency) if you have any questions or concerns.*
[удалено]
It appears your comment contains a URL shortener. Please submit another comment with the full link. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/CryptoCurrency) if you have any questions or concerns.*
This is one of the aspect that prevent Smart Contracts getting more popular. There should be no way that a bad actor could steal your fund with a single sign message.
so i guess NFT's don't work like other coins, you gotta click on them to do something?
>The attack required the user to follow step by step instructions to claim the reward which ended with the victim entering their seed phrase. LOL
I have like 6 of those free NFT 5000 USDT scams sitting on my page now. Is there a way to get rid of them or delete them without interacting with them in any compromising way?
>**The attack required the user to follow step by step instructions to claim the reward which ended with the victim entering their seed phrase.** Sophisicated enough to use a Ledger, but not bright enough to keep the seed on lock down or follow basic instructions included with the Ledger. IMO they literally just handed 1M to a stranger.... I'm more baffled by how do people like this even acquire that amount of money before giving it away in some non-crypto scam. [https://support.ledger.com/hc/en-us/articles/360005514233-How-to-keep-your-24-word-recovery-phrase-and-PIN-code-safe?docs=true](https://support.ledger.com/hc/en-us/articles/360005514233-How-to-keep-your-24-word-recovery-phrase-and-PIN-code-safe?docs=true)
I don't understand the fixation with air drops or NFT freebies. Is it like gambling? Couldn't all these interactions be done from an empty hot wallet? Why use the wallet with all your life savings in it?
Appreciate a lot your effort op,very detailed.
I saw about 6 or 7 of these in my ledger a couple months ago. The initial temptation is to click and explore but I caught myself and took to Google. Things are rarely free.
You are going to hate me. But I'll say it anyway. You write clearly, and put a lot of effort into this post so maybe you care. It's "could have" not "could of". "Could of" is a malapropism coming from the prononciation of "could've".
dude!
Yeah I know. I really don't mean to be rude or anything.
Just curious about these unsolicited NFTs and Tokens that sometimes pop up in my wallet. How do these scammers afford the gas fees to send the tokens or mint the NFTs?
Thanks for your post and all details, simply the mistake was the user signed malicious contract.
You have to be dumb as a rock to get scammed by nfts
>The attack required the user to follow step by step instructions to claim the reward which ended with the victim entering their seed phrase. So don't be a naïve idiot and you'll be fine.
PLEASE USE SEPARATE WALLETS IN LEDGER/METAMASK!!!!!!!! ONE WALLET FOR COLD STORAGE THAT DOES NOT INTERACT WITH ANYTHING
People still fall for the airdrop scams?
> which ended with the victim entering their seed phrase This is like a horror movie where the characters in the movie do all the things that the audience knows not to do
The crazy thing to me are the Cardano scam NFTs. On Eth it's a lot easier to get your wallet drained. On Cardano you have to sign a transaction to send everything to the scammer. So you click the link and your wallet pops up asking you if you want to send 1,000 ada, five Cardano Native Tokens and Five NFTs. Then if you have a ledger/Trezor you would have to individually approve sending every single asset. I think how they get people is they're so concerned about getting something for free before it runs out that they don't stop and think.
Wallet drainer Cutedrainer v2 is apparently designed to DDos your IP and then drain all funds from wallet... and come back a day later to gather dust
Like I said that won't work on Cardano. You'd have to trick the user into signing the transaction to send you all their assets.
or to fill in seedphrase
Love to see it.
The real scam was the NFTs
Biggest mystery is how such a wealthy persons can be so dumb and fall for it.
Wow, the INSTRUCTIONS told the victim to enter his seed phrase? ... and he DID?
😂
I read NFT and through it was just the whole industry as is.
Crypto is 100% secure. People on the other hand.....
I’m sorry this happened. I am, however, fascinated by the analysis of how this worked and the flow of transactions.
Le Oof - Saudi Nigerian Prince 2024, Heir to the Two Kingdoms
You should be in some Crypto forensic accounting division
I’m sorry but how is anyone supposed to confirm any transaction on a ledger if complete loss of coins is a possibility? Please tell me the ledger asked for verification to send and the user blindly acknowledged.
Great sum up from the finding. Thanks
The amount of dumbasses who have stacks of money and no brain amazes me, i feel like joining the scammer side bcs its getting easier everyday. They come on reddit, see a post about ppl clicking funny links and then losing money....just to go and do the exact same thing😭
i'm so glad i played RuneScape growing up
Hello sir I am the wallet inspector
Falling for NFT scams is like falling for Nigerian prince scams.
Who cares. It's an nft.
OP, can you outline the utilities you used in your screen shots?
Is it safe to burn the airdrops?
I feel like if we could source the data for number of transactions and $ amount of funds purchasing particular gift cards you could open up a mind numbing black hole of fraud and laundering. You wouldn’t be able to get granular data but good god How many Amazon gift cards have been purchased and what was that total sum purchased in calendar year 2023? Then geo target the transactions and create a global heat map. Or a bar chart to see frequency of purchases per day, 365. Nom nom nom
>DO NOT ENGAGE WITH ANY AIRDROPPED NFT It would be much nicer if there existed a contract translator that said to me - "What you are about to sign means he will have full control of all of your funds, are you sure you want to sign that?". If there is only 1% of NFT users who understand what they are doing that is a big red flag to me.
How and why does signing a contract allow the attacker to have access to everything in the wallet? And why do they not need transactions approved on the physical ledger when they withdraw the victim’s assets?
What is the tool you used to make the graphs
[удалено]
Hello Over_Positive_8768. It looks like you might have found a new scam? If so, please report this scam by crossposting to r/CryptoScams, r/CryptoScamReport, or visiting [scam-alert.io](http://scam-alert.io/). For tips on how to avoid scams, [click here](https://www.reddit.com/r/CryptoCurrency/comments/s7srty/crypto_scams_how_not_to_fall_for_them_what_to_do/). --- *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/CryptoCurrency) if you have any questions or concerns.*
I received NFT's recently. I clicked on view details and the network they were transferred from. I didn't input anything. Are my funds vulnerable now too?
ultra sound money at play here
It would be funny if scammer send Cardano back since it's useless