Your NFTs and Crypto Wallet Can Be Drained With This Email

Vladislav Sopov

Josh M. Chavez, U.S.-based NFT artist who created collectibles for Tiger Woods, Tom Brady and Rafael Nadal, falls victim to blatant scam

Contents

Josh Chavez took to Twitter to share a sad story about a dangerous scam he was targeted by. Fraudsters used an old technique with an infected file in documents attached to an email message.

NFT artist gets scammed by malefactors from Instagram

On Jan. 19, 2022, Josh M. Chavez, an American digital artist, announced that scammers stole all tokens and NFTs from his on-chain crypto wallet MetaMask.

The artist unveiled that he had been contacted by a potential client via direct messages on Instagram. Despite the account of the “customer” being mass-followed by bots, Chavez decided to ignore this fact.

The stranger ordered cover art for their soon-to-be-released song. Chavez asked them to send details of the request, including information about the release, budget, concept, references and so on. All these details were sent to Chavez by email.

The scammer, using the name “Oscar Davies,” sent the documents; one of them was labelled as a .pdf but actually had the .exe filename extension. EXE-files are designed to execute computer programs when opened.

Once the file was opened, it was immediately bound to Chrome, the browser MetaMask wallets are integrated in. In the blink of an eye, it drained tokens from MetaMask and sold all NFTs on auctions for a tiny fraction of their real prices.

Tricky scams in NFT segment are on fire

Chavez highlights that the whole procedure of social engineering was created masterfully: despite his expertise, he failed to notice red flags:

I live on the internet and can spot scams a mile away, but today I forgot to double check one small detail (…) I was not only in a rush, this was a routine thing – something I’ve complacently done many times on end with clients

As covered by U.Today previously, prominent actors of the NFT market were targeted by sophisticated scam campaigns in Q4, 2022, – Q1, 2023. In November, attackers hacked the social media of Greg Solano, the founder of BAYC, and started spreading phishing links.

Amid the euphoria around the FIFA World Cup in Qatar, scammers managed to pass Twitter security checks and promoted a fake Binance x Cristiano Ronaldo NFT airdrop.