NFT Airdrop Scam Uncovered By Check Point Research

Check Point Research’s recent investigation disclosed a sophisticated and widespread NFT scam campaign.

This campaign stands out because of its unique approach, applying a source spoofing method to go after a broad range of token holders. Its specific focus is on over 100 highly recognized projects, directing its attacks at the owners of these tokens.

For example, if you’re registered as a holder of APE tokens, the attacker would send you an airdrop pretending to be an Ape NFT airdrop. The reason for this is that the attacker cannot access the email addresses of APE token owners and, as a result, cannot directly recognize the owners of the tokens.

To avoid this, the attacker developed another method to contact specific token owners by exploiting NFT airdrops that are connected to a specially designed website for each token targeted. This tactic makes the transactions appear legitimate, making them seem to come from reliable sources.

The Attackers Are Using A Sophisticated Approach

The attacker’s method for each airdrop entails designing a dedicated website where individuals can receive rewards. Innocent victims are enticed into linking their wallets to these sites, without knowing that they are giving away complete access to their funds.

This deceiving process allows the attacker to exploit users who believe they are partaking in authentic airdrops, which leads to potential financial disaster. Users should be cautious and verify that the airdrop campaigns are genuine to protect their digital assets.

This scam underscores the importance of being extra cautious in the constantly changing world of digital assets and blockchain tech. Moreover, the team noticed a fake IMX NFT circulating, claiming to come from the “IMMUTABLE X Deployer,” which is known as the source of the IMX token.

The Immutable Group, which includes the Immutable Games and Immutable Platform, is well-known for creating and releasing web3 games on Ethereum. Because of this reputation, any connection to it, like an NFT airdrop, might appear trustworthy. But, a more thorough examination of the transaction logs unveils a different narrative.

After examining the transaction logs, it’s clear that the “From” address has been faked. This trickery happens because Etherscan processes transaction details, relying on information from Solidity’s emit command logs. In Solidity, the emit command is employed to document events on the blockchain.

Although this is crucial for keeping track of activities, it can be manipulated to show false information. As a result, the NFT in question didn’t come from “IMMUTABLE X,” similar to the event demonstrated earlier with Yuga Labs and other entities appearing in the “From” section on Etherscan.

The Etherscan Tool Is Not Enough To Prevent Scam

This situation underscores how blockchain transactions are presented and interpreted. Even though invaluable tools like Etherscan help users understand and explore blockchain transactions, they can still be tricked.

When malicious actors use the emit command, they can produce transaction logs that falsely represent where a transaction comes from, tricking both users and automated scanners. This strategy is especially impactful in the NFT realm, where how trustworthy people think an item’s source is can greatly influence its value and appeal.