Social media has become a prime hunting ground for these scammers, preying on everyday investors and the so-called “crypto whales” who invest millions. One particular case highlighted just how much a threat scammers can be when applying tried and true social engineering principles through social media.

The Ape Heist of the Century

A scam that combined both fake social media accounts and website spoofing led to the loss of over $6.2 million worth of highly lucrative NFTS, including many from the wildly popular Bored Ape Yacht Club collection. The scam took place in early May 2022 and targeted the NFT wallets of individuals interested in Otherside NFT, an innovative metaverse concept relying on NFTs. The project comes from Yuga Labs, the same creators behind the original Bored Ape Yacht Club. This drew significant attention from the NFT community, and the launch brought in over $300 million. However, scammers managed to divert some NFT buyers away from the legitimate Otherside NFT website towards their own imitation. The fake website appeared identical to the legitimate website, leaving any visitors with the impression that they had reached the real thing. Just like with any actual NFT project, the website prompted the users to link their NFT wallets. While the real project would then allow users to make purchases of the newly minted NFTs, the fake website simply emptied the wallets, stealing the valuable NFTs inside. Because the blockchain provides a ledger of all transactions, anyone can see the wallets to which the stolen NFTs have been sent. Three wallets have been found, holding the $6.2 million in NFTs. Many of these NFTs have already been stolen. While it’s possible for NFT marketplaces to refuse to list NFTs that they know are stolen, they don’t have any actual control over the blockchain. The NFTs are well and truly gone, with no hope for any remediation.

The Role of Social Media

Anyone can make a fake website, but it’s drawing victims to that website that constitutes the real challenge of pulling off a successful scam. Social media is among the most effective tools that scammers have in their arsenal today. In the case of the Otherside NFT heist, the scammers simply spread leaks to their fake website across Twitter. They made accounts with names and profile pictures that implied they were official Yuga Labs accounts. While any potential buyers would be able to verify that they weren’t actually an authorized account, many didn’t think to do so. Instead, they followed the links to the fake website and lost their NFTs. This tactic lets the scammers reach a massive potential pool of victims by promoting various fake NFT schemes like the Immediate Edge trading system. They took just a small fraction of the overall market for Otherside NFT, $6.2 million, compared to the project’s 1-day initial earnings of $300 million. However, that’s more than enough for these scammers to get by. With such high stakes, the scammers only need to get lucky a few times to pull off their scam successfully.

More Examples of Crypto Identity Theft

This wasn’t an isolated incident by any means. Impersonating other companies and individuals is commonplace throughout the crypto industry. Because the blockchain provides some level of anonymity and offers no recourse for scam victims, the only thing scammers need to worry about is getting the money in the first place, not how to hold onto it. Many fake accounts are incredibly simple. They’ll include a profile picture of Elon Musk, Richard Branson, or other well-known and rich celebrities. The post will link to a crypto wallet address that offers a “great investment opportunity” or simply to “double your money.” Victims then send Bitcoin or other cryptocurrencies to the wallet, expecting a return. However, the scammers keep the money and send nothing back. The irreversible nature of crypto scams means that investors need to pay more attention to detail than they do with other opportunities. Any mistake, no matter how small, cannot be fixed. The scammers know this well and use it to their advantage.