$790,000 Worth of Rare Bear NFTs Stolen in Brazen Phishing Attack

Members of the Rare Bears NFT community woke on March 16 to find it had lost assets to the tune of US$790,000 due to a phishing scam. According to the team, weakened security of its Discord group allowed a perpetrator to spread a phishing link.

Rare Bear is a collection of 2,400 NFTs of cartoon-themed bears built atop the Ethereum blockchain. It was launched via a public mint last week and created by a New-Zealand-based digital artist called Enox.

Attacker Poses as Moderator

The phishing attack took place when an unknown person gained unauthorised access to the project’s Discord server, posing as an official moderator. There, the attacker was able to share a phishing link designed to steal people’s funds. The project took to Twitter to inform its community:

The attacker shared a message saying there was a new NFT mint, and then provided a link to a phishing site. Another user known as “steldes” on Twitter posted a screenshot of the phony announcement on the Discord server, with the scammer named Zhodan.


Malicious Smart Contract Allows Control Over Wallets

The fake announcement informed members of an additional 1,000 rare NFTs being added to the collection at a mint price of 0.1 ETH, or US$280. The website hosted a malicious smart contract that, when interacted with, allowed control over the victims’ wallets. As a result the hacker stole 179 NFTs and other assets belonging to everyone who participated in the mint:

The hacker then moved the assets to their Ethereum address. Soon after, most NFTs were sold one by one to the tune of 286 ETH, amounting to US$790,000. Exactly 213 ETH of the total was routed through mixing service Tornado Cash and 72.3 ETH was sent across three wallets:

Phishing Scams Rife in NFT Space

Due to the unregulated nature of the digital asset space, scams are an all too often occurrence, targeting NFTs heavily. A popular method of stealing NFTs is via phishing attacks. In January, a Bored Ape collector lost NFTs worth a whopping US$2.2 million. OpenSea also experienced a phishing scam in February in which at least US$3 million worth of NFTs were stolen.

Jana Serfontein

Jana Serfontein

Jana has keen interest in what cryptocurrencies have to offer in regards to NGO’s, governments and the financial system. And is also intrigued with the psychological effect that cryptocurrencies have on society.

You may also like