According to data from on-chain security platform PeckShield, dated May 9, an NFT trader known as “tatis.eth” lost over $145,000 in tokens due to a phishing scam involving the Bored Ape Yacht Club (BAYC) collection. The scam was executed by an entity named “PinkDrainer,” who managed to steal three valuable BAYC NFTs—specifically BAYC 7531, BAYC 6736, and BAYC 2100—from the trader’s wallet.
The BAYC Phishing Scam That Led to the Loss of $145,000 Worth of NFTs
Bored Ape Yacht Club (BAYC) is an influential collection of 100,000 Ethereum-based NFTs, known for their high value and distinctive designs featuring cartoon apes with various expressions and outfits.
A report from ZachXBT detailed that on May 8 at 5:47 PM UTC, three stolen BAYC NFTs were moved to a phishing address named “Fake_Phishing328357.” Subsequently, these NFTs were sold for a combined total of 48.5 ETH, approximately $145,000.
In December 2023, the same group behind this incident reportedly swindled $4.4 million in Chainlink (LINK) tokens by deceiving individuals into authorizing transactions through the “IncreaseAllowance” function.
Throughout the fourth quarter of 2023, there was a notable rise in scams where fraudsters posed as legitimate platforms and protocols. These scammers often tricked users into approving transactions that led to the theft of their digital assets.
A particular case involved the JPEG’d NFT protocol, which in October 2023 had to alert its community about several fake platforms mimicking its services. These fraudulent platforms aimed to trick users into giving transaction approvals, facilitating the theft of NFTs and other digital assets.
Over $104 million Has Been Lost to Crypto Phishing And NFT Scams in 2024
In the first two months of 2024, the cryptocurrency industry has experienced significant financial damage due to phishing attacks, with estimated losses totaling $104 million.
Data from Scam Sniffer indicates that approximately 97,000 users were deceived by these advanced scams. In February 2024 alone, around $46.86 million in cryptocurrencies were stolen. The Ethereum ecosystem has been particularly vulnerable, with $78 million lost as attackers drained Ether and ERC20 tokens from users’ wallets.
The majority of these losses occurred when users unknowingly signed malicious authorizations such as “ERC20 Permit” and “increaseAllowance,” which inadvertently gave attackers unauthorized access to their digital assets.
Crypto News reported in April 2024 that phishing campaigns were specifically targeting Etherscan users, employing several deceptive advertisements for malicious purposes. Scam Sniffer’s analysis also highlighted how cybercriminals have been exploiting social media platforms, especially X (formerly known as Twitter). They strategically post deceptive comments under the posts of targeted accounts, masquerading as customer service representatives to direct victims to phishing sites where their digital assets are subsequently compromised.
While the losses reported in the first two months of 2024 are alarming, totaling $104 million, they constitute just a portion of the broader impact seen in 2023. Throughout that year, phishing attacks led to a staggering total of $300 million in funds being stolen from users across the cryptocurrency sector.