- Scammers have found a way to mislead unknowing users into a new NFT scam.
- Verified Twitter accounts are hacked, revamped, and then used to tweet malicious links leading to victims losing NFTs.
- The Azuki scam has the same modus operandi as the ApeCoin scam from the previous month.
Scammers have found a new way to steal NFTs from unsuspecting users – this time, it’s from Azuki NFT owners. The method involves hackers hijacking verified Twitter accounts, changing the public details to suggest ownership by an Azuki co-creator, and then dropping malicious links.
Two hacked journalist accounts chronicled that the hack started with a phishing email that was claimed to be sent by Twitter’s support team. Another journalist had their account hacked and subsequently sent over 6,000 tweets tagging potential victims for the scam. In addition, India’s University Grants Commission (UGC) was hacked following the same modus operandi (MO).
Once hackers took hold of the accounts, they proceeded to form misleading tweets promising NFT airdrops followed by a link. Following that, unknowing users are prompted to connect an Ethereum wallet as part of the scam. Once a connection is made, hackers steal the NFTs from their victims’ respective wallets.
In response to the prevalent scams, a Twitter representative confirmed that the company is “aware of and actively working on a solution to combat” the attacks.
This Azuki scam has the same MO as the ApeCoin (APE) scam from the previous month. In March, hackers reportedly stole more than $1 million worth of NFTs from the Twitter scam. Similar to the Azuki scam, the ApeCoin scam involved hijacking verified Twitter accounts and forming misleading links to airdrops.
It goes without saying that the victims did not receive airdrops of any kind, and instead only lost NFTs.