Security

Phishing scammer linked to NFT thefts including BAYC

Canadian phishing scammer, Chards, has been linked to a series of NFT thefts and crypto phishing scams through their ENS address.

ZachXBT, a Twitter detective, researched a Discord user, madman#9528, who became active a few weeks ago, showing off their Bored Ape. Notably, attached were their ENS address, madman.eth, and BAYC 7941 and 6716. However, the ENS raised a lot of questions.

In September 2022, madman.eth’s address was accidentally linked to a phishing attack involving stolen NFTs. There were 19 NFTs stolen for 115 ETH, and one of them was the BAYC 4651. In this instance, ZachXBT recovered 33.5 ETH for an affected user.

3/ For example back in September 2022, madman.eth accidentally linked their address back to a phishing attack they were responsible for where BAYC 4651 & 18 other NFTs were stolen for 115 ETH.

Luckily in this instance I was able to help recover 33.5 ETH of the funds. pic.twitter.com/WkneBYUtva

— ZachXBT (@zachxbt) February 20, 2023

He linked the same person to a payment to a scammer, serpentau.eth (Lock) was found to be connected with the Azuki, Chimpers, AKCB, and Mutant Hounds Twitter hacks.

There was also a 17,500 USDC transfer that traces to Horror (HZ), also called Chase Senecal, that recently has assets swept by the FBI in suspected phishing scams. During that time, the FBI was able to get back some crypto, BAYC 9658, Doodle 3114, and AP watch.

Even more interesting was that madman.eth purchased a $13,500 Rolex watch from the same seller that sold to HZ and Diablo. Diablo is also a phishing scammer working with other scammers like HZ, Chards, or Two1 in messaging potential victims, whereby he gets a small cut from the stolen funds.

1/ Investigating the phishing scammer Diablo and how he’s linked to @ezu_xyz @nounsdao @MoonLanderzNFT Shadows & more attacks which all tie back to an iced out rolex he purchased with illicit funds.

— ZachXBT (@zachxbt) October 13, 2022

Madman.eth is linked to the BAYC 5153 theft and received 54 ETH when the Kumaleo Discord was attacked. Madman then began flexing his Audi R8 purchase. He also posted bragging he’s crashed 3 X BMW M4s in the BAYC Discord.

ZachXBT then used the R8 photos to lead to an Instagram account, cold (dave), who made the same dealership payment in Canada. The Instagram page also had the wrecked BMWs, just as on Discord. The page also had photos of him flexing with his friends and his iced-out watch.

10/ His Instagram consists of him flexing bottle service at a nightclub in Toronto with friends and pics of his iced out watch. pic.twitter.com/EJd8DTgAVI

— ZachXBT (@zachxbt) February 20, 2023

ZachXBT concluded that the information shared will hopefully help the phishing attacks victims such as Eurion, Snarls, and many more.

Phishing attacks are becoming more common

Phishing attacks in the blockchain community are becoming more popular. In 2022, over $2.8 billion in crypto was stolen via exploits and hacks.

The latest is Nikhil Gopalani, the Nike executive’s crypto wallet looted last month by a “clever” phisher. His Clonex NFTs and other digital collectibles, including “Crypto Kicks,” were taken.

Meanwhile, the Ethereum Denver conference was a recent target whereby hackers duplicated the hacker’s website to trick unsuspecting users into linking their Metamask wallets. Notably, they gained access to over $2,800 wallets and stole over $300,000 in the last six months.

Canadian phishing scammer, Chards, has been linked to a series of NFT thefts and crypto phishing scams through their ENS address.

A web of phishing scams

ZachXBT, a Twitter detective, researched a Discord user, madman#9528, who became active a few weeks ago, showing off their Bored Ape. Notably, attached were their ENS address, madman.eth, and BAYC 7941 and 6716. However, the ENS raised a lot of questions.

In Sep. 2022, madman.eth’s address was accidentally linked to a phishing attack involving stolen NFTs. There were 19 NFTs stolen for 115 ETH, and one of them was the BAYC 4651. In this instance, ZachXBT recovered 33.5 ETH for an affected user.

3/ For example back in September 2022, madman.eth accidentally linked their address back to a phishing attack they were responsible for where BAYC 4651 & 18 other NFTs were stolen for 115 ETH.

Luckily in this instance I was able to help recover 33.5 ETH of the funds. pic.twitter.com/WkneBYUtva

— ZachXBT (@zachxbt) February 20, 2023

He linked the same person to a payment to a scammer, serpentau.eth (Lock) was found to be connected with the Azuki, Chimpers, AKCB, and Mutant Hounds Twitter hacks.

There was also a 17.5k USDC transfer that traces to Horror(HZ), also called Chase Senecal, that recently has assets swept by the FBI in suspected phishing scams. During that time, the FBI was able to get back some crypto, BAYC 9658, Doodle 3114, and AP watch.

Even more interesting was that madman.eth purchased a $13.5k Rolex watch from the same seller that sold to HZ and Diablo. Diablo is also a phishing scammer working with other scammers like HZ, Chards, or Two1 in messaging potential victims, whereby he gets a small cut from the stolen funds.

1/ Investigating the phishing scammer Diablo and how he’s linked to @ezu_xyz @nounsdao @MoonLanderzNFT Shadows & more attacks which all tie back to an iced out rolex he purchased with illicit funds.

— ZachXBT (@zachxbt) October 13, 2022

Madman.eth is linked to the BAYC 5153 theft and received 54 ETH when the Kumaleo Discord was attacked. Madman then began flexing his Audi R8 purchase. He also posted bragging he’s crashed 3 X BMW M4s in the BAYC Discord.

ZachXBT then used the R8 photos to lead to an Instagram account, cold(dave), who made the same dealership payment in Canada. The Instagram page also had the wrecked BMWs, just as on Discord. The page also had photos of him flexing with his friends and his iced-out watch.

10/ His Instagram consists of him flexing bottle service at a nightclub in Toronto with friends and pics of his iced out watch. pic.twitter.com/EJd8DTgAVI

— ZachXBT (@zachxbt) February 20, 2023

ZachXBT concluded that the information shared will hopefully help the phishing attacks victims such as Eurion, Snarls, and many more.

Phishing attacks are becoming more common

Phishing attacks in the blockchain community are becoming more popular. In 2022, over $2.8 billion in crypto was stolen via exploits and hacks.

The latest is Nikhil Gopalani, the Nike executive’s crypto wallet looted last month by a “clever” phisher. His Clonex NFTs and other digital collectibles, including “Crypto Kicks,” were taken.

Meanwhile, the Ethereum Denver conference was a recent target whereby hackers duplicated the hacker’s website to trick unsuspecting users into linking their Metamask wallets. Notably, they gained access to over $2,800 wallets and stole over $300,000 in the last six months.

   

Source

Click to rate this post!
[Total: 0 Average: 0]
Показать больше

Добавить комментарий