Written by Erik Weijers a month ago

Scammers after your NFT take on new, degen look

There are dangers lurking when minting new NFT collections. If you don't know what you're doing, before you know it you're giving permission to a party with the wrong intentions. Holders of expensive NFTs regularly learn this painful lesson. Yesterday, again. Since the popularity of Goblintown, providers of new fake collections need to put in even less effort: they whip up some lazy PFP art and set out the bait.

The new type of NFT-wallet robbery is also called "degen meta" because it imitates the supposedly cobbled together art and communication style of the Goblintown collection. The team of scammers fabricate a flimsy collection and send out a carelessly message for the launch of the NFT mint, which is free.

Goblintown NFT, on which collection the new scam is loosely based

Behind the scenes, of course, the plan is well thought out. The moment you connect with the mint, your most expensive NFT is pulled out.

How does the theft work?

The scammers proceed in the following way:

  1. They use a service like Premint NFT, a platform that NFT artists use to build mailing lists and run raffles. But anyone can use such a platform to distribute messages and gather a community, including scammers.
  2. For the people they target the scammers use a behind-the-scenes condition of entry, for example, 'must own a Moonbird'. Thus, they ensure that they collect a list of wallet addresses of people who own an expensive NFT.
  3. You are directed to the scammers' website, where you are asked to connect your wallet.
  4. On connection, a piece of Javascript on that website looks at the content of your wallet. Through an API with OpenSea it determines which is your most expensive NFT and retrieves the smart contract code.
  5. The moment you press Mint, you unknowingly give permission to have your NFT moved. This is done with the infamous command setApprovalForAll tx.

What can you do to avoid this type of scam?

  • Mint only at websites of projects you know and that have a certain reputation. So no 'degen free mints'.
  • When you approve a transaction, make sure there is no setApprovalForAll. For a mint, generally, no approval is needed.
  • For mints, use a so-called burner wallet: a wallet without valuable NFTs. You only have some (for example) ETH there for the gas fees.

Trade anytime, anywhere

Boost your trading impact and reaction time in over 70+ cryptocurrencies via instant access to your portfolio with the LiteBit app.

App StoreGoogle Play Store
App StoreGoogle Play Store