A wave of NFT airdrop scams targeting users on Polygon has resulted in substantial financial losses, with victims collectively losing $1.25 million to fraudulent schemes orchestrated by Inferno Drainer. These scams involve the distribution of malicious NFTs impersonating legitimate airdrops from reputable projects such as RocketPool and ApeCoin. Exploiting dynamic link redirection via platforms like beacons.ai, attackers tricked victims into interacting with malicious links and signing fraudulent signatures, leading to the theft of their assets.
The scope of the scam is extensive, with perpetrators creating 1,354 deceptive NFTs and targeting over 530,000 wallets. Despite efforts to mimic legitimate projects, the malicious links in these airdrops ultimately direct victims to websites associated with Inferno Drainer, highlighting the sophistication of such “Scam As a Service” providers. The targeted nature of the attacks, combined with the use of legitimate project names, underscores the importance of vigilance and caution when participating in airdrops and interacting with NFTs.
Victims fell prey to the scam when they opened their Portfolio Tracker or wallet, encountering the malicious NFTs that appeared as part of the fraudulent airdrops. Upon clicking on the deceptive links and signing malicious signatures on the associated websites, victims unknowingly facilitated the theft of their assets. The coordinated nature of the attacks, along with the deceptive tactics employed by the perpetrators, demonstrate the evolving tactics used by cybercriminals to exploit vulnerabilities in the cryptocurrency and NFT ecosystem.
Efforts to mitigate the impact of such scams include analyzing on-chain data to identify patterns associated with malicious NFTs and warning users about the risks posed by interacting with suspicious airdrops. As the prevalence of NFT-related fraud continues to rise, it is imperative for users to exercise caution, conduct thorough research, and verify the legitimacy of airdrops and NFT projects before engaging with them to protect themselves from falling victim to scams orchestrated by entities like Inferno Drainer.
