| Notification Date | June 23, 2023 |
| Target | Polygon |
| Incident’s Location | Multiple locations |
| Initiator | Unknown |
| Attack Vector | Phishing |
| Impact | 329 wallet owners, $1,25 M (530,369 wallets) |
In a recent security analysis, a concerning NFT airdrop phishing scam has emerged, leading to the theft of $1.25 million in assets. Scam Sniffer, a watchdog entity, has reported numerous cases of theft within the realm of NFT airdrops on the Polygon network.
Victims, who initially received airdropped NFTs and trusted their legitimacy, fell prey to this elaborate scheme, as their assets were pilfered when they unwittingly opened malicious links and signed malevolent signatures during the claiming process.
The orchestrators behind these thefts have executed their operations by creating a staggering 1,354 malicious NFTs on the Polygon platform. These deceitful tokens masqueraded as authentic airdrops from prominent projects such as RocketPool, ApeCoin, Polygon, Uniswap, and AAve.
Alarming reports reveal that all of the malevolent links included in these airdrops lead directly to websites associated with Inferno Drainer, a notorious “Scam As a Service” entity that has managed to pilfer a staggering $13 million over recent months.
This calculated scam targeted a vast number of wallets, with approximately 530,000 falling under the threat of these malicious NFTs. A total of 329 victims were ensnared in the trap set by the nefarious group orchestrating the airdrop scam.
Consequently, these unsuspecting victims collectively suffered a significant financial loss, amounting to $1.25 million. This incident underscores the urgent need for heightened cybersecurity awareness and vigilance within the growing and innovative field of NFTs.
