Customer support scammers take aim at NFT enthusiasts

Customer support scammers take aim at NFT enthusiasts

Adidas has been making waves in the NFT space with a collection of footwear/bored ape crossover sales.

Demand was bound to be high among people who collect these things. As a result, Adidas tried to limit the number of sales to two per person. This is along the same lines as trying to prevent bid sniping on eBay, or ticket scalpers purchasing huge numbers of tickets then selling them on at huge profit. See also: console purchase shenanigans.

When the idea of scarcity is built into what you’re selling, it makes sense that you’d want to give anyone interested a fair chance to buy the item(s) on sale.

Unfortunately, as with all the best laid plans, things went sideways very quickly once the sale opened. When you see what approximates to an apology thread, you know something’s gone wrong. The question is: what?

Let the bidding begin

When an NFT sale opens, people have to bid to obtain their desired NFT and pay a gas fee. This fee can go up or down, but they may be higher or lower depending on supply and demand when you make your payment. The fee itself is needed to compensate for the processing required to make the transaction. There are also numerous ways to avoid higher fees.

So far, so good. Unfortunately, the replies to the announcement are filled with people complaining about minting gone awry, and gas fees lost.

Drafting up a contract

Smart contracts in the NFT space are how people know who owns what after an NFT has been created.

Someone looking to bypass the two item limit created a custom smart contract, which fired up an additional 165 subcontracts to make additional purchases. That’s 330 NFTs purchased at a cost of around $350,000 for gas fees and purchase price, which could easily have gone wrong. As annoying as this is for anyone who lost out on fees, the thing which really interested me in the replies of woe was this:

Customer support scammers move to new realms

Someone dived into the complaints claiming to be “Adidas Originals Support”, eager to help anyone fretting about lost money. Sadly, all is not as it seemed.

“Hello,

This is Adidas Original Support.

We are sorry for any inconveniences so far.

Kindly send a direct message; our best team will attend to you to ensure it is fixed ASAP.

Well, it looks convincing. For one thing, it has a blue ape in a yellow hat for a profile pic. Nobody would pretend to be a fake ape in a yellow hat, would they?

You bet they would. This is the customer support scam we’ve seen many times down the years. It started out targeting FIFA gamers in need of assistance. People doing it realised they could make more money jumping into customer support chats between banks and their customers.

We’ve seen this scam deployed against users of Trust Wallet just this year.

In it for the long run

It stands to reason we’d see this approach work its way over to the NFT space eventually. There’s simply too much speculative money being thrown around to resist. If we had to guess, the scammer would eventually ask for wallet credentials. If you lose your wallet in this way, you’re almost certainly never getting it back again.

The account sending the message has since been suspended by Twitter. However, it’s incredibly easy to set up bogus profiles and we expect to see this one happening a lot more. If a supposedly official account ends up in your replies after something goes wrong, check it has a verified profile. If it doesn’t, there’s a very good chance something may be amiss. As I said earlier: if you lose your wallet in this way, it’s probably gone for good.

Keep your friends close, your monkey jpegs closer, and your cryptowallets closest of all.

ABOUT THE AUTHOR

Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.