Sohrob Farudi, a user of the MetaMask wallet, went to his account on the social network Twitter to vent and tell the story of how 11 non-fungible tokens (NFTs) were stolen.
The victim saw three Bored Ape Yacht Club NFTs disappear, four ONE1 FORCE and four World Of Women, for a total of 250 ethers (ETH). This represents $ 813,925 at the current market price, according to the CriptoNoticias price index .
Farudi, who identifies himself on Twitter as @sohrobf , began his story by assuring that he was “scammed, socially manipulated and hacked.” According to his account, he was “tricked” into exposing the QR code on his MetaMask wallet in Google’s Chrome browser extension.
The bad time for Farudi started when he couldn’t locate his NFTs on OpenSea. Then he decided to join a Bored Ape Yacht Club support group on Discord, where he exposed the problem and two users named Gargamel and NoSass offered to help him.
The scammers asked him to speak by private message, since they pretended to be administrators of the platform and that was when the user said that he was “under guard” because they made him “feel comfortable and that he was treated like a VIP”, to gain their trust .
While they were “looking for the solution to the problem,” they asked him to share his screen so they could see the wallet and maybe “help.”
The user showed the NFTs that were stolen from him on Twitter. Source: Sohrob Farudi / twitter.com .
“When all else failed, [the so-called administrators] mentioned that MetaMask had just released an update and it had caused some problems. They suggested that I re-sync MetaMask on my cell phone with MetaMask Chrome Extension, “said the victim.
The fall of Farudi
Farudi acknowledges that he did not know how to do the procedure in the Chrome extension and asked the alleged collaborators for help.
It was just at that moment, when relying on Gargamel and NoSass was expensive, for revealing the QR code to scammers he lost thousands of dollars in NFT.
Regarding MetaMask, Farudi was annoyed by the platform’s message “Make sure no one else is looking at your screen when you scan this code.”
In that sense, he wonders “Why the hell would that message be on the same screen as the real QR code after entering the password?” He said. The warning that MetaMask displays, in Farudi’s vision, does not allow inexperienced users to prepare themselves not to make mistakes. On the contrary, when the user made the mistake, the security procedure was indicated.
Also, he thinks the warning messages should be bigger and bold letters , he doesn’t know if that would have prevented the scam, but perhaps “a message highlighted in red could have led to another decision,” he said.
In Farudi’s opinion, the responsibility does not lie with OpenSea, he considers that there are design defects in both Discord and MetaMask.
“Both platforms need fixes immediately. I hope that my story and the details I am providing will help to make that happen soon, ”said Farudi in a tweet.
Not everything is lost
For the robbery victim, all is not lost. After seeking help in different ways, the head of operations of OpenSea, Nate Chastain, informed him that the tokens when they are stolen are frozen. However, a large part of Farudi’s NFTs were sold by the alleged thieves to innocent people.
A movement of co-workers and Good Samaritans set out in search of Farudi’s NFTs.
In fact, on August 28, a community member of one of the NFTs that Farudi had, specifically the so-called World Of Women, managed to buy one of the stolen tokens and announced a 24-hour auction to raise funds and donate to him. the earnings to Farudi.
Meanwhile, Chastain OpenSea announced that, after talking with the team MetaMask decided to temporarily disable the sync feature QR mobile code to fend off the attacks of phishing that frequently have returned in recent weeks.
Scams the order of the day
In a similar way as it happened to Farudi, another user, this time of the famous NFT- based game , Axie Infinity was also a victim of scammers , as CriptoNoticias reported .
The victim, in this case, after wrongly entering the wallet address where he wanted to send his Smooth Love Potion (SLP), the game’s cryptocurrency , went to the official Axie Infinity server on Discord to try to reverse the loss.
There he found another user who told him that he had the same problem, after taking several steps he was involved in a scam plot, where between good faith and desperation to try to recover the SLPs, he supplied the attackers with the recovery phrase (known as a seed).
When the user realized his mistake, he had already “given all his axies” to another user. In total he lost 1.4425 ETH, at the time of writing they are valued at $ 4,183.