Written by Xinusu

PLEASE NOTE

  1. THAT THESE ARE MY OWN PERSONAL ENCOUNTERS AND YOURS MIGHT BE SLIGHTLY DIFFERENT
  2. PLEASE DO NOT CLICK ON ANY LINKS RELATING TO THESE SITES AND ATTEMPT TO RECREATE - YOU MAY POTENTIALLY HAVE YOUR WALLET DRAINED - VISIT AT YOUR OWN RISK

INTRODUCTION

While browsing someone's profile on Twitter, I noticed a TWITTER ADVERT / PAID PROMOTION that looked like this

WARNING - THIS IMAGE BELOW IS OF A SCAM

Screenshot 2023-02-21 at 14.02.53.png

SIDE NOTE: Notice the difference in twitter handle - The actual artist uses @VanArman - whereas these scammers had set up a replicant twitter handle - @VanArmans

Considering I follow the artist (@VanArman - Twitter handle) of course it caught my eye, FOMO set in 😏, eager, without much thought I clicked on the link and visited the site.

Once Arriving I was intrigued and noticed that there had only been 1082 of 1111 minted, I felt that considering it was free and that the mint was almost complete - that it would of been worth minting one.

SCAM MINT PAGE !!

Screenshot 2023-02-21 at 14.43.51.png

SIDE NOTE: The scam website was hosted https://bitgans.app/ ← DO NOT CLICK/VISIT THIS LINK

THE ATTACK

REAL MINT PAGE

Screenshot 2023-02-21 at 14.44.00.png

SIDE NOTE: Whereas the actual correct mint site is hosted at https://bitgans.cloud/ - looks identical - except that scam page doesn’t contain the Artists Twitter

I connected my wallet, which isn’t the problem, as it only exposes what my wallet address is until I action an interaction there is very little they can do, however, once my wallet was connected they presented me with an “Mint” button — exciting. 😏

This is where all the danger begins and here is exactly where the console started showing me the background logs during interaction, now although I’m not 100% sure as to exactly what they doing - I have a pretty good idea and I’ll break it down for you.

ezgif.com-video-to-gif (5).gif

They make a call to Opensea to see if I have given Opensea access to my WETH, check to see what NFT’s match their hunt list (this would be a list of high value NFTS they’d wish to target) - obviously as this is an old wallet and is treated as my burner - I dont have much other than a few ens’s - which they note.

They then proceed to check Uniswap (which they spelt wrong - lol UNSIWAP), Pancake Swap and Sushiswap for WETH permissions and perform some of their own checks to see whether my wallet would be “Eligible” which obviously with a zero balance and nothing special within — fails their test - lol.

Along with them presenting me with a Metamask signature for Opensea - which most of you will identify - which would allow them the ability to list my NFT’s.