NFT Phishing Scam Exposed, Around $1.7M Stolen

Key Takeaways

• iamdeadlyz.pcc.eth on his investigation of hidden NFTs at the hidden tab in OpenSea found that one of them is an ongoing scam, resulting in $1.7M+ stolen assets.

A fake TheBeeings NFT was sent to him. Here is the link to the phishing site: https://thebeeings.link/. https://thebeeings.io/ is the only official website. So users should always be highly suspicious when connecting their wallet to any other website, and they should never type their seed phrase. Here is the link to the official Twitter Account: https://twitter.com/TheBeeings.

The phishing website is highly identical to the official website. It also uses the same color theme as the original website.

The scam site points to the destination address, i.e., a contract address 0x33E196CD6078a633D92ddcEC5CFB9D7Fe05cBb66. This is being used to transfer the stolen assets from the victims who were tricked into confirming transaction approvals.

After doing some more investigation, iamdeadlyz.pcc.eth has found a new contract address, i.e.,0xe7e8d50d1d11299f46112ef0e9cb972756b54e98, which is another smart contract being used for DelegateCall.

When expanded, an another malicious smart contract, i.e., 0x563b973f0c57f5423a171a8975c18f9b604342e2 is also being used to siphon assets from the victims.

On-chain data reveals all of the wallets which interacted to steal the assets and those who received them.

If we analyze the Malicious contract 1, i.e., 0x33e196cd6078a633d92ddcec5cfb9d7fe05cbb66. It has a Delegatecall to 0xe7e8d50d1d11299f46112ef0e9cb972756b54e98.

Here is the list of wallets who have used the contract:

1. 0x8d8cD366d377aE8BA002fC29013b67979eEff757 – Deployer
2. 0x30Dc7A5b2475EdE0c63689D97D4b147d5521F677
3. 0x9BF76534d8Bf0dA45d8C8dC695fb92CDCF6A4a8A
4. 0xee291D1C0c5d5EC74d094f19b4265dcAcbd85fF3 – Holds a lot of ENS names // setWhiteList for 0x563b973f0c57f5423a171a8975c18f9b604342e2

Here is the wallet which was Setwhitelisted but did not interact:

1. 0xA458c2A1Cd454D8eaaA8D8b7233e7D540A3D32d8 – interacted with 0x563b973f0c57f5423a171a8975c18f9b604342e2

Here is the list of receivers:

1. 0xe2ee623b0ba5c5cc39932102a169f95e90422cc6
2. 0xeba1cbca39e6d661532a3e3338c1de558f1533d4
3. 0x5f1e6d5b942da9c8dbd302cf88f10ef8e2c706b5
4. 0xed5497931d0da0ff00529c8d1876a745c1b59fcd
5. 0x2479d74112b5bf1684f73d81233f0f9b51256973
6. 0x39177e4170d5f8f668ceff45736f4af20997fef5
7. 0xc1d4b3eef3843e8807654f7cdc8935fd77486a31

Here is the link to find the complete data.

Aside from the wallet addresses, iamdeadlyz.pcc.eth was able to get the list of stolen assets.

We would like to credit iamdeadlyz.pcc.eth for all this available information.

So we want to advise our readers that many scammers are out there in full force. So users should always be highly suspicious when connecting their wallet to a website, and they should never type their seed phrase. Users should always make sure that they are on the correct URL, and they should never confirm random transactions. Also, they can use a cold wallet for better security,

Here are some other phishing links scams you should know about:

1. Multiple Moonbirds NFT Phishing Scams
2. Multiple Azuki NFT Phishing Scams
3. Doodles NFT Phishing Scam
4. Okay Bears NFT Phishing Scam