Key Takeaways
- iamdeadlyz.pcc.eth on his investigation of hidden NFTs at the hidden tab in OpenSea found that one of them is an ongoing scam, resulting in $1.7M+ stolen assets.
A fake TheBeeings NFT was sent to him. Here is the link to the phishing site:ย https://thebeeings.link/.ย https://thebeeings.io/ย is the only official website. So users should always be highly suspicious when connecting their wallet to any other website, and theyย should never type their seed phrase. Here is the link to the official Twitter Account:ย https://twitter.com/TheBeeings.
The phishing website is highly identical to the official website. It also uses the same color theme as the original website.
The scam site points to the destination address, i.e., a contract address 0x33E196CD6078a633D92ddcEC5CFB9D7Fe05cBb66
. This is being used to transfer the stolen assets from the victims who were tricked into confirming transaction approvals.
After doing some more investigation, iamdeadlyz.pcc.eth has found a new contract address, i.e.,0xe7e8d50d1d11299f46112ef0e9cb972756b54e98
, which is another smart contract being used for DelegateCall.
When expanded, an another malicious smart contract, i.e., 0x563b973f0c57f5423a171a8975c18f9b604342e2
is also being used to siphon assets from the victims.
On-chain data reveals all of the wallets which interacted to steal the assets and those who received them.
If we analyze the Malicious contract 1, i.e., 0x33e196cd6078a633d92ddcec5cfb9d7fe05cbb66
. It has a Delegatecall to 0xe7e8d50d1d11299f46112ef0e9cb972756b54e98
.
Here is the list of wallets who have used the contract:
0x8d8cD366d377aE8BA002fC29013b67979eEff757
– Deployer0x30Dc7A5b2475EdE0c63689D97D4b147d5521F677
0x9BF76534d8Bf0dA45d8C8dC695fb92CDCF6A4a8A
0xee291D1C0c5d5EC74d094f19b4265dcAcbd85fF3
– Holds a lot of ENS names // setWhiteList for0x563b973f0c57f5423a171a8975c18f9b604342e2
Here is the wallet which was Setwhitelisted but did not interact:
0xA458c2A1Cd454D8eaaA8D8b7233e7D540A3D32d8
– interacted with0x563b973f0c57f5423a171a8975c18f9b604342e2
Here is the list of receivers:
0xe2ee623b0ba5c5cc39932102a169f95e90422cc6
0xeba1cbca39e6d661532a3e3338c1de558f1533d4
0x5f1e6d5b942da9c8dbd302cf88f10ef8e2c706b5
0xed5497931d0da0ff00529c8d1876a745c1b59fcd
0x2479d74112b5bf1684f73d81233f0f9b51256973
0x39177e4170d5f8f668ceff45736f4af20997fef5
0xc1d4b3eef3843e8807654f7cdc8935fd77486a31
Here is theย linkย to find the complete data.
Aside from the wallet addresses, iamdeadlyz.pcc.eth was able to get the list of stolen assets.
We would like to creditย iamdeadlyz.pcc.ethย for all this available information.
So we want to advise our readers that many scammers are out there in full force. So users should always be highly suspicious when connecting their wallet to a website, and they should never type their seed phrase. Users should always make sure that they are on the correct URL, and they should never confirm random transactions. Also, they can use a cold wallet for better security,