How this crypto founder escaped a “social engineering” hack
The crypto founder was sent an NFT that would have made it possible for the scammers to steal his Ethereum holdings.
A decentralized autonomous organization (DAO) founder on Twitter, Thomasg.eth, has revealed how he almost lost all his ETH to a social engineering scam. In a long thread, he explained in detail how scammers almost got him.
How the scammers tried to pull off their act
His DAO, Arrow, is building open source VTOL aircraft and air taxi protocol. He claimed that someone named heckshine reached out to him about two weeks ago. Heckshine claimed to be working at Ubisoft and offered help with 3D design and animation.
It also turned out that heckshine has a friend named Linh who’s passionate about metaverse and VTOLs and has a brother-in-law working with Boeing. With all the initial web woven, all that was left was for Lihn to swoop in.
Linh claimed to be working on the Space Falcon metaverse project and wanted a partnership with Arrow DAO. Before proceeding with the partnership, Thomas claimed he checked Space Falcon to confirm that it’s an actual project on Solana and saw Lihn’s name on it before proceeding.
However, all this turned out to be a massive scam on a grand scale. Linh even went as far as to invite Thomas to a tour of the Wisk facility. The red flags started popping up after Linh informed him of a new staking app for NFT that had just launched. She asked him to receive NFT to help in testing the app.
Instead of receiving the NFT in his main wallet, Thomas opened a new wallet for that purpose. Linh then offered to send another NFT to the main wallet.
Fortunately, Thomas decided to read through the contract first and discovered that it contained a function that would make it possible for the scammers to send all the wrapped ETH in his wallet.
While this attempt was unsuccessful, it shows just how far crypto scammers are willing to go. In this case, the scammers were professionals who did everything near perfection. They copied an actual project and got a very similar domain name.
It was only Thomas’s expertise that saved him from being a victim. According to him, this shows that scammers are getting smarter, and token approvals can be extremely dangerous.
Crypto scams have grown significantly in recent times, with scammers employing various methods. But sophisticated social engineering scams at this level are rare for crypto.
Many comments on this post point to the ease of stealing crypto to be a fundamental flaw. With several other people sharing similar experiences where they weren’t so lucky.