Trusted

A New Sleepdrop Scam Uses NFT Airdrops To Steal Your Funds

3 mins
Updated by Michael Washburn
Join our Trading Community on Telegram

In Brief

  • Forta Network warns about a new version of the Sleepdrop scam using NFTs and a verified contract to deceive users.
  • Users are advised not to interact with unknown tokens and urged to analyze contract details and official social media.
  • Unlike traditional sleepdrops, this scam offers NFTs as fake rewards, making it considerably harder to identify.
  • promo

The team at Forta Network has sounded the alarm about a new version of the Sleepdrop scam. This version of the scam uses NFTs and a verified contract to mislead users into thinking they’re interacting with a legitimate airdrop.

Forta Network is a California-based security and operational monitoring network for wallets, developers, and investors. Lido is one of its users. The Forta community discovered the scam when a new NFT from Lido was transferred into one of Forta’s multisig wallets.

A New Kind of SleepDrop Scam

After Lido confirmed that it was not the source of the NFT, the Forta community studied it and discovered it was a scam.

The scam involves several steps. First, the scammer creates an ERC-1155 (NFT collection) that impersonates a legitimate team. Next, the scammer transfers most of these counterfeit assets to a legitimate contract that previously conducted an airdrop.

Then, the scammer triggers the airdrop function of the contract to distribute the NFTs to multiple addresses. To deceive recipients, the description of the NFT includes a phishing URL embedded within it.

Learn how to stay safe in the world of Web3: 15 Most Common Crypto Scams To Look Out For

The main difference between a traditional sleepdrop and this scam is that the scam offers an NFT as a fake reward. This makes it seem more authentic than an ERC-20 token that includes a URL.

The scammer’s contract is verified, but it delegates the execution logic to another unverified contract. This can deceive targets into thinking they are interacting with a verified contract. In reality, the critical execution logic lies within an unverified contract, leaving them vulnerable.

Total crypto received by illicit addresses, Chainalysis.
Source: Chainalysis

Do Not Interact With Unknown Tokens

In a discussion with BeInCrypto, Christian Seifert, a researcher at Forta Network, offered some tips to stay safe.

“Do not interact with any token that you randomly receive. Even if it looks like the sender is a legitimate team,” Seifert said.

“Analyze the contract you are interacting with: who is the deployer or how long it’s been live. Review the official social media of the legit team as they may have flagged the scam,” he added.

However, the source did stress that in the event of this Sleepdrop scam, the company’s social media may also have been compromised.

BeInCrypto covered the original Sleepdrop scam when it first came to the attention of the Forta community. That scam operates by imitating the appearance of a genuine token through a technique similar to “sleepminting” of NFTs.

The scammers have so far impersonated tokens from Uniswap, Chainlink, Lido, Circle, and others.

Top crypto projects in the US | November 2024
Coinbase Coinbase Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
3Commas 3Commas Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | November 2024
Coinbase Coinbase Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
3Commas 3Commas Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | November 2024

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

Frame-2298.png
Josh Adams
Josh is a reporter at BeInCrypto. He first worked as a journalist over a decade ago, initially covering music before moving into politics and current affairs. Josh first owned Bitcoin in 2014 and has followed the space ever since. He is particularly interested in Web3 adoption, policy and regulation, CBDCs, privacy, and the future of the metaverse.
READ FULL BIO
Sponsored
Sponsored