Millions of NFTs for Roblox Skins Scammed by Kids

Millions of NFTs for Roblox Skins Scammed by Kids

By cryptogod-1 | CryptoGod-1 : Crypto & Blockchain | 15 Jul 2023

Good day everyone,

I hope you are all well and having an excellent day, welcome to CryptoGod-1’s blog on all things crypto. A recent string of NFT related phishing attacks have been orchestrated by school children, as they look to steal alleged million of dollars worth of NFTs to splurge on coveted Roblox skins.

 

 

Scams on the Rise

The latest trend for the little rogues has been exacerbated by the growing number of exploits being used to compromise discord serves and Twitter accounts, with the schemes being conducted by school children. The kids have been making use of exploits and hacks to scam millions in NFT's from unsuspecting users, and have exposed even further how wretched and far people of all ages will go for things they want. This is a part of a larger wave of phishing attacks in the NFT space, and since December 2021 there have been at least 900 discord servers which have been victim of the attacks. The attacks are on the rise, with 46 having happened to discord servers since 1st of June 2023. With the total amount of wallets impacted over the previous nine months sitting at over 32,000, this has resulted in a collective loss of $73 million in stolen NFTs and tokens.

An example came in the form of Orbiter Finance. In June, they were contacted by a supposed journalist claiming to be from a crypto news site. The reality was quite different, as the "journalist" contacted one of its Discord moderators and asked them to fill in a form. In doing so, they gained control of the discord serves, with the moderator totally unaware. The perpetrator then froze other admins’ control over the server and restricted the ability for community members to send messages, before posting an announcement stating that a airdrop was taking place. The airdrop was of course fake, and the website it linked to was a phishing website designed to steal their NFTs. In total, over a million dollars worth of NFT's and token were stolen within mere moments.

 

 

Kids entering the Scamming World

Possibly the most horrendous part of the whole process is that an estimated 95% of the attackers are kids still in school, often high school, and under the age of 18. A pseudonymous security researcher known as Plum, who works on the trust and safety team at NFT marketplace OpenSea, noted:

 

“95% of them are kids below the age of 18 and they’re still in high school. I personally have talked to quite a few of them and know they’re still in school. I’ve seen pictures and videos of various of them from their schools. They talk about their teachers, how they’re failing their classes or how they need to do homework”

 

The schemes themselves often increase during the summer holidays, which would correlate with the notion of school children being the instigators. The orchestrators of the phishing attacks first of all go to Telegram and Discord to find channels which are run by the developers of numerous different kinds of drainers. A deal is agreed with the developer, often 20-30% of the proceeds of the scam, and then the set of code is handed over which can be integrated into websites. This is the black market for drainer code, and is an emerging industry. 

The kids don't hide their lavish earnings, in fact it is quite the opposite. According to Plum, some of the favourite things the kids will do with the stolen items and earnings is:

 

“They'll buy a laptop, some phones, shoes and spend vast amounts of money on Roblox. They all play Roblox for the most part. So they'll buy the coolest gear for their Roblox avatar, video games, skins and things like that.”

 

They also make use of the gift card marketplace Bitrefill, which allows users to purchase gift cards with crypto. Here they spend thousands of dollars on Uber Eats, buy designer clothes, pay people to do their homework for them and even buy cars that they can’t drive yet. The scammers try to cover their tracks, often by paying people in lower income countries to use their personal details to register on exchanges. This in ways helps to cover their trails when they cash out, but according to Plum at least some of them should have been caught by now because they leave behind ample evidence of their actions. However, law enforcement seems uninterested in the issue.

Plum went on to add that when a country like North Korea carries out a phishing attack to target NFT's and crypto tokens, they generally use their own "in house" drainers and rarely get involved with the drainers for sale. As for those who create their own drainers, they sometimes carry out attacks with their own code when note selling it on the black market. They make use of pseudonymous profiles, but Plum made it clear they always leave a trail.

 

 

NFT Drainer Scams

One of the earliest NFT drainer scams related to a Telegram channel set up August 2022 known as Monkey. In October of the same year it began to get active, and over the next couple of months the technology managed to steal 2,200 NFT's, according to PeckShield. The stolen NFT's were estimated to be worth around $9.3 million, while they also managed to take $7 million in tokens. It was claimed by infamous Web3 investigator, @ZackXBT, that Monkey was behind a number of different attacks and was working for a 30% commission.

One of the biggest attacks by Monkey drainer so far took place between October 24–25, and in those 24 hours over $1 million worth of assets was stolen. One user lost $150k worth of NFTs, including one Bored Ape and one CloneX, while another could have lost much more but luckily rejected most of the malicious transactions.

By late February of 2023, Monkey decided to retire from the drainer game. In a farewell message, the developer noted:

 

“All young cyber criminals should not lose themselves in the pursuit of easy money.”

 

Before exiting, Monkey recommended another drainer known as Venom. The Venom drainer was used to steal over 2,000 NFTs from over 15,000 victims, and this was done via 530 phishing sites. Crypto projects such as Arbitrum, Circle and Blur were targeted. There are other main players in the Drainer space, and between them they have managed to take over $66.4 million in total since around the start of 2023. The four in question are Pink Drainer, Inferno Drainer, Pussy Drainer, Venom Drainer, and Angel Drainer. It is estimated that so far they have managed:

 

Pink - $3.5 million from 3,000 victims

Inferno - $9.5 million from 11,000 victims

Pussy - $14 million from 3,000 victims

Venom - $21.2 million from 45,800 victims

Angel - $1 million from over 500 victims

 

 

Pink Drainer

Of these drainers, the most interesting case seems to be from Pink. Back on the 25th of October 2022, a security expert and co-founder of crypto security firm BlockMage known as Fantasy was searching through the discord serves for Wallet Guard, a crypto product designed to protect against phishing attacks. Within, another account known as BlockDev was discovered, and this one claimed to be a security researcher who ran a Twitter account called Chainthreats where they would post security information about exploits.

Fantasy and BlockDev got to known each other and held discussions on a regular basis, and in time BlockDev came up with an idea. They would exploit the crypto hot wallet owned by the developer of the Venom drainer and use its own API against it. Fantasy watched the exploit unfold as BlockDev carried out the attack, stealing $14,000 of cryptocurrency from Venom’s developer. Fantasy noted the wallet which BlockDev used for the attack.

In early 2023 a new drainer, known as Pink, entered the space. This one was more advanced than its predecessors and quickly became popular for stealing NFTs. Fantasy began to look into it, and through tracing the source of its funds on the blockchain, noted the funds traced back to the wallet BlockDev had used on Venom. Fantasy noted:

 

“I looked back at the original funding source as well as the general activity between the two wallets, and they share similar activity. I confronted him and he wasn’t too happy about it. He was disappointed in me as a person. He thought he could trust me, which I thought was very amusing.”

 

From there BlockDev, now known as Pink, deleted their discord and twitter accounts and cut all ties with security researchers like Fantasy and Plum. Pink went on to be used in large exploits, including during May and June 2023 when the Discords of Orbiter Finance, LiFi, Flare and Evmos, along with Steve Aoki’s Twitter account, were hacked. 

The attacks were done by once again reaching out and pretending to be journalists looking to conduct interviews, and their targets were informed to bookmark a certain webpage. This is how they ended up infiltrating servers. Pink manages to evade protections, such as wallet extensions designed to guard and prevent theft, meaning it is a significant development in the drainer space. It has also managed to steal both NFT's and tokens at the same time on Blur, the first of its kind to do so.

 

 

Steering Clear of Drainers

Below are some simple steps to help navigate the dangerous landscape lined with NFT drainers and other scams. These are general tips for avoiding drainers, but are useful to consider in all forms of Web3.

  1. Don’t connect to random dApps.
  2. Never trust ‘NFT airdrops’ or “Free NFT mints’ that claim that all NFT holders or all the users of a specific blockchain are eligible.
  3. Never trust NFT or crypto ‘airdrops’ that promise to distribute thousands of NFTs or huge amounts of crypto (like $1,000,000).
  4. Double-check that the site or Twitter account is legit. Phishers are great at creating addresses and usernames that look almost exactly the same: for example, ‘@Do0dles instead of @Doodles, or ‘NFT-labs.io’ instead of ‘NFTlabs.io’. Check every character.
  5. Don’t trust NFT airdrops advertised on Discord, even if the message is posted by an admin. Admins’ accounts get hacked, too.
  6. Before confirming a transaction (like minting an NFT), double check which address the transfer is from and which address it goes to. On scam sites, the transfer is out of the user’s wallet (yours) and to the scammer’s wallet, instead of vice versa.
  7. If you can, copy the contract address and run it through Etherscan to see if there are any suspicious transactions. Also, search for the project’s name on Twitter: if it’s a scam, someone could have already flagged it.
  8. Revoke approvals if the token / D'app is not being actively used.
  9. Use multiple wallets and store large amounts of funds in cold wallets.

 

Scam Sniffer has advised that while many of these drainers exit the space after getting to a certain threshold in profits, there are always more to fill the void. So far nobody has ever been arrested for the crime, making it an exciting and valuable enterprise if a person knows how to do it, and is willing to take the risks.

 

Have a great day.

Peace. CryptoGod-1.

 

Referral Links and Follow Me:

Linktree

Resources

  1. https://cryptonews.com/news/school-kids-reportedly-phishing-millions-nfts-for-roblox-skins.htm
  2. https://www.theblock.co/post/235022/phishing-frenzy-school-kids-are-stealing-millions-of-dollars-of-nfts-to-buy-roblox-skins
  3. https://assets.gamepur.com/wp-content/uploads/2020/11/11010116/best-roblox-arsenal-skins.jpg
  4. https://blog.xp.network/who-is-monkey-drainer-and-how-to-protect-your-nfts-from-scammers-de918aead95d
  5. https://cointelegraph.com/news/cypto-drainers-pink-pussy-venom-and-inferno-steal-millions
Cryptocurrency Crypto Blockchain Crypto News Blog

How do you rate this article?

41
cryptogod-1
cryptogod-1

Writer, designer, creator, and life enthusiast. I love to read and write and enjoy sharing my passion for crypto, sports, literature and everything and anything I can enjoy in life.

CryptoGod-1 : Crypto & Blockchain
CryptoGod-1 : Crypto & Blockchain

Enthusiast here looking to share my ideas, thoughts, analysis, and experience when it comes to all things crypto

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.
Understand Cash Conversion Cycle in Stock Markets! Understand Cash Conversion Cycle in Stock Markets!
HiRaj

HiRaj

6 hours ago
4 minute read

BTC: 60k is the next level (June 4, 2026) BTC: 60k is the next level (June 4, 2026)
CubanCrypt

CubanCrypt

2 hours ago
1 minute read

$1.8 Billion Liquidated. Nothing Actually Broke $1.8 Billion Liquidated. Nothing Actually Broke
CineLonga

CineLonga

50 minutes ago
1 minute read