Blockchain and NFTs: The Sophisticated Scam
First off, yes, I scammed somebody.
Was it ethical?
Yes, because I revealed that I was scamming the person in the interest of testing this special type of social engineering attack. Anything I acquired from this victim was returned in full.
Before delving into the details of what I’m calling “the sophisticated scam", I’ll first give a short explanation of what blockchain and NFTs are from what I know so far.
Blockchain technology popularized the concept of decentralized databases. I remember decentralized downloads being used in torrents first and still use them to download my favorite programs like Kali Linux.
The first cryptocurrency, Bitcoin, and others that followed use blockchain as distributed ledger technology (DLT) to provide proof of work or proof of stake frameworks on their respective tokens. This may all sound technical and complicated but it gets simpler. The frameworks basically provide a means to prove that certain transactions have happened on the blockchain and these transactions are immutable (they never go away).
Today, billions of machines are dedicated to solving mathematical problems that prove that transactions have indeed happened on a chain. This processing power is a requirement for proof of work frameworks like Bitcoin and Ethereum. I won’t go into describing layer 2 blockchain as I am still learning about them but they ideally leverage an already existing blockchain like Ethereum for their frameworks. Here’s a video to explain further:
NFTs are “nonfungible tokens”. A means to represent digital and even physical items on the blockchain like art, music, videos, or even title deeds. They are quite popular at the point of writing this article but may not be for much longer (just an opinion). Once again I will not delve into the details as I am still learning about them.
Now onto the scam!
It began when I was testing how to mint NFTs on the Ethereum blockchain. Minting, in this case, is the process of putting a given form of media on a blockchain before placing it on sale or trading it in any other shape or form.
I came upon several Ethereum (ETH) faucets on the Ropsten Test Network, an environment that allows you to test your concepts before placing them on the real blockchain. The faucet gave me free and fake ETH to work with, about $5000 worth. It dawned on me that this could be dangerous when in the wrong hands.
I used fake ETH to make someone believe I have real cryptocurrency and borrowed real fiat currency from them.
I took several screenshots of my free ETH and sent them to my target claiming that I had struck big selling NFTs. Believable, I know. I even went as far as showing the target my wallet and transacting on the blockchain with a fake NFT that I minted. I then began to make an excuse that I was low on cash and needed a boost before cashing out my ETH. It was easy and I got the real money using fake cryptocurrency and a promise to pay them back in fiat or crypto depending on their taste.
This social engineering attack simply took advantage of the uncertainty and unawareness many people still have about cryptocurrency and NFTs. It also drew the victim in by promising things that were too good to be true yet within the realm of possibility.
Be careful when interacting on the blockchain and always remember: if it’s too good to be true, it probably is!
Stay safe out there!
