Thread
The latest tweet from @DigiDaigaku CEO @gabrielleydon leads to a phishing website.
As usual, the tweet tries to encourage fomo so that you don't properly consider the scenario.
No, villains are not surprise minting. Instead, you've just lost your favorite NFTs. Here's how 1/🧵
As usual, the tweet tries to encourage fomo so that you don't properly consider the scenario.
No, villains are not surprise minting. Instead, you've just lost your favorite NFTs. Here's how 1/🧵
2/ The tweet claims there are limited spots available to encourage you to act quickly. It leads you to a fake site: villains-digidaigaku[dot]com
h/t @noohp_ for the screenshot
h/t @noohp_ for the screenshot
3/ Connecting your wallet allows the site to evaluate its contents, and the most profitable angle to scam you from.
If you don't have open approvals on your most valuable assets, you'll be asked to setApprovalForAll to the scammer's address.
h/t @zachxbt for the screenshot
If you don't have open approvals on your most valuable assets, you'll be asked to setApprovalForAll to the scammer's address.
h/t @zachxbt for the screenshot
4/ If, however, you *do* have approvals to OpenSea, the site simply generates a Seaport order: a bundle of all your approved NFTs or ERC20 tokens in exchange for...nothing.
If you don't know what to look out for, this is a Seaport order. Never sign one outside of OpenSea.
If you don't know what to look out for, this is a Seaport order. Never sign one outside of OpenSea.
5/ Digging through the order params, we can find the scammer's address. They're included here as the "recipient". Anybody can fulfill the order, but the NFTs are always sent to this recipient.
The address: 0x2aBF612CbEC23562961624f2490D4e1e03F5A89c
The address: 0x2aBF612CbEC23562961624f2490D4e1e03F5A89c
6/ You can go back through their token transactions to see everything they've stolen through signatures. NFTs such as Nyolings, Mories, and more.
But perhaps the hardest hit is this account that got drained for 15 WETH
But perhaps the hardest hit is this account that got drained for 15 WETH
7/ I used that account to find out who had been submitting the orders, and it turns out it was 0x0000098a312e1244f313f83cac319603a97f4582.
That account was able to snag plenty more NFTs through approvals, including this MAYC
That account was able to snag plenty more NFTs through approvals, including this MAYC
8/ Interestingly enough, that address seems to be a vanity address, meaning it *could* be vulnerable to compromise. Some hope there.
This is a hard hit just when we were starting to get moving again. Tons of ETH was just drained, and a lot of these victims won't return.
This is a hard hit just when we were starting to get moving again. Tons of ETH was just drained, and a lot of these victims won't return.
9/ Now he's posting followups saying he wasn't hacked. Don't be fooled, it turns out people can lie on the internet.
Stay safe, and good luck out there.
Stay safe, and good luck out there.
Gabe's tweet is spreading fast.
Spread this faster. Retweet the first tweet below.
Spread this faster. Retweet the first tweet below.