Scammers Target NFT Users in BLUR Token Airdrop Scam

Scammers are targeting non-fungible token (NFT) users by promoting fake airdrop links to claim BLUR tokens on malicious websites. According to TrustCheck, scammers have stolen over $300,000 in Ether from unsuspecting users who linked their wallets to these fake websites.

The BLUR platform is a newcomer to the NFT marketplace and has been gaining popularity with its three-phase airdrop incentive scheme. Users have been receiving tokens based on their trading activity on the platform. The second airdrop scheme distributed 10% of the total BLUR token supply to users who traded NFTs on Ethereum. The first airdrop was retroactive, awarding tokens to anyone who traded an NFT in the six months leading up to the platform’s launch, while the third airdrop rewarded users who placed bids on the platform.

The incentive program has created an opportunity for scammers to prey on users looking to claim BLUR tokens across the NFT ecosystem. These fake websites use smart contracts that automatically prompt transactions when users connect their Ether wallets. All the Ether from the wallet is then drained to a specific address. TrustCheck has been keeping tabs on the number of funds stolen by flagging suspicious websites and transactions, warning Web3 users of potential fake websites and smart contracts.

Despite reports of NFT wash trading, data analytics suggest that BLUR’s NFT trading volumes are legitimate. Scammers continue to drain funds through Web3 functionality, as phishing attacks and fake websites are commonplace across the internet. In February 2023, a phishing wallet address linked to a URL masquerading as the ETHDenver conference website has stolen over $300,000 to date. In late 2022, scammers targeted FTX investors through phishing websites after the failed cryptocurrency exchange’s implosion.

It is crucial for NFT users to be vigilant and cautious when dealing with token airdrops and to ensure that they only connect their wallets to legitimate websites. Tools like TrustCheck can help users identify suspicious websites and transactions, but ultimately, it is up to individuals to protect their funds and stay informed of potential scams.


Tagged : / / / / / Hacked By Scammers For A Few Minutes. Someone Sent Them 0.4 BTC

Hackers took over the website and displayed the classic double your money scam for a few minutes today. Apparently, it was a DNS hack. Luckily, the Bitcoin community took notice and alerted Cobra, the pseudonymous website owner, as well as the company that hosted the domain. A few minutes later, was down. Sadly, a credulous person was faster than them and sent 0.4 BTC to the displayed address… or did he?

The transaction exists, but there’s a rumor that it might’ve been the scammers themselves, trying to make the operation look reputable. Just like a busker who put some change in his hat to encourage others to contribute. However, that’s just a rumor. Someone might’ve been scammed.

5 BTC + 300 Free Spins for new players & 15 BTC + 35.000 Free Spins every month, only at mBitcasino. Play Now!

Related Reading | Old Bitcoin Miner Proves Craig Wright has No Access to 145 Tulip Trust Addresses

In any case, everybody else should thank Matt Corallo, a Bitcoin Core contributor who took it upon himself to contact the domain name registrars and managed to convince them to temporarily take down the site before some catastrophe happened. 

Get 110 USDT Futures Bonus for FREE!

What Does The Owner Think About All Of This?

When Cobra announced the hack, he or she said, “Currently looking into how the hackers put up the scam modal on the site.” So far, there’s no information on that. Cobra also said that “May be down for a few days,” but luckily that wasn’t necessary.

Earlier in the day, Cobra contacted via Twitter their new hosting company Cloudflare and told them that the website has never been hacked, and now that he moved to their servers, this happened. The company responded, and eventually, the original tweet disappeared.  

BTCUSD price chart for 0923/2021 - TradingView

BTCUSD price chart for 0923/2021 - TradingView

BTC price chart for 09/23/2021 on Bittrex | Source: BTC/USD on

Does This Have Anything To Do With Craig Wright AKA Faketoshi Nakamoto?

A few months ago, both Cobra and made worldwide news. Craig Wright, Australian entrepreneur and Satoshi Nakamoto cosplay artist, got a UK court to order the website to remove the Bitcoin Whitepaper from its servers. At the time, Yahoo! finance informed:

“Cobra, the pseudonymous creator of the website, has been ordered by London’s High Court to discontinue hosting its copy of the Bitcoin white paper.

Citing copyright infringement brought forward by nChain Chief Scientist Craig Wright, the judge had no option but to rule a default judgment because Cobra chose not to make an appearance.”

Does the hack have anything to do with Craig Wright? There’s not a single clue to indicate that, but, rumors are flying. He’s the only one incentivized to attack, they say. However, 0.4 BTC is a pretty great incentive. Maybe the scammers were just interested in scamming.

Related Reading | Craig Wright Wins Lawsuit On Hosting Bitcoin Whitepaper

In any case, to close all the loops, Yahoo quotes Cobra explaining why he chose not to make an appearance in court:

“Unfortunately the court rules allowed for me to be sued pseudonymously, however, I couldn’t defend myself pseudonymously. So I was put in an impossible situation of losing my privacy or losing the case in a default judgment.”

So, to sum it all up, is back up again and no one scammed you. All is well that ends well. 

Featured Image: Screenshoot from the hacked website | Charts by TradingView


Tagged : / / / / / / / / / / / / / / / /

Ledger Scam: Scammers Mail Hacked Ledger Devices To Steal Crypto

Scammers are now mailing hacked ledger devices to Ledger users in a bid to steal crypto from unsuspecting users.

An alarmed user made a post on Reddit that they had gotten a Ledger device that they hadn’t purchased. In the package was a poorly worded letter riddled with grammatical errors that explained that due to a cyberattack, Ledger was replacing all old devices with new ones for the purpose of safety.

Ledger scam letter sent to the user explaining the reason for the replacement

Ledger scam letter sent to the user explaining the reason for the replacement

5 BTC + 300 Free Spins for new players & 15 BTC + 35.000 Free Spins every month, only at mBitcasino. Play Now!
Letter explaining the reason the device was sent

In further pictures posted by the accounts was a sealed and authentic looking Ledger device.

Sealed box ledger device sent to the user

Sealed box ledger device sent to the user

Device sent in a sealed box

The user then went on to open the device which contained instructions for connecting the device to a computer and installing the application from the device. Asking to choose seed phrase length and inputting your seed phrase into the device.

Get 110 USDT Futures Bonus for FREE!

Instruction manual in the device to input seed phrase

Instruction manual in the device to input seed phrase

Instructions contained in the device asking to input seed phrases

Growing more suspicious, instead of plugging the device to their computer, the user went on to dismantle the Ledger device itself.

Ledger devices look like flash drives with a small screen on them. The screen is to make sure that your seed phrase is yours alone.

This proved to be the right move as upon dismantling the device and looking at the circuit board, there were obvious differences between the new device and the original Ledger device.

Side by side comparison of original and scam Ledger devices

Side by side comparison of original and scam Ledger devices

Side by side comparison of the device sent and an original Ledger device. Fake device on the left and original device on the right.

The scam is obviously a phishing scam meant to send the attackers the seed phrases once they are entered on the compromised device.

In the Reddit post, they issued a warning to other users. A bold new way of attacking with the poster referring to it as “some next level of scam attempt.”

Ledger Hack

Late last year, Ledger had announced that there had been a data breach and the attackers had gotten access to their databases. The names, phone numbers, and mailing addresses of 272,000 customers were stolen and subsequently posted on Raidforums. Raidforums is a platform where hackers go to post the information of hacked databases.

Related Reading | Why Bitcoin Is Actually “Bad For Crime” Contrary To Belief

Ledger had come forward after the breach to assure customers that there was no need to worry. The hack had no way of affecting the hardware wallets of users. As the private keys to the wallets were only held by users and there was no way for the hackers to actually get their hands on them.

This seemed like it was under control and users could rest easy. Ledger was very clear that the data breach only affected information that had to do with e-commerce purposes. No crypto balances were in jeopardy.

The company further posted on Twitter that they were working with law enforcement to stop any breach-related scams. Stating that they had, with the help of law enforcement, taken down over 170 phishing scam websites since the breach happened.

Crypto and Hacks/Scams

The crypto space isn’t new to hacks and scams. There are countless successful and unsuccessful attempts carried out yearly on investors. Some attackers set their sights on smaller scams, going after individual crypto investors in a bid to trick them out of their coins. Other attackers have their eyes on bigger fish like crypto exchanges and malware attacks on large corporations demanding crypto as ransom.

Current crypto market cap

Current crypto market cap

Total Crypto Market Cap | Source: Crypto Total Market Cap on

One such case is in the case of Colonial Pipeline being hit with a malware. The corporation had to pay $4.4 million in ransom to get operations back up.

The irreversibility of crypto transactions makes it so that coins sent out of a wallet cannot be reversed. This means that if anyone were to get their hands on your seed phrase, they could take all of your coins. The transactions would be visible on the blockchain for you to see but there is no way to actually tell who is on the other end of the transaction.

Related Reading | Will A Large Spike In Bullish Sentiment Translate To A Bitcoin Rally?

So crypto investors are always advised to never reveal their seed phrase to anyone. Never enter it into any website. Do not store it online.

A good way is to write it down on a piece of paper and place it somewhere only you can get to.

The safety of your coins are of the utmost priority.

Featured image from Crypto Network News, images in article from Reddit, chart from


Tagged : / / / / / / / / /

Grifter season in DeFi-land, and Uniswap v3 is here! Finance Redefined 4/28-5/05

Lots of cons, no artistry

It’s grifter season: scams and opportunists run amok, and it’s harder than ever to tell who to trust.

Case and point: over the weekend, an influencer by the pseudonym “Crypto Spider” was found to have pumped-and-dumped a meme coin, $SELON — while publicly claiming that he had joined his followers in taking a loss.

The drama jarred me personally, despite the fact that I didn’t have any exposure to the failed shitcoin. The reason being is that I quoted Crypto Spider in a piece from January. Had I unwittingly aided a scammer?

I’d gotten his name from a trusted colleague. Part of my beat is emerging projects, and I’m always open to hearing from anon teams and sources — other cryptomedia outlets ignore them to their detriment, given that the largest digital asset in the world was founded by an anon.

When we spoke he told me about an algo stablecoin project, and I now realize that it was likely an effort to use the Cointelegraph platform to pump his bags. Thankfully, I did my due diligence while researching the project: the developers were clever and intrepid, but ultimately working in what appears to be a doomed vertical (though I suppose FEI and OHM are still giving it the old college try), and I profiled them as such.

While my reporting was unlikely to lead anyone astray, seeing Spider exposed as a fraud was nonetheless a jolt. It’s getting harder to tell who to trust out there — a point that Spider made himself.

I reached out to him over the weekend to ask for his side of the story, and he pointed to a Tweet thread from his alleged co-conspirator — one which, oddly, confirmed that he had promoted the project and then sold. He also sighed that he’d become “the target of anyone who shilled or created meme coins.”

It would take the moral nuance of a toddler to claim Spider’s actions are equivocal to the standard influencer cheerleading, but with all the money sloshing around more and more people seem to be getting mixed up with shady deals. 

Not even institutions are exempt: Alameda Research invested $20 million in Reef, part of what would have been a larger $80 million deal — but the two companies cut ties over a disagreement regarding Alameda transferring the tokens they purchased to Binance, presumably to sell. Alameda later said it was merely an OTC buy and not a longer-term “strategic investment.”

Anons lie, institutions lie, and despite the money pouring from the sky greed is still getting the better of people. Watch who you listen to and what you invest in — I know I’ll be even more careful going forward.

But here’s one principle that hasn’t led me astray yet: anonymity by nature encourages and enables both the best and the worst in crypto. An anon with integrity can be a guiding light in these choppy waters.

Uniswap v3 mewls out of the gate

After months of anticipation, Uniswap v3 is finally here. It may take a while before it gets its sea legs, however. 

In the first few minutes after launching the protocol had attracted $1.3 million in total value locked; at the time of publication it has since risen to $24.3 million. The majority of liquidity is in bread-and-butter trading pairs such as ETH/stable pairs, but specifics are hard to come by; while a blog post from Uniswap says that their info site has migrated to displaying v3 statistics, their top pools are still for Uniswap v2. 

Aside from the interface stumble, there is not yet sufficient liquidity to swap at any significant size. Quotes for ETH/stablecoin pairs led to double-digit slippage quotes on orders over 10 ETH or so, and the interface often suggests better prices on v2. (Cointelegraph has a policy in place prohibiting writers from making trades during business hours, so I’m only relaying the quotes I got for the trades).

The low liquidity woes may soon be ameliorated, however. As multiple Twitter observers pointed out, Uniswap is making it simple to migrate liquidity pools to v3 — including Sushiswap LP positions in what some have dubbed a “reverse vampire attack.”

Perhaps coolest of all however is that a long list of Uniswap v3 pool positions, which are represented as NFTs, are now on sale on Opensea. Uniswap founder Hayden Adams bragged about his, the first-ever v3 position. I expect a interesting market to develop over the comping days for early pool positions, and the first positions in culturally important pools may come to have significant value. What would the first EMN-DAI position NFT be worth now?

In all, a mixed-review launch. But that’s to be expected for a protocol only open to the public for the last few hours, and as Framework Venture’s Vance Spencer puts it, once it’s attracted significant liquidity v3 may well represent a new “era” for capital efficiency in DeFi:

Major stories this week

Balancer and Gnosis team up for Uniswap v3 rival Cowswap

Inverse Finance acquires Tonic in possible first-ever protocol merger

Lido looks to go cross-chain

Federal Reserve says DeFi may lead to “Paradigm Shift”