Open in app

Sign in

Write

Sign in

BAYC Holders Keep Getting Rekted, We Know Why.

NEFTURE SECURITY I Blockchain Security
Web3 Magazine
Published in
6 min readJan 19, 2023
source

Bored Apes Yacht Club holders being scammed out of their NFTs has become a staple of Web3.

Each time it happens, this kind of news is not met with understanding or solidarity but with mockery, victim blaming, and memes.

Although we understand that you won’t necessarily feel overly compassionate towards people who can ugly cry their loss in silk sheets, it’s crucial to understand what this situation truly means:

These apes are hiding a pretty hideous and alarming jungle!

Each time we hear of a new BAYC holder being scammed, I can assure you it hides thousands, maybe ten of thousands of people being scammed the exact same way.

BAYC phishing scams are only the tippy-tippy-top of the phishing iceberg in web3!

An October 2022 investigation led by crypto sleuth Zachxbt proved that the phishing plunder is heavy and invisible in web3. He revealed that through a wallet-draining script called Monkey Drainersold by a hacker for a 30% cut in profits, scammers have been making the rounds in the web3 community and accumulating at the very least $4,4M without no one remotely knowing about it!

So today we will unveil to you how you, I, BAYC holders and everyone is susceptible to falling for this kind of scam.

How we fall for phishing scams aka “Visceral Influence”

It’s not that we, as humans, are especially dumb. It’s that they, scammers, are excessively clever, shrewd and have built extensive expertise over years of tests and learning experiences.

They have a deep understanding of human psychology.

They learned how to take what makes us humans and use it against us.

In short, Scammers are masters of their craft.

And the Lesson n°1 to learn in any “How To Become A Scammer for Dummies” playbook is how to evoke visceral influence.

Visceral Influence is the key component to the most common type of phishing scams that happens in web3: making you click quickly on a link promoted as a legit opportunity after the scammer has hacked a discord, twitter,… or has impersonated someone on social media.

So, What is “Visceral Influence”, at the Core of Web3 Phishing Scams

Martina Dove, author of “The Psychology of Fraud, Persuasion and Scam Techniques” explains:

“Visceral influences are primal drives (greed, pain, fear, hunger, sexual attraction, excitement, etc,..).

Evoking Visceral influence is perhaps the most used scam technique. […]

When we are under visceral influence, we focus on the goal of that state, and everything else becomes secondary. This often leads to compromised judgment. […]

Under the influence of any strong emotion, thinking clearly is greatly compromised.”

The existence of “Primal Drives” helps us understand the “discrepancies between behavior and perceived self-interest” as George Loewenstein explains in “Out of Control: Visceral Influences on Behavior”.

And here is how primal drives play out in web3 phishing scams:

The Three Primal Drives that Will Be Our Downfall

Web3 phishing scams are especially efficient because they can succeed in putting us under the influence not only of one primal drive but three at the same time!

They elicit:

1. Fear (of missing out)

2. Acute Excitement

3. Greed!

You can imagine how someone untrained, tired, unfocused, multitasking,ect.. could find himself clicking on a link that just elicited so many primal drives.

Impairing his judgment at the very moment he is the most vulnerable and susceptible to falling for it because he was much less alert and vigilant.

It’s a heady combo that makes countless victims, even among extremely vigilant people! (See I’m a Scam Prevention Expert, and I Got Scammed)

Even among people who have already fallen for this type of scam:

Clicking Away Your Assets

To make things worse, apparently clicking links does not ring any alarms among us, humans.

Martina Dove reports in “The Psychology of Fraud, Persuasion and Scam Techniques”, p.21 that:

“Frauenstein and Flowerday (2016) suggest that the use of social media made us less cautious when it comes to links, because we are used to sharing and clicking links to access information. Also, fraudsters are figured this out, as phishing attempts are now increasingly common on social media “

Plus, “As humans we also use shortcuts when it comes to information-processing and are often visually primed by the known logos we associate with well-known brands […]”

Well, we’re doomed.

In this type of scam, everything happens in an extremely short span of time.

You are under the urgency of acting and you are only three clicks away from having all of your assets siphoned:

  1. Clicking on the phishing Website
  2. Clicking on Connect Your Wallet
  3. Signing Away Your Assets

It can take less than one minute to lose it all.

So what can we do to stop ourselves from falling for these types of scams?

How Not To Get Rekted by Scammers

1. Develop an Anti-scam Routine

One reason so many scams are successful is that we’re only a few clicks away from them, and we only have to be distracted and tired to fall for them.

The idea is to give more time to your brain to process what you’re doing, and raise the alarm by adding more steps to the process of connecting your hot wallet with a website.

Let’s say you’re choosing Firefox to add your Metamask Extension, this browser will be used ONLY to buy or sell your NFTs for example. No other activities are allowed, your twitter, discord, …accounts will be on another browser. It means that you will have to quit your currently used browser (1 step), open another browser (2 steps) and type your password (3 steps) to have access to your hot wallet. That’s how we turn one step into three and it could be life-saving.

Plus, it really helps sanctify the process of using your hot wallet, and while using this browser you will be more alert, and more mindful of the steps you’re taking.

Also, unless you have a very good reason to have installed hot wallet apps on your phone, ipad,… uninstall it now!

2. Use an Extension that Will Alert You that You’re Going to Get Scammed!

At Nefture, we’ve developed a tool that will protect you from crypto scams by analyzing and classifying your transactions into 3 risk levels through our detection algorithm.

And since we know vulgarization is key in understanding what risks you’re facing, we translate the incomprehensible transactions code to good, old, plain English.

You can literally read what you sign.

So how does it work?

  • Nefture Security is an RPC: a secured network that you can add to your wallet. In short, it’s like a wallet extension that is plugged into your Metamask or Coinbase wallet.
  • We classify the transaction you’re about to make into 3 risk levels🚦

🟢 Green — You’re interacting with a verified DApp or a safe smart contract.

🌕 Yellow — Warning You could be interacting with a dangerous DApp or smart contract.

🔴 Red — FULL STOP. Nefture Security has detected a very unusual activity indicating that you are probably going to be scammed if you pursue the interaction.

  • Then, you will be able to confirm the transaction if you think there are no risks because it’s a website you trust. Or cancel the transaction and escape falling into a potential scam. That’s as easy as explained.

And Tadaa!

You’ve been saved!

Want to learn more about how we save you?

Our full comprehensive report about Nefture Security is just here.

We hope this article has helped disentangle the hows and whys BAYC holders and ourselves keep on falling for this type of scam!

Stay Safe!

Nft
Bitcoin
Cybersecurity
Blockchain
Defi

--

--

NEFTURE SECURITY I Blockchain Security
Web3 Magazine

Written by NEFTURE SECURITY I Blockchain Security

416 Followers
Writer for

DeFi and Wallet Security - nefture.com

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams