Crypto wallets are highly secure, but there are tools to unlock them and move their contents. Until recently, most crypto scams happened through MetaMask or other browser extension wallets, mostly disguised as NFT airdrop links.
A newly discovered scam is making the rounds by email. The key to the scam is an enticing link that leads to a tainted download hiding a crypto stealer. In the past, crypto stealer software has been suspected in link drops of enticing information such as secret crypto chats.
This time, users were targeted with an alleged lawsuit and asked to download a set of documents.
The stealer cannot work without user actions, and relies on the human readiness to download and launch files. The best approach is to avoid opening emails with dubious messages, and avoid clicking on links. Using QR codes and invitations for NFT may be just as risky.
The other approach is to use Trezor, which does not display the private key, while also having a strong wallet password.
The other way to protect wallets is to use hardware devices, or an offline device for the most valuable holdings. Storing tokens or NFT in a connected wallet is one of the riskiest approaches and may lose all holdings.
Are Sandbox Land Plots Getting Stolen
A list of NFT based on The Sandbox metaverse land plots is showing up in scam reports. After a series of high-profile Bored Apes were stolen at the beginning of July, this is the next exploit for tokenized assets.
NFT are most often stolen when a full wallet is used to mint a new item. Instead of minting, the wallet signs a transaction that will empty it out.
The best approach is to create new wallets with limited funds just enough for a new mint, and store the main collection elsewhere. For now, OpenSea rarely freezes NFT and most stolen items get moved and resold. NFT can also be blacklisted by the projects themselves, but there is no universal standard to banning some assets.