Thomasg.eth, a decentralized autonomous organization (DAO) creator on Twitter, has disclosed how a social engineering fraud nearly cost him all of his ETH. He detailed how fraudsters almost grabbed him in a lengthy thread.
Cybercriminals utilize social engineering to acquire someone’s confidence, frequently through deception, in order to steal sensitive information or compel them to do something “they wouldn’t do otherwise.”
Thomasg.eth is the pseudonymous founder of Arrow, a decentralized air transportation DAO in its early stages.
According to the creator, the fraudsters went to great lengths to steal the founder’s money, including generating work for his project and participating in chats with several persons over the course of two weeks.
The social engineering scam only failed because Thomasg.eth chose to utilize a different Ethereum address rather than his primary address while performing a favor for the hackers using non-fungible tokens (NFTs).
How the social engineering scammers tried to pull off their act
He said that he was contacted by someone named Heckshine around two weeks ago. Heckshine claimed to be a Ubisoft employee and offered 3D modeling and animation assistance.
Heckshine also has an associate named Linh, who was claimed to be working on a metaverse project called Space Falcon and sought a relationship with Arrow DAO. Before moving with the agreement, Thomas said that he verified Space Falcon to make sure it was a legitimate project on Solana and found Lihn’s name on it.
However, all of this turned out to be a big con job. Linh even extended an invitation to Thomas to take a tour of the Wisk plant. After Linh notified him of a new staking software for NFT that had recently debuted, the red flags began to appear. She requested that he obtain NFT in order to assist her in testing the software.
Thomas established a separate wallet for the purpose of receiving the NFT instead of using his regular wallet. Linh then proposed sending another NFT to the main wallet.
Fortunately, Thomas went through the contract first and noticed that it had a method that allowed the fraudsters to transmit all of the wrapped ETH to his wallet.
While this attempt failed, it demonstrates the lengths to which crypto fraudsters are ready to go. In this scenario, the con artists were pros who performed their tasks to near-perfection. They plagiarized an actual project and registered a domain with a similar name.
Only Thomas’s knowledge spared him from becoming a victim. This, he claims, demonstrates that fraudsters are becoming more sophisticated and that token approval may be exceedingly risky.