Scams are prevalent in the NFT space. In fact, this April, there is already a new NFT scam revealed by a Bored Ape owner and NFT enthusiast quit.pcc.eth (@0xQuit) on Twitter. In the post, he said that the scam tries to use fear tactics to trick NFT owners into signing away their valuable assets.
New Scam Released This April Targets Your High-Value NFTs
Here’s how the new scam works. A user will post about an OpenSea vulnerability with a claim of losing a large amount due to the approval of “OpenSea API”. They will then tell you to revoke your approvals and direct you to a fraudulent site similar to revoke.cash.
If you connect your account to that site, it will run a script to find out your highest value assets. When you load the page, the script will execute and display “approvals” to OpenSea API for anything they want to steal from you.
When you click the “revoke” button, it will prompt you to “setApprovalForAll”. This is the same as what you’d expect from the real site. However, you should know that there’s an important difference.
The real site calls setApprovalForAll with a flag of false, the fake one sets it to true. This approval will allow the scammer’s wallet to move that collection for you. If you were to set approval for a collection, all your assets from that collection would be at risk.
@0xQuit then linked the address it sets approval for. Thankfully, it seems that no one has fallen for it.
This new NFT scam this April is a reminder for NFT holders to keep their guard up and use all means available to protect their assets. Also, here’s another scam you should know that happened just last week.