The victim of the scam believes that there are design problems in both MetaMask and Discord. A person recovered one of the NFTs, auctioned it, and donated the funds to the harmed user.
Sohrob Farudi, a user of the MetaMask wallet, recently said on Twitter that he lost 11 non-fungible tokens (NFTs) worth USD 813,925. He began his account by stating that someone scammed, socially manipulated, and hacked him. He explained that the criminal tricked him into exposing the QR code of his wallet in his Google Chrome browser extension.
Farudi could not find his NFTs, so he decided to join a support group on Discord, where he exposed the problem. Gargamel and NoSass, users of that social platform, offered to help him recover his tokens.
Pretending to be administrators of the platform, the scammers asked him to record a private message. Farudi said that they made him feel comfortable and treated him like a VIP to gain his trust. While supposedly looking to help him solve the problem, they asked him to share his screen to see the wallet.
The so-called administrators raised that MetaMask had just released an update that had been causing problems. They suggested that Farudi should resynchronize the wallet on his cell phone with a Chrome Extension.
Farudi Falls into the Trap of the Scammers
As Farudi did not know how to use the Chrome extension, he asked the supposed collaborators for help. Relying on Gargamel and NoSass made him lose thousands of USD dollars worth of NTF as he revealed the QR code to them.
Regarding MetaMask, their message warning about not sharing the screen while scanning the code annoyed Farudi. In that sense, he wonders why that message was on the same screen as the actual QR code after entering the password.
According to Farudi, the warning displayed by MetaMask does not allow inexperienced users to avoid making mistakes. On the contrary, they showed the security procedure after the problem had already happened.
He believes that those warning messages should be in large red bold lettering. He does not know if that would have prevented the scam, but he could have made another decision.
The Victim Has Not Lost Everything
After seeking help by various means, the head of operations at NTF marketplace OpenSea, Nate Chastain, told Farudi that stolen tokens freeze. However, the alleged thieves sold a large part of his NFTs to innocent people.
A movement of collaborators and good Samaritans set about looking for the NTFs of Farudi. A community member managed to buy one of the stolen tokens and announced an auction to raise funds for him.
After talking with the MetaMask team, Chastain said they would temporarily disable the mobile QR code synchronization function. In that way, they sought to defend against the growing number of phishing attacks taking place in recent weeks.
Similarly to Farudi, a user of the NFT-based game Axie Infinity was also a victim of scammers. That victim went to the official server to reverse the loss after entering the wrong wallet address. He supplied the attackers with the recovery phrase (or seed), losing a total of 1.4425 ETH, worth around USD 4,183.
By Alexander Salazar
