The Decentraland Fake Mint Scam
I’ve previously written (in my Crime in the Metaverse Report for Elliptic: https://www.elliptic.co/resources/crime-in-the-metaverse) about how scammers were using Google ads to try to dupe unsuspecting victims to enter a fake Decentraland, connect their metamask and then inevitably drain their account. This technique of domain impersonation can be very effective if you can snag a URL which is very similar to the target’s.
I also recently wrote about the Azuki fake land drop which saw over $750,000 in tokens and NFTs being stolen from fomo-induced victims, as noted above they used a very similar looking domain to try to fool users.
Recently I came across another fake land drop which was also employing domain impersonation, although not quite as well. This time for Decentraland.
It started, as these scams often do, with a reach out to my Discord DMs. Within a few lines it was obviously a scam — all Decentraland parcels were actually auctioned back in 2018. There’s no parcel left to mint, or at least no legitimate ones …
But there’s plenty of other red flags in this scam, so let’s explore them:
Firstly, cooking d and I had no servers in common. I’m a member of the Decentraland discord server so if this was a legitimate project for Decentraland I would have expected us to at least share this in common.
Secondly, the terminology here is very confused, the first sentence mentions minting “whitelists”. A whitelist is a list of allowed accounts which can mint an NFT, it’s not something you can mint. However what they are attempting to do is create the feeling of exclusivity by pretending that you’re specially chosen and one of only 30 people who can mint this for free.
This is also being used to pseudo-explain why the URL is very unofficial looking. “Wlmint” refers to “whitelist mint”. But this is a far cry from the official Decentraland website which is www.decentraland.org
Next they mention a floor price on OpenSea of 0.72ETH. This would be ~$1,300 so a tidy potential secondary sale from a free mint … if only it was real. There’s no OpenSea link in the post and the official Decentraland land floor is currently 0.56ETH so I suspect they’re trying to pass off that this is associated with this fake mint. You can see from the below screenshot that all official Decentraland collections on OpenSea have the blue verification check but this doesn’t stop copycat projects and accounts popping up. Their sole aim is to deceive and dupe users into spending funds on their fake NFTs. OpenSea continues to improve their detection and removal of fake projects but it’s always one to be wary of when browsing on OpenSea and other NFT marketplaces.
Then after checking the URL wasn’t malicious I opened it up to see what efforts they had gone to for the fake land mint website.
The website was definitely purporting to be an official decentraland site with the familiar style background (this is often used for fake NFT collections on OpenSea) and every few seconds a little pop up noted a “successful” transaction that had just been made. However this was simply a cycle of 27 different truncated transaction hashes which popped and certainly weren’t legitimate transactions.
I didn’t connect my metamask to the site as it’s likely it would try to sign a malicious transaction and steal all my assets and there were certainly enough red flags to know without a shadow of a doubt that this was a scam.
Hopefully they haven’t duped any users out of their assets but this is a timely reminder to check and double check the website that you connect your metamask to.
When in doubt …. Don’t connect!
Red Flag Recap
- 🚩Unsolicited reach out on Discord
- 🚩User not in the official Discord for the project they purport to be from
- 🚩Confused terminology and technical incorrectness for the offering
- 🚩Unofficial domain being used
- 🚩Fake transaction stream with no links to block explorer and truncated details
- 🚩FOMO inducing or exclusivity-bombing
Originally published at https://www.linkedin.com.
