Scam: NFT Airdrop Scam - Another Hacked Bored Ape

Scam: NFT Airdrop Scam – Another Hacked Bored Ape

Today, a phoney Twitter account (bhawana.eth) scammed another Bored Ape NFT owner, the latest in a string of NFT airdrop scam victims.

Scammers may easily buy a verified profile that is no longer in use, acquire followers to seem to have a large following, then fill up the bio with compelling images to appear to be a real person.

Scams with NFT airdrops are known as “NFT airdrops.”

Hackers recreated an existing Twitter account with the blue checkmark, purchased followers, and then published pictures of apes wearing NFTs.

If you have a less popular domain extension like or, you may construct a website just as anybody else would: Websites may be put up by anybody who hasn’t already claimed the domain name, or by adding a hyphen to it.

Scams with NFT Airdrops
The sale and immediate transfer of the BAYC and MAYC NFTs of the defrauded holder

NFTs and other cryptocurrency money are immediately syphoned if victims click on the “Connect Your Wallet” button on that page.

As NFT and crypto transactions on the Ethereum blockchain are recorded on Etherscan, several cryptocurrency traders on Twitter became aware of the fraud.

The investor lost over $500,000 in NFTs, including a Mutant Ape Yacht Club NFT worth $72,500 and a Bored Ape Yacht Club NFT at 102 ETH ($316,000).

Zackxbt (@zachxbt) broke the bad news to his followers. On-chain investigator and “2D detective,” often tweets about crypto frauds and ‘rug pull’ schemes such as ‘NFT airdrop scams,’ ‘Crypto Airdrop Scams,’ and more.

NFT Airdrop Scams: How to Avoid Them

Ensure that the site you’re connecting your Metamask wallet to or any other NFT wallet to is safe before connecting your wallet to it, and never connect your wallet to a site you’re unsure about. First, do some research and keep in mind:

It’s pointless to have a verified Twitter account.

Having a large number of followers has no bearing on anything.

A verified account’s @ handle can’t be changed by fraudsters, no matter how much money they spend on it. It is possible to lose your verified status on Twitter if you alter your username.

So one way to do your due diligence is to type the @ name into Twitter and view the history of interactions with that handle. You should be able to quickly see what they were talking about on Twitter over the years, and if it wasn’t non-fungible tokens or cryptocurrency-related, chances are it was repurposed by a scammer.

You can also view a snapshot of the Twitter account in the Internet Wayback machine to see who it used to be. You can even use image recognition tools to find a BAYC on Opensea and check who owns it, then see if it matches the Twitter user using it for their profile pic.

Anti-Crypto Scam Tools

There are tools you can use to revoke approvals for NFT transactions, @zachxbt posted two below.

In general, if it’s too good to be true, it usually is. Crypto airdrops do exist – BAYC NFT holders were airdropped ApeCoin – but for most people, real crypto airdrops take place on crypto exchanges, not by connecting your wallet to a sketchy website.

For example, eToro supported the Flare airdrop of Songbird tokens for its users, as did Huobi.

Don’t believe someone who DMs you or tags you on Twitter, Telegram, or in a Youtube comment section. Don’t send funds to someone who promises to send twice the amount back, or to trade for you.

Scammers often impersonate Coinbase support, Metamask support, or claim to be able to help you recover funds lost in crypto scams or fake airdrops. If you reply, you will be scammed a second time.

They use bots to automatically reply to anyone who types something about Metamask or being scammed on Twitter – targetting thousands of people online at a time. Whoever replies is then sent a message and the scam starts.

If someone has a lowercase letter ‘l’ in their handle on social media, it’s especially easy for scammers to use an ASCII character code to resemble that letter. Verify someone is who they say they are with a video call before sending crypto.