Phishing scammer linked to NFT thefts including BAYC
Canadian phishing scammer, Chards, has been linked to a series of NFT thefts and crypto phishing scams through their ENS address.
ZachXBT, a Twitter detective, researched a Discord user, madman#9528, who became active a few weeks ago, showing off their Bored Ape. Notably, attached were their ENS address, madman.eth, and BAYC 7941 and 6716. However, the ENS raised a lot of questions.
In September 2022, madman.eth’s address was accidentally linked to a phishing attack involving stolen NFTs. There were 19 NFTs stolen for 115 ETH, and one of them was the BAYC 4651. In this instance, ZachXBT recovered 33.5 ETH for an affected user.
He linked the same person to a payment to a scammer, serpentau.eth (Lock) was found to be connected with the Azuki, Chimpers, AKCB, and Mutant Hounds Twitter hacks.
There was also a 17,500 USDC transfer that traces to Horror (HZ), also called Chase Senecal, that recently has assets swept by the FBI in suspected phishing scams. During that time, the FBI was able to get back some crypto, BAYC 9658, Doodle 3114, and AP watch.
Even more interesting was that madman.eth purchased a $13,500 Rolex watch from the same seller that sold to HZ and Diablo. Diablo is also a phishing scammer working with other scammers like HZ, Chards, or Two1 in messaging potential victims, whereby he gets a small cut from the stolen funds.
Madman.eth is linked to the BAYC 5153 theft and received 54 ETH when the Kumaleo Discord was attacked. Madman then began flexing his Audi R8 purchase. He also posted bragging he’s crashed 3 X BMW M4s in the BAYC Discord.
ZachXBT then used the R8 photos to lead to an Instagram account, cold (dave), who made the same dealership payment in Canada. The Instagram page also had the wrecked BMWs, just as on Discord. The page also had photos of him flexing with his friends and his iced-out watch.
ZachXBT concluded that the information shared will hopefully help the phishing attacks victims such as Eurion, Snarls, and many more.
Phishing attacks are becoming more common
Phishing attacks in the blockchain community are becoming more popular. In 2022, over $2.8 billion in crypto was stolen via exploits and hacks.
The latest is Nikhil Gopalani, the Nike executive’s crypto wallet looted last month by a “clever” phisher. His Clonex NFTs and other digital collectibles, including “Crypto Kicks,” were taken.
Meanwhile, the Ethereum Denver conference was a recent target whereby hackers duplicated the hacker’s website to trick unsuspecting users into linking their Metamask wallets. Notably, they gained access to over $2,800 wallets and stole over $300,000 in the last six months.
Canadian phishing scammer, Chards, has been linked to a series of NFT thefts and crypto phishing scams through their ENS address.
A web of phishing scams
ZachXBT, a Twitter detective, researched a Discord user, madman#9528, who became active a few weeks ago, showing off their Bored Ape. Notably, attached were their ENS address, madman.eth, and BAYC 7941 and 6716. However, the ENS raised a lot of questions.
In Sep. 2022, madman.eth’s address was accidentally linked to a phishing attack involving stolen NFTs. There were 19 NFTs stolen for 115 ETH, and one of them was the BAYC 4651. In this instance, ZachXBT recovered 33.5 ETH for an affected user.
He linked the same person to a payment to a scammer, serpentau.eth (Lock) was found to be connected with the Azuki, Chimpers, AKCB, and Mutant Hounds Twitter hacks.
There was also a 17.5k USDC transfer that traces to Horror(HZ), also called Chase Senecal, that recently has assets swept by the FBI in suspected phishing scams. During that time, the FBI was able to get back some crypto, BAYC 9658, Doodle 3114, and AP watch.
Even more interesting was that madman.eth purchased a $13.5k Rolex watch from the same seller that sold to HZ and Diablo. Diablo is also a phishing scammer working with other scammers like HZ, Chards, or Two1 in messaging potential victims, whereby he gets a small cut from the stolen funds.
Madman.eth is linked to the BAYC 5153 theft and received 54 ETH when the Kumaleo Discord was attacked. Madman then began flexing his Audi R8 purchase. He also posted bragging he’s crashed 3 X BMW M4s in the BAYC Discord.
ZachXBT then used the R8 photos to lead to an Instagram account, cold(dave), who made the same dealership payment in Canada. The Instagram page also had the wrecked BMWs, just as on Discord. The page also had photos of him flexing with his friends and his iced-out watch.
ZachXBT concluded that the information shared will hopefully help the phishing attacks victims such as Eurion, Snarls, and many more.
Phishing attacks are becoming more common
Phishing attacks in the blockchain community are becoming more popular. In 2022, over $2.8 billion in crypto was stolen via exploits and hacks.
The latest is Nikhil Gopalani, the Nike executive’s crypto wallet looted last month by a “clever” phisher. His Clonex NFTs and other digital collectibles, including “Crypto Kicks,” were taken.
Meanwhile, the Ethereum Denver conference was a recent target whereby hackers duplicated the hacker’s website to trick unsuspecting users into linking their Metamask wallets. Notably, they gained access to over $2,800 wallets and stole over $300,000 in the last six months.