A Scam Gone Right
How TO successfully scam people with Fake NFTs
Welp, less than 24 hours later, I was rugged.
In Part 1, I talked about a scam that was preemptively copying an NFT collection, by taking their sneak peek artwork and putting it up for sale the day before they launch.
Today, that “original” NFT collection dropped.
I had done my homework. I had found their contract on the Rinkeby network, I saw that they were following the current (as in, the last two weeks’) best practices: inheriting from a 721a contract which would reduce gas fees for multiple mints, and implementing a Merkle Tree for whitelisting. They had a Twitter account with 4k followers (some of which were people that I trust and admired), and a Discord with 19,642 members.
I reviewed the code on their website and found some things that I liked for my own projects, and although I was uncomfortable about them not being doxxed ⛳️, their explanations and frequent (and verbose) communication in their Discord allayed my concerns. They identified with the feeling of being invisible growing up, and as introverts chose not to reveal themselves and distract from the project. As an introvert myself, I completely understood the impulse for privacy and standing in the background.
The founders called themselves The Invisible Parents, having purchased two Invisible Friend NFTs at 7 ETH each. At about $19k each, that’s a pretty serious initial investment. To me, that leant itself to their credibility at being in this for the right reasons, and for the long haul.
Prior to enabling minting, they set up their project on OpenSea (now disabled), and I was able to confirm the contract. There was some chatter happening on the Discord, but unlike the “fake” project, they were addressing it and not arbitrarily deleting negative comments. The level of detail for calmly addressing repeated questions was something that successful projects hope to replicate but rarely do.
So I jumped in. I was on the whitelist, so I was able to mint 10 NFTs for a total of 0.4 ETH plus gas fees. Not bad at all. It was all of the money I’ve squirreled away in the past year so far, and I wasn’t needing this to be game-changing, but I was hopeful that at maybe 2 to 4 ETH per NFT, I’d be able to bring in some help and level up my own development. (If it then went on to bring in hundreds of thousands of dollars, so be it — I really just needed a small nest egg to kick start my own projects, and I’d be satisfied.)
An hour later, they closed the general chat on their Discord. ⛳️
I messaged them, and they replied saying that the previous “fake” project is trying to FUD their project. They were updating every fifteen minutes with details and still sharing progress.
Then suddenly OpenSea removed their project. ⛳️
They responded to that by saying that it was likely an issue with OpenSea cancelling their account due to the other project being there first. They had reached out to OS and would update us.
And that’s the last anyone heard from them publicly.
Even with all of the ⛳️ red flags, I was STILL convinced this could be legitimate. They did the hard work of setting up a good contract, they designed and built a nice website with functionality that worked well, and they had custom (and animated!) artwork that they had produced.
An hour after that, when they hit the withdraw function (with a tidy profit 26 ETH). They transferred that from one address, to a second, to a third, until finally cashing it out via HitBTC (a Chilean company).
Soon afterwards, they sold the Invisible Friends NFTs and were gone.
Their website is still up, and people continue to mint (both with whitelist and with the public sale). As of now, there is 1.11 ETH in the contract, but no idea what will happen to that.
From my perspective, I’m absolutely sick to my stomach about this whole thing. As careful and thorough as I am with code, someone having a comprehensive scam can slip right past me. I was really rooting for these guys — their customer service, their development, and the design work were all top notch. They literally had an exceptional project, one which I would do almost anything (except scam people) to be involved in.
Part 3 coming — I have some ideas of what could be done to combat this, if I don’t decide to walk away from this entirely. I’m still dealing with the shock, tbh. Stay safe out there.
EDIT: Received this email from HitBTC:
I have forwarded this message on to FRC@fincen.gov (the official Financial Crimes Enforcement Network) — They referred me to https://www.consumerfinance.gov/consumer-tools/fraud/ and I’ve reached out to my local police department.
I have also submitted a report to abuse@godaddy.com and have filled out their abuse reporting form. (The domain is still active, and the website was still collecting victims yesterday, although that seems to have stopped.)
For more information, please follow me on Twitter @jeffreality or on Instagram @jeffreality.eth. You could also tip me using Venmo @jeffreality or via jeffreality.eth …
