banner
Yofine

Yofine

Web Developer | Gunpla Builder
twitter
github

About the embarrassing incident of me being scammed by a phishing website when trying to go to Mint Cold Rabbit NFT.

The incident happened on an evening a few days ago. After dinner, while browsing through my social media feed, I happened to see someone reposting about becoming an XRC OG in 09.

image

Recently, I had been seeing frequent news about Cold Rabbit NFTs, so I became curious and joined the Discord channel mentioned in the tweet. As soon as I joined, I received a direct message from an account named X Rabbits Club, which was also in the XRC server.

image

The message included a Mint link and other details. Without thinking much, I clicked on the link because the Mint price seemed reasonable. Little did I realize that I was falling into a trap.

image

Moreover, the gas fees at that time were unusually low. However, I didn't think much about it and went ahead and Minted one. It didn't occur to me that I was being scammed.

After Minting, I checked MetaMask and OpenSea but didn't receive the NFT. Then, I visited the XRC Twitter profile and found a pinned tweet about a scammer alert.

image

That's when I realized I had been scammed. I suddenly became aware of the anomalies I had ignored earlier, such as how such a popular project could be so easily Minted and the extremely low gas fees. I also realized that I had used my phone at that time, so I couldn't notice many details on the Mint page. I scrolled through the tweet and found that others had also fallen for the scam, with some even Minting 8 NFTs.

Afterward, I reflected on why I fell for such a simple phishing scam. Here are a few reasons:

  • Firstly, my greed got the better of me. Seeing the recent surge in NFT prices, I fantasized about making a profit. When I saw an opportunity to Mint a popular project at a relatively cheap price, I didn't think twice.
  • I didn't research Cold Rabbit beforehand. Even if I had visited the Cold Rabbit website before, I might have seen the scammer alert.
  • The timing of the scammer's direct message was precise, right after I joined the XRC channel but before I could verify my account.
  • Being new to this industry, I had very little experience and knowledge, lacking basic security awareness.
  • The timing coincided with when I usually conducted transactions, and the gas fees were low.

After reflecting, I realized it was my own greed and carelessness that led me to be scammed. I paid 0.08 ETH for this lesson. I became curious about the phishing website and examined the address https://xrabbitsclub.sale. It was an extremely rudimentary page, and even the core code was not compressed. I discovered the target address for the funds.

image

From the amount of ETH transferred, it was evident that it came from the phishing website. As of writing this article, the address had received 15 ETH. Additionally, the phishing site had changed to another address.

image

This new address had received 12 ETH, and it was only two hours ago that someone else fell victim to the scam. It's astonishing how easy it is to make money in the cryptocurrency world. Within a few days, a simple webpage can generate hundreds of thousands of income, and it seems there is little that can be done about it.

Initially, I didn't plan to write this article, but seeing that people are still falling for the scam and there doesn't seem to be much awareness about it, including in the Cold Rabbit community's comment section, I suspect many people may not even realize they have been scammed. I want more people to be aware of this trap, and I also hope that the Cold Rabbit team takes this matter seriously and finds better ways to minimize the number of victims. For example, they could add reminders in places with Discord links, as people like me who just joined Discord are susceptible to phishing attempts.

In conclusion, I have learned a valuable lesson. Next time I engage in a transaction, I will review the page's code.

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.