Scammers Net $5M In Stolen NFTs After BAYC Virtual Land Sale Disaster

Days after Bored Ape Yacht Club creators Yuga Labs promised to refund anyone who paid thousands of dollars in Ethereum fees for a failed transaction after a virtual land sale clogged up the blockchain and wasted millions, scammers have moved in to take advantage of the chaos. 

A simple Twitter search for “Otherdeed”—the virtual land NFT offered by Yuga Labs as part of its upcoming “metaverse” game known as Otherside —reveals a non-exhaustive list of accounts offering giveaways, lotteries, raffles, refunds for transaction fees, and chances to claim Otherdeed NFTs. Among them are scammers who have created phishing scams targeting those pinched by high gas fees during the Otherdeed sale’s frenzy this weekend.

The sale racked up $180 million in Ethereum gas fees, most of which were burned, or sent to a dead-end address. Besides that, the amount of traffic that the highly anticipated sale brought to Ethereum created bottlenecks that resulted in failed transactions that people still had to pay fees for, which amounted to thousands of dollars in many cases. After Yuga Labs promised to refund gas fees for failed transactions, a litany of accounts and sites purporting to be the official Otherside account have sprung up and raked in millions of dollars worth of stolen NFTs and ETH.

Some of the phishers rely on misspellings of Otherside to create a passable account that points to another website. There’s an “OthesrsideMeta” account, a “Meta1Otherside” account, “Other_SideMeta,” a fake yet verified Otherside Meta account whose handle is “ritaguera25,” and so many more beyond that. Each of these sites retweet the original Otherside account to appear legitimate, have bios with the legitimate discord link, and usually in a tweet or in their bio add a link to a website that offers to refund your gas fees so long as you connect your wallet.

In a Twitter thread by zachxbt―an "on-chain sleuth" who investigates crypto rug pulls and cons―one phishing scam run by a now-defunct "Otherside_meta" account was shown to have used two addresses to steal $5 million worth of NFTs: 5 Bored Ape Yacht Club NFTs, 12 Mutant Ape Yacht Club NFTs, and 36 Otherdeed NFTs. 

In one viral scam tweet, the account offered a link where BAYC/MAYC holders could “claim” their Otherdeed NFT, and another where they could claim gas refunds for failed transactions. At the moment, the addresses are still sitting on the NFTs, as well as $600,000 worth of ETH at today’s prices after moving $1.7 million worth in the last few days.

“One thing that stood out to me for the Otherdeed phishing scams are how convincing their Twitter handles can be. For instance the real Twitter handle is @othersidemeta,” zachxbt told Motherboard. “The scammer managed to acquire the Twitter handle otherside_meta. Twitter has yet to verify the legitimate account. Most of them were designed similarly to where they offered ‘gas refunds’. I saw one instance where they stated BAYC & MAYC owners could ‘claim’ their Otherdeed NFT.”

To their credit, Yuga Labs has at the very least warned its users. “We are still working on refunding all Otherdeed minters with failed transactions their gas,” the company tweeted on Sunday. “Note that you do not need to do anything - we will transfer it all back to your wallet and announce when it is completed. Don't click any links.”

Yuga Labs did not respond to Motherboard’s questions about what can be done to protect users from phishing scams or to help anyone who fell victim to the scams.

“There are two things that I recommend. Always triple check the website URL you are visiting. Verify its legitimacy with friends as well,” zachxbt told Motherboard. “Your NFTs aren’t stolen until you actually approve the transaction from your wallet. Always read over what exact permissions you’re giving the site. If it sounds too good to be true it probably is.”