Hackers Are Stealing Crypto through NFT Scams

nft scams, nft, hackers, WordPress, credentials

Hackers have initiated a widespread assault on WordPress sites, pilfering cryptocurrency and credentials from unsuspecting visitors through NFT Scams.

  • Cybersecurity firm Sucuri identified the attack, which has affected nearly 2,000 websites.
  • Initially promoting crypto wallet drainers, hackers have shifted to orchestrating brute-force attacks on other websites.

Hackers have launched a widespread attack on WordPress sites, deploying malicious scripts aimed at stealing cryptocurrency and credentials from unsuspecting visitors.

Cybersecurity firm Sucuri initially discovered this attack, which compromised nearly 2,000 websites. It has evolved from promoting crypto wallet drainers to orchestrating brute-force attacks on other websites.

Sucuri figured out that hackers infiltrated approximately 1,000 WordPress sites to promote crypto wallet drainers. These drainers enticed visitors with fake NFT offers and crypto discounts, ultimately luring them to connect to their wallets. Once connected, the malicious actors siphoned away their funds and assets.

However, the situation has escalated. Hackers shifted their focus to deploying news scripts on compromised sites. As a result, they effectively transformed visitors’ browsers into tools for brute-forcing admin passwords on other websites. To do this, they used a cluster of about 1,700 brute-forcing sites. They even had high-profile targets like the website of Ecuador’s Association of Private Banks.

According to cybersecurity researcher MalwareHunterTeam, hackers have begun monetizing the pool of compromised sites by displaying pop-ups promoting fake NFT offers and crypto discounts. These pop-ups, loaded from the domain dynamic-linx[.]com, deceive visitors into connecting their wallets, ultimately leading to the theft of their digital assets.

The exact number of compromised sites currently displaying these crypto drainers remains uncertain. However, an Urlscan search revealed that over 2,000 websites have loaded these malicious scripts in the past seven days. This situation poses a significant threat to users’ digital assets and underscores the importance of vigilance when browsing the web.

Denis Sinegubko, a researcher at Sucuri, speculates that hackers recognized the limitations of their initial campaign in terms of profitability and visibility. “They draw too much attention, and their domains get blocked pretty quickly,” he said. “So, it appears reasonable to switch the payload with something stealthier, that at the same time can help increase their portfolio of compromised sites for future waves of infections that they will be able to monetize in one way or another.”

Users need to exercise caution when browsing the internet, particularly when encountering unexpected pop-ups or prompts to connect wallets.


Inside Telecom provides you with an extensive list of content covering all aspects of the Tech industry. Keep an eye on our Cryptocurrency section to stay informed and updated with our daily articles.