NFT phishing sites are on the rise, here are what experts recommend

Phishing for NFTs is one of the latest trends. Fraudsters have adopted this strategy in their quest to steal non-fungible tokens from their owners. Wu Blockchain recently posted a list of anti-phishing plug-ins. The essence is that people could install them to protect themselves.

In a recent blog post, the site reported:

The Azuki Twitter account hack on January 28 resulted in the loss of NFTs valued at more than $780,000. This is the value of 122 NFTs that the hacker stole through a phishing link.

Two days earlier, another NFT personality, Kevin Rose, who is a founder of Moonbirds, lost his wallet. The 40 NFTs stolen were worth more than $2 million. According to Wu, the phishing technique deployed by the hacker is the “zero-dollar purchase.” Another NFT platform that lost its account around the same period is @NFT_God, whose accounts with Twitter, Substack, and others were compromised. The report said that crypto and NFTs were stolen from the founder after he clicked on the phishing link deployed by the hacker on Google.

It is now obvious that anyone can fall victim to phishing scams.

Wu introduced 11 plugins that NFT investors can use to protect themselves from hackers. SlowMist, the security audit company, tested some of them. The company recommended a combination of four out of the 11 plugins.


This plugin has been installed 50k+ times. It boasts Chinese and English language support. Information from the website says that 1,286,478 malicious addresses and 90,931 phishing sites are included in the platform. These are regularly upgraded. The plugin currently supports BSC and ETH chains.

The plugin features monitoring of token contracts, authorization of wallets, defense against threats to tokens, phishing website threat defense, as well as trusted domain detection. It also detects malicious plug-ins and more.

Pocket Universe:

With more than 20,000 installs, this plugin works with Firefox, Microsoft Edge, Google Chrome, and other browsers. It supports only the ETH mainnet but claims that it has had cooperation with Coinbase Wallet and Metamask. This plugin features monitoring of malicious Seaport transactions, Honeypot NFT, and phishing sites. It simulates transactions to verify authenticity. This could affect transaction speed but is worth the protection.

This has also been installed over 10,000 times and comes with both an English and Chinese interface. All EVM-based chains, including Ethereum, Polygon, and Avalanche, are supported. The web browsers available include Firefox, Microsoft Edge, Google Chrome, and others. The user gets a pop-up warnings for NFT trading sites that have not been whitelisted. Authorization can be revoked if transactions are made on phishing sites.


With 10k+ installs, this works on the Ethereum mainnet and Polygon. It supports MetaMask and Coinbase wallets and works with any Ethereum-supporting wallet. Transactions are scanned, and the effect of each transaction is simulated using using the ERC-20, ERC-721, and ERC-1155 standards.

Wallet Guard 

Basically blocks access to sites with a low trust rating. It also disables malicious extensions. It is from Binance Labs’ incubation.


3k+ installs. This is an open-source code plugin from the security company BlockSec. It supports BTC, ETH, BSC, Polygon, Fantom, Arbitrum, Cronos, Avalanche, Optimism, Moonbeam Blockchains, and Opensea. The flow of funds to addresses can be viewed and monitored to forestall the risk of NFT theft. It also interacts with products such as Debank and NFTGo.


930 installs. This product simulates trading through an AI algorithm and also scores the addresses it encounters.


864 installs. This is another open-source code plugin. It is the first project from BuilderDAO. This plugin helps the user identify safe transactions and approve them. Users can use phishing site alerts to block such sites using a white and black list. Authorized addresses are also checked.


This plugin has been installed 628 times. It is open source and works with Chromium-based browsers. The report said that the plugin suspends TX requests sent to Metamask by wrapping the window. Ethereum Javascript object that Metamask injects into the page. The user would have to approve it manually in Stelo. This resumes the transaction but cancels it if it is not approved by the user.

Scam Sniffer:

This has 615 installations. It is open-source code that uses an API to monitor the transfer of user assets. It requests authorization from the user and detects malicious behavior. This is after simulating the transactions.

Beosin Alert:

291 installations. This plugin was developed by a blockchain security audit company known as Beosin.

What SlowMist recommends

The combination recommended by SlowMist founder, @evilcos:

  1. Rabies wallet + scam detector
  2. Rabby wallet + pocket universe = Rabby wallet + pocket universe
  3. Pocket Universe + MetaMask
  4. MetaMask+ Revokecash

@IM_23pds, a SlowMist team member, wrote:

Phishing attacks on the blockchain industry are mainly distributed in the “domain name” and “signature” areas, 90% of NFT phishing is related to false domain names.

Traditional anti-virus programs of the Web 2.0 era are incapable of fighting the Trojan virus

He highlighted the fact that the relevant plugin should be able to secure assets by alerting the user. This should be a direct prompt as soon as the user opens the phishing page. “The risk should be blocked at this first stage,” he wrote in a post. He added that traditional anti-virus programs cannot fix the risks posed by the Trojan virus.

“There is always a time gap between virus detection and virus immunity (a professional technique to avoid antivirus detection; you can Google it yourself), and how to achieve a smaller time gap, a faster sample size, and more accurate identification determines the extent of the antivirus software,” he said.

Determining efficiency of anti-phishing plugin

He has an opinion on the efficiency of an anti-phishing plugin. It is measured by how quickly it detects and alerts a user to phishing risks in real-time. Concluding, he said,

“Similarly, in the blockchain and NFT industries, how to identify and alert to the real-time situation of phishing sites in the first step and the speed and degree of recognition of feedback on the user end also determine the ability of an anti-phishing plug-in; and if the relevant products do not identify these phishing domains in the first step, the risk of users losing coins increases greatly.”

The report said that users must learn to establish security awareness to protect their assets.

Author: Kamma

Kamma is passionate about the prospects of blockchain and the freedom cryptocurrencies afford people across borders. He holds small amounts of bitcoin and tether.

Leave a Reply