Second MetaMask User Loses NFTs to Scammers

Reading Time: 3 minutes
  • A Twitter user has recounted how 11 NFTs worth $790,000 were stolen from him
  • The NFTs were stolen after the user’s MetaMask QR code was exposed
  • This is the second such case in two days

The NFT world is enjoying a second wind, with everything from Bored Apes to EtherRocks fetching six and even seven figures. Unfortunately this sector-wide price rally has increased the desire to get hold of them…by any means. This naturally means that theft of these suddenly precious items is picking up and, although it is harder to steal NFTs than it is regular cryptocurrency, incidents are being reported. One recent victim took to Twitter yesterday to report that multiple NFTs with a combined value of 250 ETH ($790,000) had been stolen from him just a day after another NFT fan had experienced the same thing, with a new MetaMask feature taking some of the blame.


Farudi Explains Theft Methods

The user, @sohrobf, real name Sohrob Farudi, told Twitter how he had been “tricked into exposing the Metamask QR Code in the Chrome Browser Extension” and as a result saw all his NFTs disappearing from his MetaMask wallet. Admitting that he had “never felt more dumb, helpless, embarrased (sic) or just plain sad in my entire life”, Farudi explained that MetaMask’s ‘scan to sync’ feature made it easier for theft to occur, but that he had ignored some flags along the way.

The method used by the thief is one that has tricked countless thousands of crypto users in the past – posing as an administrator in a group and reaching out to someone who has posted asking for help. This is just what Farudi did when he had an issue locating a Bored Ape he had purchased, and when someone purporting to be one of the OpenSea founders reached out to him in Discord he followed along with their advice.

They eventually ‘helped’ him to reveal a QR code for his MetaMask wallet which they used to steal almost $800,000 worth of NFTs from his wallet, with Farudi saying that notices warning about the importance of the QR code, which allows anyone to access the wallet’s contents, wasn’t sufficiently clear until the QR code is revealed. By that time it was too late.

Discord Also to Blame for Theft of NFTs

Farudi also stated that Discord is part of the issue, saying that the username the imposter used in a fake OpenSea support group he was taken to was identical to that of one of the founders in the legitimate group, down to the digits that come after the name which are supposed to be unique.

Farudi reported that OpenSea has managed to freeze the unsold NFTs but not before most were sold, leaving users somewhere holding stolen NFTs and the hackers with hundreds of thousands of dollars in illegally obtained funds. He added that “I know not to expose my keys, don’t trust people, ignore random DMs, etc.”, and yet this example shows that anyone can fall victim to clever impersonators if they’re not on their guard 24/7.

Farudi’s experience mirrors that of another Twitter user, @_jeffnicholas_, who also fell victim to the OpenSea support server scam, saying that “long story short…these guys are good at what they do.”


At times like this is pays to remember the adage that appears on most cryptocurrency groups ‘we will never DM you first’.