A new scam targeting the Web3 gaming sector was discovered recently. This scam, which targeted developers and game enthusiasts, used relatively new deceptive strategies.
Unveiling The Scam
It all began harmlessly, with a direct message on Twitter from an account named @ameliachicel. The account posted a job opportunity offer focusing on a Web3 game called MythIsland. The job was specifically for a Solidity position, a popular programming language utilized in implementing smart contracts.
It started a few days ago when @ameliachicel (who has me blocked now) approached me in a DM, offering a job opportunity related to a Solidity position for a Web3 game that involved NFTs, in-game economies, etc.
2/12
— 0xMario đ· (@0xM4R10) January 14, 2024
A lot more discussions happened on Telegram, with clear interactions involving other perceived members of the game development team. The conversations assisted in building trust and credibility for this project.
To add to the disguise, the website of the game displayed high-quality graphics, active links, and extensive descriptions of the in-game economy and NFT components. Everything appeared legitimate and attractive to the potential developers.
The game was called MythIsland, and the website looked pretty good: mythisland[.]io (be very careful if you browse it).
It had cool graphics, in-game content, every link worked as expected, the team was "doxxed" etc…
3/12 pic.twitter.com/1iXIy6GI5D
— 0xMario đ· (@0xM4R10) January 14, 2024
This game was known as MythIsland and the website was convincing.
The Attempted Attack
Nevertheless, the situation changed when the developer received instructions to install a game launcher to access the alpha version of MythIsland. Exercising caution, the developer opted to utilize a virtual Windows machine for the download. However, a complication arose during the processâ.NET Framework update error. This prompted the developer to become suspicious and promptly report the issue to the team.
While responding, the so-called team members suggested trying the launcher on another Windows machine. This further increased the developerâs doubts, and he started to question the legitimacy of the project. Soon after, all communication trails were deleted, and the developer was blocked by the team.
Scammersâ Network Of Deceit
It was later discovered that the whole project and its team were just a web of deceit set up by the fraudsters. To make their scam appear convincing and legitimate, they went to the extent of creating detailed social media profiles. One of the profiles alleged to be a former developer at Cosmos Network. This strategy added an extra layer of credibility to their scheme.
Eventually, the scam was exposed by 0xMario, a freelance developer who had been exploited by the scam. Through his tweet that gained quick attention, he warned others about his experience and sparked lots of conversations where many users shared similar stories of being targeted by the same scam. The impact of the scam was massive, affecting many users in the Web3 community.
Be Careful
The incident is a reminder of the ever-changing tactics utilized by fraudsters and the importance of comprehensive security practices. Blockchain security companies have long warned about the various risks in downloading files, mostly scripts and executables, in Web3 and blockchain engagements.
Developers and enthusiasts need to remain vigilant and exercise caution in the matters of downloading any files that are related to these projects.
