Image credit: Brandon Atchison
One of Ferrari’s subdomains was hijacked yesterday to host a scam promoting a fake collection of Ferrari NFTs, according to researchers.
What makes the scam particularly interesting is the fact that the luxury carmaker had previously announced plans to launch NFTs in partnership with technology company Velas.
The Ethereum wallet associated with the cryptocurrency scam appears to have raised a few hundred dollars before the hacked subdomain was shut down.
Ferrari Site Featured ‘Mint Your Ferrari’ Crypto Scam
On Thursday, ethical hacker and bug bounty hunter sam curry reported seeing one of Ferrari’s subdomains forms.ferrari.com host a fake NFT (non-fungible token) scam.
An NFT, or Non-Fungible Token, is data stored on a cryptocurrency blockchain that has been signed by a digital certificate to prove that it is unique and cannot be copied.
Last year, Ferrari announced plans to launch NFT products in partnership with technology company Velas, which makes this scam very convincing.
The crypto scam titled “Mint your Ferrari” enticed visitors to purchase NFT tokens, falsely promoting that Ferrari featured “a collection of 4,458 horsepower.” [sic] NFTs on the Ethereum network.”
Super interesting: It appears that scammers found a subdomain takeover on “https://t.co/qb9JqK2oL9” and are using it to host an NFT scam. pic.twitter.com/6vKoxWegXp
— Sam Curry (@samwcyo) May 5, 2022
Further investigation by Curry and the security engineer who goes by the nickname donut revealed that the attackers exploited a flaw in Adobe Exeprience Manager to hack into the subdomain and host their crypto scam.
“After looking a little deeper…it looks like this was an Adobe Experience Manager exploit. You can still find the remnants of the unhacked site by playing around a bit.” wrote Curry.
BleepingComputer has reached out to Ferrari for comment before posting and we await a response.
Over $800 raised before domain removal
Sharp-eyed Twitter user root @ rebcesp noted that the Ethereum wallet had raised just over $800 in funds since the scam began.
it’s already 884 dollars pic.twitter.com/GG7qnBCCwH
– root @ rebcesp (@rebcesp) May 5, 2022
The Ethereum wallet address associated with the scam is shown below, and the wallet balance dropped to approximately $130 today, as seen by BleepingComputer.
Fortunately, Etherscan flagged the wallet address when reports of suspicious activity linked to the wallet surfaced.
BleepingComputer noted that the hacked Ferrari subdomain has now been removed and returns an HTTP 403 error code:
The widespread attention garnered by NFTs can be attributed to their rapid adoption by artists who sell their digital art for cryptocurrency on popular websites like Rarible and OpenSea.
An artist known as Beeple recently sold an NFT digital image for $69 million at Christie’s auction.
As such, NFT scams and thefts are one of the newest forms of cryptocurrency fraud on the rise.
Just this week, BleepingComputer reported seeing Pixiv and DeviantArt artists targeted for NFT job postings to push malware.
Last month, the popular NFT marketplace Rarible was targeted by scammers and malware writers.
It’s tempting to write off these crypto scams thinking no one falls for them, but similar crypto scams have been wildly successful and have generated hundreds of thousands of dollars in the past.
In 2018, cryptocurrency scammers made $180K in a single day. In 2021, Twitter suffered a massive attack with threat actors making off with $580K in a week. And, in February of last year, we saw another incident of crypto scammers making at least $145,000.
In September of last year, Bitcoin.org had been hacked and attackers successfully stole $17,000 from unsuspecting users in a similar scam.