Rare Bears Scam Account
Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
The Rare Bears NFTs are a set of NFT bears made by a New Zealand artist nicknamed Enox. A scam account was created on Twitter and posted links to a fake minting website, claiming to allow users to mint Rare Bears NFTs. They successfully scammed at least one user out of $2k worth of assets.
About Rare Bears
Rare Bears are an NFT collection of 2,347 unique digital NFTs created by Iain Spanhake, an NFT artist from New Zealand commonly referred to as "Enox"[1][2]. The first minting of the collection was launched on March 12th, 2022[3][4]. Rare Bears describes their NFTs in detail on their website[4][5] and OpenSea[1].
"The Rare Bears are taking over. They’re cute and sweet, but tough and street. The Bears have a cool retro vibe mixed with a futuristic cyber tone. They’re all about street art, graffiti, music, tech, fashion, and a few old-school video games. They’re down to cuddle once in a while, but if you cross a Bear it’s bad news. The Rare Bears are your ticket into the BearVerse with the most vibrant community around. More NFTs will drop, collabs will happen and more mediums will be explored. We’re bearly getting started."
On April 5th, 2022, an announcement appeared on the Rare Bears Discord channel[6][7].
"We are planning to expand all the way around the world, while doing so we will need you to follow us through this ride, you are now able to obtain our rarest bears early with a presale now available. Goodluck bears." "PRESALE IS LIVE NOW!"
Users were invited to visit rarebears.org to mint Rare Bears for 0.12 ETH as part of an exclusive presale[6].
Website:[5]
Twitter:[8]
LinkTree:[9]
The Reality
The announcement was not a real mint and was posted by phishing scammers on a separate Twitter account. The actual website of the Rare Bears NFT project is rarebearsnft.com[8][9][5].
Holders of Rare Bears were no strangers to phishing attacks. In fact, the Rare Bears Discord channel had recently been breached a month prior[10][11][12], which was shortly after the project release. That breach was widely reported, with losses estimated to be between $790k and $800k.
What Happened
The RareBears team posted an announcement about the attack on April 5th, 2022.
| Date | Event | Description |
|---|---|---|
| March 12th, 2022 8:46:00 AM | Rare Bears Launch | The first Rare Bears NFT collection is released for minting[3][4]. |
| March 17th, 2022 11:21:05 PM MDT | Previous Discord Breach | An unrelated Discord breach happens, and is published on CoinTelegraph[10], The Block[11], and later Metaverse[12]. Users are reported to lose over $800k worth of NFTs in this separate attack. |
| April 4th, 2022 11:23:00 AM MDT | Initial Post From EnoxxArt | The Twitter phishing account EnoxxArt posts to announce the Rare Bears expansion plans[7]. |
| April 5th, 2022 12:43:00 AM | Twitter Announcement | The RareBears team posts their announcement on Twitter[6]. |
| April 12th, 2022 4:45:00 PM MDT | Hiring Social Media Outreach | The RareBears ream announces the hiring of Shane, a lawyer from Singapore, to look after "Discord management/communications and social media outreach"[13]. |
| April 16th, 2022 2:30:00 AM | New Roadmap | The RareBears team shares their new roadmap[14][15]. |
| May 7th, 2022 10:00:00 AM | Sentimental Post | The RareBears Twitter posts "As a community, we've been through the ringer. We've gone through what could be any other project's worst nightmare. But we've risen to meet adversity and emerged on the other side stronger, more fired up, & with more conviction than ever! Don't bet against the bears."[16] |
Technical Details
The attack involved the registration and usage of a rarebears.org domain name and multiple fake Twitter accounts.
EnoxxArt Twitter Handle
EnoxxArt[6] is a misspelling of the EnoxArt Twitter handle which belongs to Enox, who created the Rare Bears NFT art.
The account posted several times[17].
Valuable Domain Name
It appears that the attackers were successful due to the registration of a valuable and short rarebears.org[6] domain name. The Rare Bears website is actually located at rarebearsnft.com[9]. This website URL is only published through the project's linktree page[9], which many users may not interact with.
The Final Post
Total Amount Lost
At least $2k of losses were reported by Twitter user @lord_IY[18]:
"[S]ad. 2k fallen victims already[.]"
The total amount lost has been estimated at $2,000 USD.
Immediate Reactions
Rare Bears Announcement on Twitter
The RareBears Twitter @BearsRare posted an announcement after some users started to fall for the scheme[6].
"THIS IS A SCAM ACCOUNT!! Please report them and DO NOT click the links to their FAKE "presale". Only ever use our official links. Keep your wallets safe bears."
Community Reactions on Twitter
Twitter user @lord_IY called the situation "sad"[18]. Twitter user @PurplePopRocks had the idea that victims should be to blame and deserve their losses[19]:
"If [your] dumb followers fall for that again a month after mint they deserve to lose the money they already did once after mint for pure greed[.]"
Ultimate Outcome
The RareBears team hired Shane specifically to help with their Discord management[13].
"We are SO excited to have Shane @lunnietunesNFT as part of the Rare Bears team. He is a lawyer based in Singapore, with a background in law and communications. He looks after Discord management/communications and social media outreach. Let's all welcome him to the #BearFam!"
The EnoxxArt account appears to have been suspended[20].
Total Amount Recovered
There does not appear to be any attempt to assist users who were affected in this case or any funds recovered in this case.
Ongoing Developments
The RareBears team hired a new team member named Shane to help with their social media management on April 12th[13].
"We are SO excited to have Shane @lunnietunesNFT as part of the Rare Bears team. He is a lawyer based in Singapore, with a background in law and communications. He looks after Discord management/communications and social media outreach. Let's all welcome him to the #BearFam!"
The team also posted a new roadmap on April 16th[14][15]:
"We're coming back stronger than ever. If you haven't seen our Roadmap 2.0 here's a few highlights. new leadership. new utility & holder perks. utility token ecosystem. holders only merch. Factions. Mare Bears. We are excited!"
They've also been posting encouragement to their community such as the following[16]:
"As a community, we've been through the ringer. We've gone through what could be any other project's worst nightmare. But we've risen to meet adversity and emerged on the other side stronger, more fired up, & with more conviction than ever! Don't bet against the bears."
Individual Prevention Policies
Users should be careful to ensure that all minting links come from the official team behind a project.
Any time that you are promised any profit or benefit in exchange for an initial payment, smart contract approval, or deposit, pay special care as to whether the entity making that offer is trustworthy, actually who they say they are, and has the means to fulfill what they're promising. There are no magic algorithms providing guaranteed returns from trading or mining. Trading on average will lose money. Mining is expensive and complex. No one is going to immediately send back more than you sent them. NFT projects will rarely announce a surprise mint in only a single location. Are you fully prepared for the event your money is kept and nothing is delivered in return?
Every approval on Web3 is an opportunity to lose all of the funds present in your wallet. Take the time to review the transaction in full. Fully check over the balance, permissions, and entire address which you are interacting with. Do not trust that your clipboard or any website front-end is guaranteed to provide an accurate address or transaction status. Always perform a test transaction prior to the first high-value transaction in any session.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Exchange platforms can serve to validate that minting links are from the real source, and reduce the likelihood of successful phishing attacks.
Never take for granted the limited knowledge of users of your service and their tendency to skip past provided information. It is recommended to design a simple tutorial and quiz for new users which explains the basics of seed phrases, strong password generation, secure two-factor authentication, common fraud schemes, how ponzi schemes work, as well as other risks which are unique to the cryptocurrency space. This tutorial and quiz should ensure their understanding and be a standard part of the sign-up or download process which is difficult or impossible to skip.
A treasury can be set aside to assist victims with proven losses.
Work with other industry platforms to set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
Create a standard tutorial and quiz for all new cryptocurrency participants, which is required to be completed once per participant. This tutorial and quiz should cover the basics of proper seed phrase protection, strong password generation, secure two-factor authentication, common fraud schemes, how to detect and guard against phishing attacks, how ponzi schemes work, as well as other risks which are unique to the cryptocurrency space.
Set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services within the country, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ 1.0 1.1 Rare Bears NFT Collection - OpenSea (Jul 14, 2022)
- ↑ Matic Asset With Enox Information - OpenSea (Feb 8, 2023)
- ↑ 3.0 3.1 Rare Bears - "Our Pre-sale Mint is Live now! Take your time, you have 24 hours to mint. No need to rush anything! Don't mint from any links besides this link!" - Twitter (Feb 13, 2023)
- ↑ 4.0 4.1 4.2 Rare Bears – Rare Bears NFT collection from digital artist, Enox Homepage (Jul 14, 2022)
- ↑ 5.0 5.1 5.2 Rare Bears NFT Homepage (Dec 8, 2023)
- ↑ 6.0 6.1 6.2 6.3 6.4 6.5 Rare Bears - "THIS IS A SCAM ACCOUNT!! Please report them and DO NOT click the links to their FAKE "presale". Only ever use our official links. Keep your wallets safe bears" - Twitter (Jan 29, 2023)
- ↑ 7.0 7.1 "EnoxxArt" - "we plan to expand all the way around the world, while doing so we will need you to follow us through this ride, you are now able to obtain our rarest bears early with a presale now available" - Twitter Archive April 5th, 2022 12:24:15 AM MDT (Dec 8, 2023)
- ↑ 8.0 8.1 Rare Bears Twitter (Dec 8, 2023)
- ↑ 9.0 9.1 9.2 9.3 Rare Bears Linktree (Dec 8, 2023)
- ↑ 10.0 10.1 Rare Bears Discord phishing attack nabs $800K in NFTs - CoinTelegraph (Jun 21, 2023)
- ↑ 11.0 11.1 Hacker steals $790,000 of NFTs and crypto from owners of Rare Bears - TheBlock (Jun 21, 2023)
- ↑ 12.0 12.1 Rare Bears NFT Discord Hack: Almost $800,000 Worth of NFTs Stolen - Metaverse Post (Jun 21, 2023)
- ↑ 13.0 13.1 13.2 Rare Bears - "We are SO excited to have Shane @lunnietunesNFT as part of the Rare Bears team. He is a lawyer based in Singapore, with a background in law and communications. He looks after Discord management/communications and social media outreach. Let's all welcome him to the #BearFam!" - Twitter (Jan 29, 2023)
- ↑ 14.0 14.1 Rare Bears - "We're coming back stronger than ever. If you haven't seen our Roadmap 2.0 here's a few highlights. new leadership new utility & holder perks utility token ecosystem holders only merch Factions Mare Bears We are excited! Come join the #BearFam & our journey" - Twitter (Jan 29, 2023)
- ↑ 15.0 15.1 Rare Bears - "We're beyond excited to release our new Roadmap! Get your #RareBears on OS now! To celebrate, we're giving away 2 Rare Bears NFTs." - Twitter (Jan 29, 2023)
- ↑ 16.0 16.1 Rare Bears - "As a community, we've been through the ringer. We've gone through what could be any other project's worst nightmare. But we've risen to meet adversity and emerged on the other side stronger, more fired up, & with more conviction than ever! Don't bet against the bears" - Twitter (Jan 29, 2023)
- ↑ EnoxxArt Twitter Posts - Internet Archive (Dec 8, 2023)
- ↑ 18.0 18.1 lord_IY - "[S]ad. 2k fallen victims already[.]" - Twitter (Feb 8, 2023)
- ↑ PurplePopRockz - "If [your] dumb followers fall for that again a month after mint they deserve to lose the money they already did once after mint for pure greed[.]" - Twitter (Jan 29, 2023)
- ↑ EnoxxArt Twitter Account (Suspended) (Dec 8, 2023)