Ferrari Subdomain Hijacked to Push Fake Ferrari NFT Collection
One of Ferrari’s subdomains was hijacked yesterday to host a scam promoting fake Ferrari NFT collection, according to researchers.
What makes the scam particularly interesting is the fact that the luxury carmaker had earlier announced plans to launch NFTs in partnership with tech firm Velas.
The Ethereum wallet associated with the cryptocurrency scam appears to have collected a few hundred dollars before the hacked subdomain was shut down.
Ferrari’s site featured ‘Mint your Ferrari’ crypto scam
On Thursday, ethical hacker and bug bounty hunter Sam Curry reported seeing one of Ferrari’s subdomains forms.ferrari.com hosting a fake NFT (Non-Fungible Token) scam.
An NFT, or Non-Fungible Token, is data stored on a cryptocurrency blockchain that a digital certificate has signed to prove that it is unique and cannot be copied.
Last year, Ferrari announced plans to launch NFT products in partnership with tech firm Velas, making this scam all very convincing.
The crypto scam titled “Mint your Ferrari” enticed visitors to buy NFT tokens, falsely touting that Ferrari introduced “a collection of 4,458 horsepower [sic] NFTs on the Ethereum network.”
Additional investigation by Curry and a security engineer who goes by the moniker d0nut revealed that attackers exploited an Adobe Experience Manager flaw to hack the subdomain and host their crypto scam.
“After looking a bit deeper… it seems this was an Adobe Experience Manager exploit. You can still find the remnants of the unhacked site by dorking around a bit,” wrote Curry.
BleepingComputer has reached out to Ferrari for comment before publishing and we await a response.
Over $800 collected before domain takedown
Keen-eyed Twitter user root@rebcesp observed the Ethereum wallet had collected a little over $800 of funds ever since the scam went up.
The Ethereum wallet address associated with the scam is shown below, with the wallet balance having dropped today to approximately $130, as seen by BleepingComputer.0xD88e1C6EC0a2479258A6d2aB59D9Ae5F2874bC44
Thankfully, Etherscan has flagged the wallet address as reports emerged of suspicious activity linked to the wallet.
BleepingComputer observed the hacked Ferrari subdomain has now been taken down and throws an HTTP 403 error code:
The mainstream attention garnered by NFTs can be attributed to their rapid adoption by artists selling their digital art for cryptocurrency at popular websites such as Rarible and OpenSea.
Just recently, an artist known as Beeple sold an NFT digital picture for $69 million in Christie’s auction.
As such, NFT scams and thefts are one of the newest forms of cryptocurrency fraud on the rise.
Just this week, BleepingComputer reported seeing Pixiv and DeviantArt artists being targeted by NFT job offers to push malware.
Last month popular NFT marketplace Rarible was targeted by scammers and malware authors.
It’s tempting to dismiss these crypto scams thinking no one falls for them, but, similar crypto scams have been hugely successful and generated hundreds of thousands of dollars in the past.
In 2018 crypto scammers had made $180K in a single day. In 2021, Twitter suffered a massive attack with threat actors walking away with $580K in a week. And, in February last year, we saw another incidence of crypto scammers making at least $145,000.
By September last year, Bitcoin.org had been hacked with attackers having successfully stolen $17,000 from unwary users in a similar scam.