reports that threat actors have hacked into a subdomain of automaker Ferrari to launch a scam promoting a fake NFT collection.
Attackers have leveraged the forms.ferrari.com subdomain to host the fake NFT scam
dubbed "Mint your Ferrari," which has been convincing since the automaker announced an NFT partnership with tech firm Velas last year, with the subdomain hacked by exploiting a vulnerability in the Adobe Experience Manager, according to ethical hacker Sam Curry and security engineer d0nut.
"After looking a bit deeper... it seems this was an Adobe Experience Manager exploit. You can still find the remnants of the unhacked site by dorking around a bit," Curry wrote.
More than $800 have already been exfiltrated in the scam before the hacked domain was taken down, said Twitter user [email protected]
NFTs have been increasingly targeted by threat actors amid their growing adoption, with fraudulent NFT job offers launched against Pixiv and DeviantArt artists last week and scammers attacking NFT marketplace Rarible last month.