Risk Assessments/Management, Breach, Threat Management

Phony NFT collection promoted on hacked Ferrari subdomain

BleepingComputer reports that threat actors have hacked into a subdomain of automaker Ferrari to launch a scam promoting a fake NFT collection. Attackers have leveraged the forms.ferrari.com subdomain to host the fake NFT scam dubbed "Mint your Ferrari," which has been convincing since the automaker announced an NFT partnership with tech firm Velas last year, with the subdomain hacked by exploiting a vulnerability in the Adobe Experience Manager, according to ethical hacker Sam Curry and security engineer d0nut. "After looking a bit deeper... it seems this was an Adobe Experience Manager exploit. You can still find the remnants of the unhacked site by dorking around a bit," Curry wrote. More than $800 have already been exfiltrated in the scam before the hacked domain was taken down, said Twitter user [email protected] NFTs have been increasingly targeted by threat actors amid their growing adoption, with fraudulent NFT job offers launched against Pixiv and DeviantArt artists last week and scammers attacking NFT marketplace Rarible last month.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.