Hacker uses FAKE FILE EXTENSION NFT Scam to drain your cryptos and NFT.

In this fake file extension NFT scam Hackers used .scr file. Screen Saver (.scr) files are executables that can run any code; they are similar to.exe files and We all know how .exe file works. We can say that your entire computer has been hacked at this point.

Scams that use cryptocurrency are getting more and more complicated, making it easier than ever to fall for them.

In just the last 12 months, non-fungible tokens (NFTs) have grown into a multibillion-dollar portion of the crypto industry. Top collector’s items, like rare ones from the Cool Cats and Bored Ape Yacht Club collections, can sell for $30,000 or more.

If you think a JPEG should not cost between five and six figures, the people who made NFT have one word for you: utility. Because NFTs make a permanent digital record of your ownership on the blockchain (the same technology used to make crypto), owning a digitally tokenized piece of art can also get you into exclusive online clubs, gaming communities, Discord chat rooms, and interactive experiences.

At least, that’s the idea. But in real life, NFTs are still new and a little scruffy. Blockchain fans see NFTs as an exciting sign that the general public will soon use crypto. However, scammers can make a lot of money off of them because so much money changes hands.


You’ve heard about Smart Contract hack in Nfts and blockchain, phishing links, or NFT discord hack. Now hackers have found another way to hack into your wallets, and trust me, it’s way harder to know which is real and which is fake. 

source: serpent twitter thread

The tactic I am talking about is the FAKE FILE EXTENSION SCAM. What is it?

How will the attacker approach you?

How do they do it? 

Why is it dangerous?

How do you identify real and scam files? 

How to keep yourself safe from an attack?

I will uncover these questions’ answers here in this article.

What is File Extension Scam in NFT?

Basically, this attack is, as the name suggests, Scammers spoof file extensions to make malicious files look like PDFs. They go after artists, people with a lot of influence, and projects.

How will the attacker approach you?

As I stated above, hackers nowadays use different ways to exploit you. The Serpent gave a clear example on his Twitter thread. In his thread, he shows the example of an artist called RabbitinM. The customer first messaged RabbitinM about the commission of his art. Then they sent him a zip file containing sample Images for the project. But that situation changed soon.

We can see the regular sample images in this zip file, nothing suspicious, right? Wrong, this isn’t a regular PDF file. It is actually a Screen Saver (.scr) file, an executable script disguised as a PDF file.

source: serpent twitter thread

All of the artist’s NFTs were advertised and sold once RabbitinM opened the PDF file to examine the sketches, and all of his ETH was transferred to the scammer’s wallet.

How do they do it?

Hackers used Simple extension spoofing. They renamed the file, added .pdf to the end, and then modified the file’s icon to a PDF icon. He additionally overburdened the file with garbage code, causing it to surpass VirusTotal’s maximum file size of 650 MB.

Why is it dangerous?

source: serpent twitter thread

In this example, Hackers used .scr file. Screen Saver (.scr) files are executables that can run any code; they are similar to.exe files and We all know how .exe file works. We can say that your entire computer has been hacked at this point.

Your cookies, passwords, extension data, and everything else is scraped. They may, for example, modify your MetaMask extension to a modified and harmful one, or they might just wait for you to log in and access your MetaMask, and they’ll have everything.

How do you identify real files and scam files? 

It isn’t hard to identify the file extension. However, This is disabled by default, but you can activate it by choosing “View” at the top of your file explorer and then activating “File name extensions.” The file extensions for all files will be shown.

How to keep yourself safe from NFT Scam or  FAKE FILE EXTENSION scam?

This is an old web2 scam technique that works with any and all file formats. To avoid this, Do not download or open random files recklessly. Always check the file type, Investigate and learn about fundamental web2 security.

But If you must open a file, save it to Google Drive and view it there, or use a virtual machine.

There are several approaches, but if you fall victim to this assault, even after trying the above methods, you should consider your computer is infected. You should reset it, create a new wallet, and change all of your passwords on everything.

Final thoughts

Artists aren’t the only ones victimized by this fraud. Influencers, promoters, and initiatives have lately been targeted, with many people losing control of their wallets and accounts and having everything entirely deleted.

One user replied on Serpent’s Twitter thread, saying he had been robbed by the same trick back in February. When he downloaded the .scr file, he had to input a code in order to access the file. Which he thinks gave them access to his computer.

This can cause financial and mental problems to the victim, so be careful and spend little time on research before opening any file type.


Please enter your comment!
Please enter your name here


MetaVerse Zeus



[Don’t] buy land in the Metaverse, without knowing these reasons.

The term "metaverse" is growing more popular, significantly when Facebook changed its name to "Meta" and brought attention to the virtual world and its...

[NFT Copyright] Can you use your NFT for commercial use?

As the NFT owner (creator) of the NFT's original content, I can attach a royalty to it, resulting in a percentage of future sales...

NFT God Loses $25,000 in NFTs and Cryptocurrency in Devastating Hack.

We live in a digital era, and that's all there is to it. But the digital world became a nightmare for an influencer known...

Elon Musk suggests that Twitter will add cryptocurrency payments if his takeover bid is successful.

The CEO of Tesla and SpaceX, Elon Musk, has suggested that Twitter accept crypto payments. In his first meeting with everyone at Twitter, he...

What is an NFT Smart Contract? How is your NFTs safe on the Blockchain?

"What is an NFT Smart Contract?" you might wonder if you're new to the NFT market.  If that's the case, you're not alone!  Many beginners are...