Stock Groups

Cybercriminals target metaverse investors with phishing scams


A nurse in rural Maine. An instructor of fitness in Colorado. Florida Venture capitalist. They all invested in the metaverse to buy land that they believed was solid. 

Kasha Desrosiers (a long-term nursing nurse) said, “I was really excited about that.” “And optimistic for, you’ll know, any projects that would emerge from it.”

In a matter of days, or even months, their virtual world was all gone. Each of them said that they could not get their virtual land back.

CNBC interviewed investors from across the country who claimed that hackers had taken their place in the metaverse. They tricked them into clicking links which they assumed were legitimate portals to this virtual world, but instead turned out be phishing sites intended to steal users credentials. What they wanted was a piece of the metaverse — a new, blockchain-based virtual set of platforms that has recently come to prominence because of significant involvement from celebrities, fashion shows and investors. 

They claim that instead they have learned the lesson of high-risk investment.

The rising popularity of investing in the metaverse – in which users purchase virtual “land” on various platforms with an expectation that it will increase in value – has also ushered in a new wave of high-tech fraud, according to authorities, interviews with victims and cybersecurity experts.

Definition of the metaverse

Virtual property purchase

Virtual reality technology has been adopted by some companies. Users can use a headset to access a metaverse, however the platform where users sell and buy virtual property cannot be accessed without a computer. 

The Sandbox (Decentraland), SuperWorld and SuperWorld are three of the most popular places to buy metaverse real property. These platforms are not new, but they have only been selling land plots that use blockchain technology in the past year. 

In the metaverse, users can bid on land plots through NFT markets like OpenSea. This process is similar to buying property in real life. 

The metaverse is a screen capture of the interactive platform that allows users to purchase and develop land.


To purchase land in the metaverse, users typically need a cryptocurrency wallet — MetaMask is the most common.

Once an investor buys virtual land, the property is transferred to his or her digital wallet and the purchase becomes encoded on the blockchain — which essentially serves as the equivalent of a deed of purchase. From a residence to an extravagant concert venue, the owner has unlimited options. Investors believe that the platform’s popularity will increase the property value, as there are very few land plots available.

Phishing scams

Desrosiers stated that the metaverse attracted her attention because Desrosiers was a nurse who wanted to create an educational platform on anatomy and physiology. In The Sandbox and SuperWorld, Desrosiers invested $16,000.

Kasha’s husband Dick Desrosiers stated that it was “kind of like a frontier”.

However, her hopes of creating a virtual educational game in the field of medicine were soon dashed. About three months after buying the land, Kasha said she typed in the name of the virtual platform Decentraland on a Google search bar — the first link that popped up was a phishing link. She clicked the link and her MetaMask account was wiped clean.

She said, “I was very sad.” “I was really sad when I went to work that day. It seemed like my metaverse lands had been stolen. Everybody was, like, “What??”

Tracy Carlinsky (an online trainer based in Boulder Colorado) had an identical experience. After hearing all the buzz about The Sandbox, Carlinsky spent approximately $20,000 on land. 

Her Sandbox property bordered rapper Snoop Dogg’s virtual mansion — Snoop Dogg was one of the first celebrities to enter the metaverse and has recently shot a music videoIn the virtual space. 

Carlinsky stated that he thought the area could be fun. Carlinsky said, “He talked about holding private parties, interfacing with his fans and having concerts.”

Carlinsky, however, said that she clicked on the wrong link, and then lost her entire land. This was just days after clicking on it. The link appeared almost identical to The Sandbox login page. 

The metaverse is still new and law enforcement officers don’t know how many investors were scammed. However, according to Chainalysis, which is a data platform on blockchain, the number of phishing schemes are increasing. Chainalysis says that Decentraland suffered a phishing attempt against MailChimp. This led to hundreds of emails being leaked to the hacker. A data platform claims that cybercriminals have also posted fake mining sites. TwitterThis resulted is lost Sandbox tokens.

Investors of major importance

Hackers drain savings from consumers, but investors have invested in these metaverse platforms.

The Sandbox is owned by Animoca Brands, a leading blockchain venture capital company. It has a valuation of $4 billion. 

Popularity of Decentraland soared after Facebook changed its name to MetaThis put the spotlight on Silicon Valley’s belief that the metaverse is an emerging technology. The start-up saw parcels of land sell for as much as $100,000. Since then, the platform has attracted big brands such as Estee Lauder and Samsung to participate. Decentraland received $22.5 million funding from investors including Animoca Brands. 

Animoca Brands also made a $2.1 million investment in OpenSea, an online marketplace. The blockchain company is estimated to be worth $13.3 billion. It has attracted celebrity investors like Ashton Kutcher, Mark Cuban, and Ashton Kutcher.  

Technology giants such as MicrosoftSoftBank is a major investor in MetaMask.

CNBC reached out for comments to the investors. Cuban was the only one to respond and said that these phishing scams aren’t unique to the crypto space — they affect big companies, too.

Sale of Phishing Pages

However, there is also an enormous illegitimate company. 

These phishing sites are available for purchase on the dark internet and other chat platforms like Telegram. These impostor websites are advertised by cybercriminals for $400 while some others can be purchased for up to $5,000 via underground Russian forums.

If landowners enter their MetaMask credentials on one of these pages, their usernames and passwords are transmitted to the cybercriminal allowing them to obtain all digital assets in the wallet.

Cybercriminals may then try to resell stolen land via an internet marketplace such as OpenSea.

Mason Wilder is the research manager for the Association of Certified Fraud Examiners and this hacking doesn’t surprise him.

Wilder explained that “there are plenty of legitimate applications for these technologies which will cause it to stay around.” But until the technology matures, many people will lose a lot.

Mason Wilder is the research manager for the Association of Certified Fraud Examiners.


Only limited recourse

Many investors flock to the metaverse because it operates in a decentralized manner, meaning there is no central authority, such as a bank, providing oversight of the transactions.

This is because all the transactions occurring on the blockchain (which is transparent and shows all the transactions) allow for the selling or buying of metaverse properties. These transactions can never be reversed once they have occurred. 

The permanent nature of cryptocurrency transactions means that local, state, or federal authorities do not have the ability to protect them.

Adam Lowe (creator of cold storage wallet Arculus) recommends that investors utilize multifactor authentication for added protection. 

He stated, “If you think your only security line is a password and username, then it’s wrong.” 

With the popularity of the metaverse increasing, many platforms have difficulty fielding hacking and phishing complaints. Many say once assets are stolen it can not be recovered due to its decentralized nature. 

Lowe explained that “all of these platforms” have seen a rapid growth in popularity and growth. He also said that it is difficult for them to keep up with the demand for people who can answer questions.

CNBC interviewed every victim who said that they could not retrieve lost funds due to losing their land in phishing schemes.

Carlinsky stated that MetaMask and The Sandbox responded to her queries but they didn’t take responsibility for stolen funds or land. She recommends she be more vigilant in the future. OpenSea (the platform where she bought land in The Sandbox) has yet to respond to her. 

“My biggest issue with the whole thing is that — what I noticed is all three entities: Sandbox, MetaMask, OpenSea, they’re all very much aware that these hacks exist,” Carlinsky said.

The Sandbox replied to Carlinsky, “Sadly we cannot retrieve the tokens/funds lost as this decentralized ecosystem transactions are finalized and user-managed.”

MetaMask sent an email to Kasha Desrosiers, listing the causes of the hacking and suggesting solutions such as discontinuing the account or reporting it to authorities. OpenSea sent Kasha Desrosiers an email stating that it was “actively investigating” this issue over several weeks. However, it never provided a resolution. SuperWorld also stated that they could do nothing about it.

Responses from Meta Platforms

MetaMask product leader Taylor Monahan said that the company was working with victims to offer better services in recovering funds. MetaMask is the only platform who agreed to an interview for CNBC.

Monahan explained that, ultimately, Monahan wants the result to be: “If you lose your money, there are steps you can take so you can get those funds back.” 

MetaMask and Asset Reality have announced on Thursday a partnership to make that goal real. Asset Reality will act as the case manager for consumer complaints. Then, they’ll investigate any scams on victims’ behalf.

Monahan stated to date that any investor losses due fraud is not under the company’s control. MetaMask has not refunded any victims’ digital assets — it will only assist consumers with recovering the funds from scammers.

In an ideal world we’d like for no one to ever lose money. Even in the most dire scenario they might lose funds they can still recover the money. “That’s what we want to do,” she stated. MetaMask doesn’t have to be the only product in this space. Any big product can.

She stated that the company was aware of the dangers of phishing sites and pointed out it has seen websites impersonating MetaMask or other crypto-related products.

Monahan also stated that there has been an increase in fraudsters impersonating sites with login pages.

They are called phishkits, correct? They are a set of items that you use to fool people. They’ve become sophisticated in recent years,” she stated.

Monahan admitted that the metaverse is still a work-in-progress and encouraged people to tell others about their experiences on social media.

In a statement to CNBC, an OpenSea spokesperson said it had disabled the ability to buy or sell NFTs that are reported stolen and has even banned accounts involved in theft in an effort to combat scam listings that can lead to phishing websites

OpenSea stated that its platform can identify and remove items from phishing sites. OpenSea also announced that it now has a report mechanism which allows customers to flag compromised wallets and will disable any items bought or sold. 

CNBC received a statement from Decentraland stating that they have a legal department working to protect its trademarks and logo from fraudsters. According to the platform, they are also trying to eliminate any imposter websites that may be associated with Decentraland. They have hired firms to conduct intellectual property research and enforce to aid them in this endeavor.

A spokesperson stated that two websites, 24 domains, and five social media accounts pretending to be the official platform had been removed in recent months. 

Sandbox also stated that it had contracted companies to detect and remove phishing websites in order to protect customers. 

Security is something we take very seriously. Unfortunately, these fake sites are a typical phishing scam that affects all industries. “To combat these scammers we use constant monitoring using Brandshield, and other providers, to take the proper legal actions and eliminate these sites,” stated the company in an email.

SuperWorld, while not pointing out any effort to eliminate these impostor websites, stated in a statement, that the company had made attempts to improve consumer education about best practices to prevent theft. 

CNBC also asked these metaverse platforms to estimate the land stolen, as well as how much money investors have lost due to these phishing frauds. However, the platforms didn’t provide any figures.

Wild West