Popular Pokémon-inspired NFT project targeted by scammers

Patrick Devaney


NFTs are about a lot of things like art, digital ownership, Web3, etc. but even the biggest NFT maxi couldn’t deny that right now a huge chunk of what NFTs are about is hype. They are digital collectables, now available to view on Instagram, that can sell for huge amounts of money due to the unprecedented levels of hype that surround them. It should be no surprise then that a team of NFT collectors have tried to tap into another hype machine, the Pokémon franchise.

Pokémon Go Download Now

Pixelmon is a legitimate NFT project that has built quite a following with almost 200,000 Twitter followers and over 25,000 Discord members. The project recently raised over $70 million to fund the building of an open-world RPG through the sale of a collection of 10,000 Pixelmon NFTs. The project has hit a snag as the artwork seems pretty amateurish, but the hype is there, and so is the money, which has now attracted the attention of scammers.

Popular Pokémon-inspired NFT project targeted by scammers

The attackers have set up a fake Pixelmon website that looks almost identical to the original. Whereas the original and legitimate site is found at, the fake website has pixelmon as a full word with a .pw domain. Do not go to that site, and if you ever find yourself on it leave immediately.

As mentioned earlier, the real Pixelmon team is developing an open-world RPG with the real site showing gameplay trailers and offering links to trailers. This is where the scammers are trying to catch unwitting victims. Downloading anything from the scam site will install executable files onto your device that will then spread malware and infect your PC.

Malware included in the attack, according to BleepingComputer, is a malicious password-stealing file that will record all the passwords you use on the device and share them with scammers behind it all. Unfortunately, that is not all as the malware will also connect to a Telegram channel and retrieve the IP address of the malware’s command and control server and then download even more malicious files to the device. It also looks like the malware specifically hunts out files relating to cryptocurrency wallets under the assumption that users of an NFT website will likely hold the cryptocurrency needed to buy one.

This marks a new way for scammers to target you via your online presence that gives them a way to steal funds from you directly. Make sure you are extremely careful when online and check out our cybersecurity infographic for tips on how to stay safe.

You may also like