Fake NFT whitelist / mint wallet-drain phishing — fraudulent email claims the recipient's wallet has been whitelisted or allowlisted for an exclusive NFT mint, presale drop, or free NFT claim, then directs them to connect MetaMask, Trust Wallet, or Phantom to a malicious portal that drains all crypto and NFTs via a malicious smart contract; some variants request the seed phrase directly

Phishing emails impersonating NFT projects claiming the recipient's wallet has been whitelisted or allowlisted for an exclusive NFT mint, presale drop, or free NFT claim — directing them to connect MetaMask, Trust Wallet, Coinbase Wallet, or Phantom to a malicious portal within a tight deadline. The "connect wallet" flow triggers a malicious smart contract that drains all crypto and NFTs via a blanket approval transaction (setApprovalForAll). More aggressive variants request the seed phrase directly under the guise of "verifying wallet ownership" — an immediate account takeover. Key facts: (1) Chainalysis 2023: NFT wallet-drain attacks accounted for $100M+ in annual losses; seed phrase theft is effectively irreversible — no blockchain transaction can be undone; (2) The NFT boom of 2021–2022 created a persistent "whitelist culture" where early-access notifications from projects are expected, making these lures highly credible to NFT community members; (3) Legitimate NFT platforms (OpenSea, Blur, MagicEden, Foundation) never notify users of whitelist spots by email and never ask for wallet connections or seed phrases via email; (4) Real whitelist notifications come through Discord servers and official project websites — email is not an NFT project standard. Warning signs: any email requesting MetaMask connection or a seed phrase, "whitelist confirmed" or "free mint" language from an unknown project, deadline urgency ("claim in 24 hours"), sender domain not matching any known NFT platform.