As the world of non-fungible tokens (NFTs) continues to expand and evolve, so does the landscape of NFT-related crime. Although criminal activity within the space represents a small portion of the overall trade, it has a disproportionate impact on the industry’s reputation.
This article aims to provide insight into the current state of NFT crime, explore the most prevalent methods of theft, consider potential future typologies, and describe how to use blockchain analytics to trace the flow of funds related to some of these crimes.
The current state of NFT crime
While NFT-related crime has been relatively limited to date, it remains a concern for the industry. Over $100 million worth of NFTs were publicly reported as fraudulently stolen between July 2021 and July 2022, and since 2017, $8 million in illicit funds have been laundered through NFT-based platforms.
Notably, this represents only 0.02% of the total volume and suggests that NFT markets such as OpenSea, Rarible and Blur are currently not preferred destinations for criminals to launder assets. One reason for this may be the illiquidity of the NFT market, where selling an NFT requires a market participant to want that specific NFT, unlike releasing illegal Bitcoins and Ether which have much deeper and wider buyers.
According to our “NFTs and Financial Crime” report, $328.6 million worth of NFT activity is linked to cloaking services such as crypto mixers. Although not conclusive evidence of illicit activity, this is a higher risk area to consider due to the tendency of criminals to use mixers as a way to disguise the source and destination of their illegal activity. The Tornado Cash mixer was the source of $137.6 million of cryptoassets processed by NFT markets and the tool of choice for laundering 52% of NFT fraud proceeds, before being sanctioned by the Office of Foreign Assets Control (OFAC) in August 2022.
Unfortunately, NFT crime can be quite lucrative for fraudsters, with the average revenue for NFT fraud between July 2021 and July 2022 being $300,000.
Current typologies of NFT theft
During the July 2021 to July 2022 data collection period, the most popular NFTs targeted for theft were Bored Apes, with 167 confirmed and publicly reported cases affecting 1.7% of the NFTs in this collection.
During June and July 2022, thefts of valuable NFTs decreased, while early stage thefts of less value increased. This trend likely partially reflects valuable NFT holders “holding” their assets throughout the bear market and not as actively engaging in new projects that are susceptible to fraudster activity.
Phishing is the most common method of stealing NFTs, and more sophisticated variants – such as phishing links set up via compromising admin accounts of social media platforms – are on the rise.
However, aside from phishing, there are several other significant methods currently being used by criminals in the space.
Let’s delve into some of these specifically:
- Phishing attacks remain a significant threat. For example, in April 2022, Taiwanese singer-songwriter Jay Chou lost his Bored Ape Yacht Club NFT and three other NFTs – worth a combined $560,000 – after falling victim to a phishing scheme. Chou only became aware of the theft when a friend noticed unusual activity with his wallet.
- Social media compromise is another problem, as criminals exploit expired Discord server invite links, manipulate faulty server management tools, and social engineer developers to gain admin credentials. Elliptic’s research suggests a potential link between the rise of NFT compromises on social networks and the increasing availability of malware as a service (MaaS) designed to breach social media account login credentials, including multi-factor authentication.
- Trojan horse NFTs – often delivered to users – can contain metadata that directs victims to phishing pages or prompts them to sign a message that is actually SetApprovalForAll. In January 2022, Convex Labs head of research Nick Bax demonstrated a proof-of-concept NFT that can log a viewer’s IP address by encoding additional metadata into an animation’s URL.
- Impersonation fraud also remains a concern. Scammers can use phone spoofing services to make their calls look legitimate, such as displaying “Apple Support” on victims’ phones. One such service reportedly earned more than $93,000 in bitcoins, according to Elliptic’s internal analysis.
Potential future typologies of NFT crime
Emerging trends and potential future typologies of NFT crime include:
Deeply fake social engineering
Criminals are increasingly exploiting video-based social media platforms such as TikTok and Instagram to create highly convincing fake videos that impersonate celebrities or celebrities in the crypto world. These realistic-looking videos lure unsuspecting victims to invest in fake projects, sell their valuable NFTs at a discounted price, or click on malicious links that compromise their security.
Augmented Reality Hacks
With the growing popularity of augmented reality experiences and the metaverse starting to gain traction, hackers can identify new opportunities to infiltrate these virtual interactions. By hiding malware or other malicious links within augmented reality content, criminals could gain access to users’ NFT and other cryptoassets, potentially causing significant financial losses.
NFT extortion
Many NFTs act as keys to gated communities and provide social capital and digital praise to their holders. As a result, many NFT holders will wear clothes with their valuable crypto assets and post them as profile pictures on social media sites like Twitter.
However, this could put these owners at risk from criminals who may resort to increasingly aggressive tactics such as physical kidnappings and thefts and roam both the digital and IRL worlds looking for their next victim. This type of crime could become more prevalent as the lines between the physical and digital worlds continue to blur, and if blue-chip NFTs continue to rise in price.
Digital identity theft
In a world where some NFTs are becoming synonymous with digital identity, criminals can focus on stealing these unique assets to impersonate a victim in online social groups or even in real-life situations. This type of crime could have significant implications for metaversal avatars and notable meta-celebrities, as the theft of their NFTs could lead to reputational loss, privacy violations, or other unintended consequences.
Wallet corruption
In an attempt to discredit or simply cause trouble for prominent cryptocurrencies, malicious actors may engage in “wallet dirtying” by sending them nefarious NFTs that contain illegal or offensive content. This tactic could damage the targeted person’s reputation and potentially expose them to legal risks.
A similar situation was seen after OFAC sanctioned Tornado Cash, where notable crypto figures were sent small amounts of Ether from the service – an act known as “dusting”. Under US sanctions guidelines, ownership of this cryptocurrency would require those individuals to file exposure reports with OFAC. Consequently, it tainted their wallet as it showed exposure to sanctions.
Slow play scams
Taking a more patient approach, some fraudsters may create seemingly legitimate NFT collections or markets with the ultimate intention of committing exit fraud. This would be a change in approach from the current typologies in the space, which most often see criminals looking to quickly raise and then pull a project, or fraudsters deploying a phishing site or scam project and keeping it active for days or weeks before as they embark on their next illegal venture.
However, by slowly building trust within the community, these criminals could maximize their profits before disappearing. This is similar to the tactics used by early crypto exchange Thodex, which exited with over $2.5 billion after running a fake exchange for four years.
Using blockchain analytics to trace the flow of funds for NFT crime
Elliptic actively monitors, verifies and flags addresses included in NFT fraud reports within our wallet verification and transaction monitoring tools. Fraud reports can come from a number of sources, meaning that NFT markets and cryptoasset exchanges will be alerted and able to block fraudulent addresses identified from various platforms. This is crucial to ensure that fraudsters have minimal opportunities to cash in on their stolen assets, increasing the incentive to negotiate their return to victims.
Improving the ability to respond to fraud can have the wider effect of increasing market confidence and deterring attempted fraud – particularly if perpetrators see their chances of successfully cashing out diminishing.
The scammer who stole $325,000 worth of NFTs from 29 victims is transferring funds through Tornado Cash and by buying other NFTs through a prominent marketplace using intermediary jumps. Source: Elliptic Investigator.
Elliptic’s monitoring capabilities also cover illegal and dark web entities – including stolen data sellers and identity spoofing services – that are often used by more sophisticated fraudsters to facilitate their illegal activities, such as social media compromise or phishing scams.
Taking another example of an illegal NFT incident – Frostie’s rug pull – it’s clear how blockchain analytics can help reduce the success of fraudsters in cashing out on centralized exchanges.
This use of centralized exchanges to monetize carpet-pulling proceeds remains significant, and has been instrumental in allowing investigators to arrest alleged fraudsters. Block analysis tools like Elliptic Lens and Navigator label rug pull addresses, meaning clients will be alerted if perpetrators attempt to cash out their funds using their services.
Elliptic Investigator shows Frosties scammers laundering their $1.1 million carpet-pulling proceeds.
You can also use Elliptic Investigator – as demonstrated in the cases above – to effectively track and visualize the laundering patterns and strategies used by suspected fraudsters. Similar to mitigating general fraud, effective screening and monitoring solutions can help increase confidence in the NFT market. They can also help manage the reputational risk associated with facilitating the forging and listing of fraudulent collections.
Elliptic tracks 98% of all cryptoasset trading volume, and we’ve collected over 100 billion data points – preventing cybercriminals from using cryptoassets to hide their ill-gotten gains. We also boast the widest coverage of digital assets and blockchain available on the market.
Our verification, due diligence and investigative solutions mean compliance teams and investigators can track and visualize the proceeds of crime across blocks and assets in real-time – helping you achieve the highest levels of risk detection.
Contact us to find out more.
NFTs Crypto Crime Global