The extensive report published recently by crypto auditing firm Elliptic shows the methods used by cybercriminals to misappropriate and profit from the immense hype generated by NFTs, extolled for the benefit of wary consumers.
Between phishing, scam projects, stolen and plagiarized NFTs, market manipulation, and rugpulls, the total value of financial crime connected to NFT trading adds up to over $100 million, with an average of $300k for every instance of monkey business. So far, July 2022 has been the most profitable month for cybercriminals, with over 4600 NFTs stolen.
🚨Over $100 million worth of NFTs were publicly reported as stolen through scams between July 2021 and July 2022, netting perpetrators $300,000 per scam on average.
Head to https://t.co/u6iPLjXgpR to read our NFTs and Financial Crime Report.#nft #crypto #aml
— elliptic (@elliptic) August 24, 2022
Phishing for Trouble
Over half of the aforementioned figure – $69.5 million, to be exact – represents the value of NFTs stolen by various methods. The vast majority of these thefts were carried out via phishing attacks.
80.1% of the stolen digital artworks were acquired via e-mail and social media-based phishing. The remaining were carried out via swap scams, impersonation scams, and other methods.
Curiously, phishing attacks were not only used to relieve unwary collectors of their holdings. Some phishing scams either airdropped free NFTs or sold inexpensive NFTs – often in a .svg format – that functioned as a Trojan horse, granting bad actors access to the user’s wallet once the NFT was received or, in some cases, revealing the collector’s IP address, and much more.
Rug Pulls Never Went Away
Although 2017 is long behind us, the practice of rug-pulling never went away. However, the report clarifies that not all NFT rug-pulls within the past year started out maliciously.
Although bad actors abound in the NFT space, the document indicates that many of the rug-pulls that took place within the past year were projects started by initially honest devs who overpromised and, when faced with the reality that their attempts at delivering were futile, decided to exit scam and go into hiding.
Rug pulls within the past year have been relatively inefficient, with scammers only gaining several thousand dollars before moving on to the next unlucky victims. There are some exceptions, however – such as the Evolved Apes debacle, which netted the scammers nearly $2.5 million off of hopeful BAYC latecomers.
The report also brings attention to even more underhanded tactics. These tactics include wash trading – the practice of repeatedly selling something between two or more parties to jack up the price – market manipulation carried out by using the influence a celebrity has on their community and outright blackmail aimed at the developers of a project.
The report ends with several recommendations aimed at users who wish to protect themselves from becoming victims – and warns readers that possible future scams may take forms not yet seen anywhere else, urging everyone to keep their guard up.