“Crypto winter” or not, non-fungible token (NFT) scams are on the rise.
Investors reported over $100 million worth of NFTs as
stolen—the result of scams between July 2021 and July 2022, according to a new
report by top blockchain analytics firm Elliptic.
Scammers netted $300,000 on average as several shady records
were broken over the past year. In July 2022—mid–crypto bear market, when NFT
prices steeply declined—over 4,600 NFTs were reported stolen, the “highest
month on record” for such scams, according to Elliptic.
Additionally, in May, just under $24 million in NFTs was stolen
through scams. That’s the “highest confirmed value” to date, Elliptic wrote,
noting that the actual number is likely even higher because victims don’t
always publicly report being scammed.
Among the most common methods used were phishing scams,
often where fake pop-ups encourage users to log in to their wallets or sign on
to malicious transactions. Sometimes, for example, bad actors impersonate the
site of a well-known NFT platform or wallet, or hack into the social media
account of a popular NFT project, spreading malicious links that give scammers
access when clicked.
Social media–based phishing scams have also surged,
according to Elliptic, with about $20 million worth of NFTs stolen in 2022.
Elliptic concludes this is due to an increased use of malware that can bypass
two-factor authentication.
Scams aside, NFTs are often criticized as vehicles that can
be used for money laundering. But in its investigation, Elliptic found that
while illicit funds have been used to buy NFTs, that amount is comparatively
small.
Elliptic analyzed 17 million Ethereum transactions between
the fourth quarter of 2017 and the first quarter of 2022 from 22 NFT
marketplaces, four NFT games or metaverse platforms, and two NFT swap services.
In its breakdown, Elliptic reported that funds from licit
activity accounted for about $40 billion, or 99%, of the total used for NFT
services. Under $329 million, or 0.81%, of funds on NFT services come from
“obfuscators” like so-called crypto mixers, which allow users to hide the trail
of transactions. And illicit funds, like those from theft, phishing, or Ponzi
schemes, account for $8 million, or 0.02%.
Nonetheless, Elliptic sees a “growing threat to NFT-based
services from sanctioned entities and state-sponsored exploits,” it wrote, citing
the $540 million Axie Infinity Ronin bridge exploit by the infamous North
Korean hacking outfit known as the Lazarus Group, among others.
For example, Tornado Cash, a notable crypto mixer now
sanctioned by the U.S., was “the source of $137.6 million of crypto assets
processed by NFT marketplaces and the laundering tool of choice for 52% of NFT
scam proceeds before being sanctioned,” Elliptic wrote. “Its prolific use by
threat actors engaging with NFTs further emphasizes the need for effective
sanctions screening by NFT platforms.”
All in all, Elliptic concluded that although the “perceived
chances of NFT-based crime occurring is higher than it actually is,”
improvements still are required within the space.
0 comments:
Post a Comment