French cybercrime authority leverages ZachXBT’s research to apprehend NFT fraudsters
France’s OCLCTIC cyber-crime authorities arrested a group of five NFT fraudsters for allegedly stealing $2.5 million worth of NFTs via phishing using the chain finder ZachXBT, according to an Oct. 12 press release from BFM crypto in partnership with Paris à to AFP.
ZachXBT started the investigation when holders of the limited edition Bored Ape Yacht Club NFTs complained online about their lost monkeys and posted their findings online, which OCLCTIC cited as matching their own.
Those who came forward about the NFT fraud allegations include footballer Neymar, rapper Eminem and TV personality Paris Hilton.
ZachXBT’s recap
ZachXBT found that the phishing scams from the NFT scam group were carried out between late 2021 and early 2022. The scammers were able to steal the victim’s Bored Ape Yacht Club (BAYC) and Mutant Ape Yacht Club (MAYC) NFTs by luring them into on a website they built it masquerading as a service that animates the static artwork from the NFTs.
Unwitting holders who provided credentials to the site ended up transferring ownership of their NFTs to the fraudsters.
Twitter user Dilly Dilly was phished for his BAYC #237 NFT on December 13, 2021, when he authorized a transaction through the site, which he believed would produce an animated version of his NFT artwork.
His NFT was stolen from his wallet and ended up in the hands of the fraudsters afterwards. The scammer then sold the NFT on OpenSea for 47 ETH or $176,000, according to ZachXBT’s blog post detailing the investigation and a chirping by Dilly Dilly.
Four more victims also lost their blue-chip NFTs in a similar fashion, their losses amounting to $1.7 million at the time.
ZachXBT identified the mathys.eth address as the wallet address used by fraudsters to carry out NFT thefts and move the stolen funds. The funds generated from selling the victim’s NFTs were deposited into mathys. eth address and then mixed on Tornado Cash.
The fraudsters “carefully” withdrew 10 Ether at intervals during the thefts, but “were not careful to cover their tracks” when withdrawing from Tornado.
The five NFT scam artists now face charges including fraud committed as part of a criminal gang, concealment of fraud and criminal association.