More than $100 million worth of NFTs have been stolen in the past year as crypto fraud continues to rise
Over $100 million worth of NFTs have been stolen in the past year, according to a new study, with the thieves getting away with an average of $300,000 each time.
The 110 page reportpublished this week by the London-based blockchain analytics company Elliptical, suggests that thefts have not slowed with the recent cryptocurrency crash. In fact, the frequency of cybercrime may be increasing: In May, just under $24 million in NFTs were siphoned from their owners’ wallets—the highest amount recorded in a single month. In July, a total of 4,600 NFTs were stolen, another record number.
The most valuable NFT ever stolen, according to the report, is CryptoPunk #4324, which was pinched in November before selling for $490,000. The largest single heist occurred a little more than a month later, when 16 blue-chip NFTs worth $2.1 million were stolen from a collector.
At the center of many of these cases are elaborate scams that trick NFT owners into voluntarily sharing access to their NFTs or wallet. Phishing attacks are the most common form, used to lure NFT owners with fake websites, pop-ups and transaction opportunities. Often this involves criminals impersonating well-known cryptocurrency platforms or even counterfeiting NFTs.
Social media has made NFT players particularly vulnerable as fraudsters hack the accounts of popular NFT projects to post phishing links. Close to 5,000 NFTs have been archived this way, Elliptic reports, noting that social media compromises accounted for nearly a quarter of all crypto-art thefts in the past year.
Also, the costs of these crimes have skyrocketed in recent months. Between the first and second quarters of 2022, the value of NFTs stolen through social media fraud went from $3.2 million to $15.4 million – a 386 percent jump.
“The increasing availability of tailored malware that can bypass multifactor authentication is likely to be partially responsible,” Elliptic’s report explains.
It was through Instagram that an attacker managed to steal $3 million worth of NFTs from Yuga Labs, the collective behind Bored Ape Yacht Club, in April. After hacking the company’s account, the consent sent users a “smart contract” that ultimately granted access to their crypto wallets.
Elliptic also found that some services have been particularly instrumental in enabling blockchain crime. About 52 percent of NFT fraudsters used the Tornado Cash virtual currency mixer to launder money after thefts. The US Treasury placed the service on sanctions earlier this yearand said it “randomly facilitates anonymous transactions by obscuring their origin, destination and counterparties.”
Still, for NFT lovers growing weary of their wallet exposure, the outlook may not be as bleak as it seems. “As with many crimes,” the report states, “the perceived chance of NFT-based crime occurring is higher than it actually is. Elliptic’s data-driven analysis has found that the true occurrences of these crimes account for a small proportion of NFT -related trade.”
The “responsibility” to combat such crime, Elliptic claims, “lies with everyone involved in the NFT space – regulators, marketplaces, project developers, NFT traders and influencers – to motivate the safe and secure development of this technology.”
Follow Artnet News on Facebook:
Do you want to be at the forefront of the art world? Subscribe to our newsletter to get the latest news, eye-opening interviews and sharp critiques that drive the conversation forward.