The NFT bubble of 2021 may have well and truly burst, but according to data published by London-based blockchain analysis provider Elliptic, the proliferation of scams is only going up.
Over 4,600 NFTs were stolen in July 2022, the highest monthly figure ever by volume, despite NFTs sales being nearly 80% below 12-months highs.
Two months earlier in May, the highest confirmed value of NFTs was stolen through scams- nearly US$24mln.
The rise in social media compromises – particularly on Discord servers – could be partially to blame, with Elliptic pointing the finger at the growing availability of tailored malware that can circumvent multi-factor authentication.
Having risen by nearly 400%, social media compromises now account for 23% of all social media theft, though phishing is by far the most common avenue for theft at over 50%.
Phishing scams occur when either a fake pop-up posing as a reputable login panel convinces a victim to hand over their information, or by encouraging victims to inadvertently sign off on malicious transactions.
While the number of stolen NFTs is going up, total values seem to be decreasing – Source: elliptic.co
Elliptic’s report also detailed the rising threat of state-sponsored exploits, most notable the US$540mln Axie Infinity heist executed by North Korean hackers Lazarus Group.
The most valuable single NFT ever stolen was CryptoPunk #4324, which was sold by scammers for US$490,000 in November 2021.
Laundering through crypto mixers
Tornado Cash, the “crypto mixer” recently put on the US sanctions list, accounted for 52% of all laundered funds originating from NFT scams, according to Elliptic’s data.
Crypto mixers work by obfuscating transactional data, thus making it difficult for enforcement agencies to trace funds back to malicious actors.
On the topic of sanctions, Tether Limited, developer of the largest stablecoin by market capitalisation and third-largest cryptocurrency overall, continues to ignore the US sanctions.
As a Hong Kong-based entity, Tether has stated that it has yet to be contacted by The Office of Foreign Assets Control or any other US law enforcement agency or regulator, though has suggested that it “normally complies with requests”.
Although Tether’s refusal to acknowledge Tornado Cash sanctions could make it a go-to cryptocurrency for future NFT-based money laundering, the company noted that fellow stablecoin issuers Paxos and MakerDAO have also ignored the sanctions.
Other popular obfuscation services for laundering stolen funds include KYC-free exchanges, crypto bridges and unregulated gambling services.