logo-loader

NFT theft on the rise despite non-fungible bubble burst

Published: 08:59 25 Aug 2022 EDT

North Korean hackers are a main perpetrator of state-sponsored exploits
North Korean hackers are a main perpetrator of state-sponsored exploits

The NFT bubble of 2021 may have well and truly burst, but according to data published by London-based blockchain analysis provider Elliptic, the proliferation of scams is only going up.

Over 4,600 NFTs were stolen in July 2022, the highest monthly figure ever by volume, despite NFTs sales being nearly 80% below 12-months highs.

Two months earlier in May, the highest confirmed value of NFTs was stolen through scams- nearly US$24mln.

The rise in social media compromises – particularly on Discord servers – could be partially to blame, with Elliptic pointing the finger at the growing availability of tailored malware that can circumvent multi-factor authentication.

Having risen by nearly 400%, social media compromises now account for 23% of all social media theft, though phishing is by far the most common avenue for theft at over 50%.

Phishing scams occur when either a fake pop-up posing as a reputable login panel convinces a victim to hand over their information, or by encouraging victims to inadvertently sign off on malicious transactions.

While the number of stolen NFTs is going up, total values seem to be decreasing – Source: elliptic.co

While the number of stolen NFTs is going up, total values seem to be decreasing – Source: elliptic.co

Elliptic’s report also detailed the rising threat of state-sponsored exploits, most notable the US$540mln Axie Infinity heist executed by North Korean hackers Lazarus Group.

The most valuable single NFT ever stolen was CryptoPunk #4324, which was sold by scammers for US$490,000 in November 2021.

Laundering through crypto mixers

Tornado Cash, the “crypto mixer” recently put on the US sanctions list, accounted for 52% of all laundered funds originating from NFT scams, according to Elliptic’s data.

Crypto mixers work by obfuscating transactional data, thus making it difficult for enforcement agencies to trace funds back to malicious actors.

On the topic of sanctions, Tether Limited, developer of the largest stablecoin by market capitalisation and third-largest cryptocurrency overall, continues to ignore the US sanctions.

As a Hong Kong-based entity, Tether has stated that it has yet to be contacted by The Office of Foreign Assets Control or any other US law enforcement agency or regulator, though has suggested that it “normally complies with requests”.

Although Tether’s refusal to acknowledge Tornado Cash sanctions could make it a go-to cryptocurrency for future NFT-based money laundering, the company noted that fellow stablecoin issuers Paxos and MakerDAO have also ignored the sanctions.

Other popular obfuscation services for laundering stolen funds include KYC-free exchanges, crypto bridges and unregulated gambling services.

Coniagas Battery Metals secures new key ground with focus on...

Coniagas Battery Metals (TSX-V:COS) CEO Frank Basa joined Steve Darling from Proactive to announce the company's strategic acquisition of key ground near SOQUEM’s Cardinal Property, located 80 km southeast of Chibougamau, Quebec. This acquisition underscores Coniagas’ commitment to capitalizing...

16 minutes ago