Digital artists meet scammers, as criminals pounce on the NFT craze

Many people have never even heard of non-fungible tokens. And yet, it has become such a hot trend that scammers have taken notice and are trying to lure current and potential merchants to NFT-themed phishing and fraud websites.

For the uninitiated, NFTs are unique tokens that accompany original, collectible digital art or video that can be sold or traded as cryptocurrency, with transactions recorded on the blockchain. Many of the early NFTs involved kitten artwork, but they can take the form of just about anything.

For example, a collage created by digital artist Mike Winkelmann, aka Beeple, recently fetched $69.4 million at auction, while Twitter CEO Jack Dorsey’s very first tweet was digitally pledged for $2.9 million. Meanwhile, it was also just announced that NFL quarterback Tom Brady is forming his own NFT company, Autograph.

No wonder scammers are taking notice and jumping on the bandwagon. Online fraud and phishing firm Bolster recently reported that criminals are starting to create fraudulent NFT imitation websites that pose as genuine digital marketplaces such as Opensea and Rarible, then use fake tweets and spam. other social engineering tactics to lure victims to these phishing pages.

For a quick buck, these bogus sites can sell counterfeit artwork or products that don’t even exist. But in other cases, they attempt to trick users into entering their account credentials or credit card data, allowing the perpetrators to steal their valuable information.

The report notes that the number of suspicious domain registrations copying the names of genuine NFT stores jumped almost 300% in March 2021 compared to February.

Shashi Prakash, chief technology officer and chief scientist at Bolster, told SC Media that NFTs are particularly ripe for scamming right now due to the very fact that some people are chasing this fad without really understanding how the process works. .

“These days, people who might not be technically savvy are getting into it,” Prakash said. “And just by not understanding [what] is legit and which is fake, people can fall for these scams. And “because of the number of people who fall for these attacks, there is now an incentive for scammers to create more of these scams.”

Indeed, right now “there is a fervor created by FOMO [fear of missing out]…that bad actors can use to entice victims into participating in scams,” said CipherTrace CEO Dave Jevans.

Prakash also said that NFTs are an enticing opportunity for cybercriminals because the law has yet to catch up with the concept and because fraudulent or counterfeit transactions are difficult to trace.

“Criminals are often at the forefront of the adoption of new technologies, and cryptocurrencies are no exception,” said Jesse Spiro, head of government affairs at Chainalysis, noting that scams were the most common form. most lucrative crypto-crime in 2020, earning nearly $2.7 billion in 2020.” We saw this with the early success of the Silk Road darknet market, which was a big part of the early crypto economy .”

There are also notable parallels to the initial coin offering (ICO) craze of 2017, “as regulators are just starting to catch up, and scammers are using the momentum and hype to incentivize people to participate in fraudulent schemes,” Jevans noted.

Another form of scam listed in the Bolster report consisted of fake giveaways in which scammers “targeted crypto enthusiasts by offering them free crypto/NFTs/tokens linked to NFT marketplaces”, sometimes impersonating brands and famous personalities.

And it’s not hard to speculate when the scams might go from here.

For example, “crooks could create fake NFT user interfaces that steal cryptocurrency without providing the value they claim,” Spiro said.

Or cybercriminals could try to compromise the market or the NFT exchange platform itself, so that users making a transaction actually send funds to a malicious actor’s cryptowallet. “I think if you look at the previous history of how cryptocurrency exchanges have been targeted, it makes sense that it’s possible…maybe that’s the next thing we see,” he said. said Prakash.

It is also very possible that we will soon be affected by phishing campaigns built around NFT decoys.

“As we see with any trending topic, threat actors will find ways to exploit the theme in their phishing campaigns,” said Tonia Dudley, strategic advisor at Cofense. “By leveraging a trending theme, the likelihood of a recipient interacting with the email is increased. We saw this same trend last year when COVID-19 started spreading across the globe . »

There are also non-cyber crimes worth monitoring with NFTs.

“Just as money laundering can be done through the purchase of high-value artwork, money laundering can also take advantage of the NFT digital art market for its own purposes,” noted Jevans. In fact, “the global anti-money laundering (AML) watchdog, the Financial Action Task Force (FATF), recently updated its proposed cryptocurrency guidelines to suggest that NFTs that may facilitate money laundering and terrorist financing should be subject to these new guidelines.”

Spiro also pointed out that money launderers could “take advantage of some of the NFT markets that sell NFTs at subjective prices – in other words, in markets where the NFTs are worth what someone is willing to pay – like the art market”.

Because of their potential for abuse and fraud, Jevans suspects that NFTs will eventually “fall within the definition of securities as defined by the SEC, especially since “the provenance of many NFT assets is unclear. and can be exploited by bad actors to defraud investors. ”

Marilyn M. Davis