A new report has revealed that the NFT market has been plagued by a massive heist spree in the last year. According to a report by blockchain research firm, Elliptic, over $100 million worth of NFT assets were stolen between July 2021 and July 2022.
The NFT space is abundant with investors, collectors, and creators as well. And with the huge amount of money that has flowed into the market in recent years, it is not surprising that scammers discovered it as a soft spot for their craft.
Some of the most popular ways NFTs get stolen are by owners clicking on a bad link, exposing their secret phrase and via user error. This way, users are often tricked into transferring their NFTs or providing access to the wallet. Most times, scammers will approach them in the DMs either offering help or a deal that is too good to be true.
Also, NFT thieves can create fake profiles impersonating trusted influencers or companies in the space and approach unsuspecting people with an offer of help with a problem they’ve been experiencing. Platforms usually used for these nefarious operations are Discord, Telegram and Twitter.
Some more advanced scammers can steal NFTs through exploitation. Here is how: some NFT platforms have weak points in their contract and hackers could use that to their advantage, resulting in stolen NFTs and crypto.
More about the Elliptic report
The report titled “NFTs and Financial Crime,” covers nefarious crypto activity that took place between July 2021 to July 2022 and was released last week. It says in addition to stolen NFTs, over $8 million in illicit funds has been laundered using NFTs since 2017.
Specifically, the report says cybercriminals netted an average of $300,000 per scam. May 2022 saw the highest confirmed value of NFTs lost through fraud, with $24 million and July 2022 was the highest month on record for the number of NFTs stolen at 4,600.
The Elliptic report says that the numbers are likely to be higher, as thefts are not always publicly reported. These unreported thefts, the firm says, are typically lower-priced NFTs.
According to the report, 23% of all NFTs stolen in 2022(close to 5,000, worth around $20 million) came from compromised social media platforms like Discord and phishing messages sent to members.
“The growing availability of tailored malware that can bypass multifactor authentication is likely to be partially responsible,” researchers said.
Other attack methods tracked by Elliptic include phishing emails, malicious websites, and—as in the case of the Solana hack, earlier in the month—an exploit in a mobile wallet.
The most valuable NFT ever stolen was CryptoPunk #4324, which netted the thieves $490,000 in November 2021. The most significant theft, Elliptic says, resulted in the loss of 16 “blue chip” NFTs worth $2.1 million in December 2021.
Elliptic says the bulk of NFTs lost to scams include Bored Apes, Mutant Apes, Azuki, Otherside, and CloneX.
Bored Ape Yacht Club NFTs are the most sought after by cybercriminals. According to Elliptic, the theft of BAYC accounts for $43.6 million in stolen NFTs.
“Together, these five collections constitute over two-thirds of the stolen NFT value since July 2021,”
The report laments the negative impacts these thefts have had on the reputation of the NFT sector which has seen a steady decline in market volume and buyer activity in the past few months.
“Although crime represents a small proportion of overall NFT trading, it has a disproportionate impact on the industry’s reputation and undermines the quality of experience of legitimate users,” – The Elliptic report
Read also: Global NFT sales volume declined by 26% in the past month
What to learn from this
Hacks and scams have long plagued the blockchain industry and it does not seem to be ending anytime soon. The only reasonable thing to do is to take some measures in order not to be a victim of NFT scams.
Although it might sound cliche, never share your passwords or wallet secret phrase with anyone and do not store your passwords or wallet secret phrase on any device. Hackers can easily gain access to devices and will find secret phrases. It is better to write them down and keep them in a safe place.
Also, never click on links all around social media platforms. That technique is popularly used by scammers on Twitter and Discord. You can lose your NFTs and other digital assets by clicking malicious links and signing transactions using your wallet.
Read also: Hackers have stolen $1.97bn worth of crypto in H1 2022
Importantly, If an offer is too good to be true, it’s a scam. Most crypto giveaways and money doubling offers on social media, especially if you have to connect wallets, are run by scammers.
Lastly, you should always enable 2-step authentication on every device and platform you use. Every extra layer of security is another wall hackers and scammers have to get through. It is important to put up as many walls as you can in order not to fall victim to NFT scams.
Technext Newsletter
Get the best of Africa’s daily tech to your inbox – first thing every morning.
Join the community now!
