A recent study by blockchain analysis company Elliptic claims that over $100 million worth of NFTs have been stolen during the last year. The “NFTs and Financial Crime” study, which came out on Wednesday, looks at illegal cryptocurrency activities from July 2021 to July 2022.
Elliptic reports that, since 2017, NFTs have been used to launder approximately $8 million in illegal money, including stolen NFTs. Tokens that are not interchangeable with other tokens are called non-fungible tokens (NFTs), and they are used as a form of cryptographic proof of ownership for both digital and physical goods.
According to Elliptic, the average amount stolen by fraudsters during a single scam was $300,000. According to the research, scammers made off with $24 million in NFTs in May 2022, with 4,600 taken in July 2022 being the highest monthly total on record.
Due to the fact that not all thefts are recorded, “actual numbers are likely to be greater,” Elliptic notes. The company claims that most of these thefts go undetected because they use NFTs with lower prices.
The research claims that by 2022, 23 percent of all NFT theft occurred on infiltrated social media platforms like Discord, and phishing messages were sent to users.
Elliptic also monitors other attack vectors, including phishing emails, rogue websites, and mobile wallet exploits like the recent Solana compromise.
The most expensive NFT ever stolen was CryptoPunk #4324, which was worth $490,000 in November of 2021, according to the company. (On OpenSea, the collectable was “reported for suspicious behavior” thereafter.) Elliptic claims that in their worst case of theft, which occurred in December 2021, $2.1 million worth of “blue chip” NFTs were stolen.
Elliptic reports that Bored Apes, Mutant Apes, Azuki, Otherside, and CloneX make up the majority of NFTs lost to scams.
Collectively, these five collections account for more than two-thirds of the stolen NFT value since July 2021, according to Elliptic.
Of all the NFTs out there, the Bored Ape Yacht Club ones are the most sought after by hackers. If Elliptic’s numbers are correct, $43.6 million in stolen NFTs may be attributed to the theft of Bored Apes.
Seth Green, star of Family Guy, fell victim to a phishing scam in June and had to pay $300,000 to get back his missing Bored Ape NFT.
The March 2022 breach of Axie Infinity’s Ronin Ethereum sidechain bridge by the North Korean Lazarus Group is also mentioned in the paper. Also, it came out that over $160,000 worth of NFTs were bought with digital assets that came from legal businesses. The Tornando Cash mixing service got a lot of attention for this.
According to Elliptic, criminal activity may make up a very tiny share of NFT trading, but it has a disproportionately negative effect on the industry’s image and the quality of experience for genuine customers, according to Elliptic.
The reputational damage is compounded, according to Elliptic, since thieves are becoming smarter and finding ways to get around verification methods like the defunct “Verified by Civic Pass” scheme, which was offered by the decentralized identity verification business Civic. Although they were “confirmed,” in January, fraudsters stole 9136 SOL, or about $1.3 million at the time.
Another big issue is the circulation of fake NFTs. More than 80% of the NFTs that OpenSea banned from its platform in January for infractions such as “plagiarized works, bogus collections, and spam,” Elliptic pointed out.