A recent study by the blockchain analysis company Elliptic found that more than $100 million worth of NFTs have been stolen in the past year. In a paper called “NFTs and Financial Crime,” which came out on Wednesday, illegal crypto activities between July 2021 and July 2022 are looked at.
Elliptic says that, in addition to stolen NFTs, more than $8 million in illegal money has been washed through NFTs since 2017. Non-fungible tokens, also called NFTs, are cryptographically unique tokens that serve as proof of ownership for both digital and physical information.
Elliptic says that fraudsters made an average of $300,000 from each scam. Just in May 2022, scammers stole NFTs worth $24 million. The most NFTs were stolen in July 2022, when 4,600 were taken.
“Real numbers are probably higher, since not all thefts are reported,” Elliptic says. The company says that these thefts that aren’t reported are often NFTs that cost less.
The research shows that 23% of stolen NFTs in 2022 came from social media platforms like Discord and phishing emails sent to users.
Elliptic also keeps an eye on phishing emails, fake websites, and mobile wallet exploits, like what happened with Solana earlier this month.
The company says that CryptoPunk #4324 was the most expensive NFT that was ever stolen. The hackers got $490,000.00 for it in November 2021. Since then, the collectable has been “flagged for questionable behavior” on OpenSea. Elliptic says that in December 2021, 16 “blue chip” NFTs worth $2.1 million were stolen. This was the biggest theft.
Elliptic says that Bored Apes, Mutant Apes, Azuki, Otherside, and CloneX are where scammers get most of the NFTs they steal. It says that these five collections make up almost two-thirds of the value of the NFTs that have been stolen since July 2021.
Fraudsters are especially interested in Bored Ape Yacht Club NFTs, which is not a big surprise. Elliptic says that the theft of Bored Apes cost $43.6 million in stolen NFTs.
In June, Seth Green paid $300,000 to get his stolen Bored Ape NFT back after falling for a phishing scam.
The paper also talks about the breach of Axie Infinity’s Ronin Ethereum sidechain bridge by the North Korean Lazarus Group in March 2022. Also mentioned is the recently approved Tornando Cash mixing service. It says that digital assets from approved companies worth more than $160,000 were used to buy NFTs.
“Criminal activity only makes up a small part of NFT trading as a whole, but it has a big effect on the industry’s reputation and makes things worse for legal customers,” says Elliptic.
Elliptic says that fraudsters are getting better at avoiding verification systems like Civic’s now-defunct “Verified by Civic Pass” service. Even though it was “confirmed,” fraudsters stole 9136 SOL in January. At the time, it was worth about $1.3 million.
Also, counterfeit NFTs are a very big problem. According to Elliptic, OpenSea said in January that more than 80% of the NFTs it removed from its platform for violations like “plagiarized works, fake collections, and spam” were made with its lazy-mining tool.