The non-fungible token (NFT) market saw explosive growth last year, thanks to ongoing hype and increased mainstream participation. However, the growth in the value of this market has also attracted the wrong crowd, as there is now an increasing number of scams and frauds in the global NFT space.
NFT refers to unique and irreplaceable tokens powered by the smart contracts technology. According to decentralised platform DappRadar, NFT sales volume totalled US$24.9 billion ($33.5 billion) in 2021, a huge jump from US$94.9 million recorded in the previous year.
Stephen Topliss, vice president of fraud and identity strategy at data analytics firm LexisNexis Risk Solutions, says Asia has seen considerable growth of NFT market participants, thanks to the increasingly cashless society and interest among the young and digitally savvy population. However, due to a lack of regulations and market frenzy, investors and collectors tend to be vulnerable to malicious attacks and frauds.
According to the LexisNexis Risk Solutions Cybercrime Report, fraud and scam cases are growing as the world emerges from the pandemic, and this is becoming one of the biggest issues in the world across all industries and services. “NFT, being the hot new service, is not exempt. Compared to other financial-related services, NFT has not been as regulated, which means that there won’t necessarily be as many standardised fraud prevention techniques built-in,” says Topliss.
Additionally, the explosive growth of the NFT market meant marketplaces or trading platforms for NFTs did not have the chance to fully develop their anti-fraud capabilities, Kirk Fergusson, CEO at validation-as-a-service platform UREEQA, tells DigitalEdge Singapore: “The platforms were trying so hard to keep up with the volume of the content being minted, as well as the demand from buyers, that they were not able to create barriers to protect their clients on both sides. With a weak foundation, the rest of the house will not be able to be built very soundly, which has in turn led to the issues of frauds and scams in the industry.”
Fending off software-based attacks
The more notable malicious attacks in NFTs include the case involving the Monkey Kingdom project. Founded by Hong Kong entrepreneurs, the project’s server on social media platform Discord was attacked by scammers during a presale of their NFT collection Baeapes in mid-December 2021. The scammers posted phishing links, which allowed them to steal a total of 7,000 Solana coins worth about US$1.2 million from the project community.
Another attack, which was also made possible via phishing links, caused an art curator and NFT collector to lose about 593 Ethers worth approximately US$2 million. After clicking a malicious link disguised as a genuine NFT decentralised app, 16 NFT tokens were stolen out of his wallet, including those of Bored Ape Yacht Club, Mutant Ape Yacht Club and CloneX.
“In a space like NFT, which has only gained popularity over the past 12 months, there is a bit more risk compared to other financial services space. Ultimately, the risk is not with the blockchain technology, but rather outside of that. It is more about credentials and gaining access to wallets where things can be stored and exchanged,” says Topliss.
Malware-based scams targeting to steal information or money from victims are not new in the bigger cryptocurrency space. In its investigation, insights firm Chainalysis detected 24,576 transfers from victims to cryptocurrency addresses associated with a sample of malware families from 2017 to 2021.
One way investors and NFT collectors can defend themselves against such malicious links and attacks, says Topliss, is to first ensure the tokens stored in their digital wallets are adequately protected. This means taking the extra step, such as procuring offline wallets (also known as cold wallets). As these wallets are not connected to the Internet, it is more secure, albeit less convenient.
“There are also certain optional setups that can be enabled to further defend their tokens, such as two-factor authentication. This is something that some people might overlook but can be very helpful,” he adds.
Prevention of theft and counterfeit tokens
Aside from phishing, another common fraud happening in the NFT space is the sale of stolen products, says Topliss. Similar to counterfeit and stolen items sold on e-commerce sites, there are such NFTs being sold on NFT marketplaces. There are also fake merchants — it is possible for scammers to steal an artist’s work, open an account on a marketplace, sell the NFTs that have no value and then disappear the next day.
To stay ahead of the latest tech trends, click here for DigitalEdge Section
Various artists have reported their art being stolen or only slightly modified to be sold on NFTs, shares Fergusson. In March last year, actor William Shatner — most popular for his role in Star Trek as Captain Kirk — raised concerns that a bot called Tokenized Tweets. The bot account, which allows anyone to turn a tweet into an NFT, has caused many public figures like Shatner to see their tweets minted without their consent.
Another high-profile case Fergusson highlights involves Matt Furie, creator of cartoon character and popular meme Pepe the Frog. In August last year, Furie requested frog-themed NFT project Sad Frog worth US$4 million to be removed from OpenSea, one of the largest NFT marketplace for copyright infringement. Furie claimed the Sad Frog collection had ripped off Pepe the Frog, and that the NFTs are only slight modifications to his creations. This led to a legal battle, which ultimately resulted in Sad Frog being taken down from the platform.
“These are just some of the examples — there are lots of similar frauds being perpetrated, it is almost a weekly thing. And the big platforms do not seem to have a better way of ensuring creators and buyers that their validating process is adequate,” says Fergusson.
To avoid such risks, Topliss advises investors and NFT collectors, first and foremost, to always understand what they are buying. They need to do prior research and due diligence, which includes ensuring the trading platform is reputable and that the artists or issuers minting their collection are genuine.
But how exactly can they do the latter? To help fill this gap, UREEQA has introduced an intellectual property protection platform that utilises blockchain technology to verify ownership for creators as part of the NFT-minting process. Fregusson says UREEQA supports all creative works, including music, video, visual art, photographs and written works.
“To do this, we spend quite a bit of time with the creator to document evidence supporting legal proof of ownership, authorship and originality of a piece of creative work. The ‘Package of Proof’ will then be accompanied by an affidavit signed by the creator and the legal witness — all this evidence is written to the blockchain,” he explains.
He continues: “We would love for NFT marketplaces to use this validation process and feature it on their platforms as an option for at least the more expensive pieces. This is not something you do for a US$5 NFT. But if the tokens are selling at US$20,000 to US$50,000, it is definitely worth spending a few days with us back and forth, exchanging files and signing affidavits. It is a better option compared to getting a copyright lawyer, which would set creators back about US$500 an hour.”
UREEQA’s validation works on any layer-one Ethereum-based NFT marketplaces. “We have our own marketplace where we have launched a number of NFTs of predominantly hip hop and rap artists in North America, but we can support artists who want to issue NFTs on other marketplaces as well. We want marketplaces to consider implementing the validation process that we offer as part of their value-added services to help provide a degree of assurance to their clients,” says Fergusson.
Possibility of more sophisticated malicious attacks
There are also other common scams in the NFT space, such as pump-and-dump schemes and bidding schemes. Not dismissing the possibility that the malicious attacks in the space could become more sophisticated, Topliss reiterates that investors should be mindful not to rush into making any transactions.
“Eventually, as investors and buyers become more familiar with NFT and its ecosystem, they will know what to look out for. I don’t think fraud and scams would go away, as is apparent in other financial services,” he says.
“That being said, I imagine that eventually, the trading platforms or marketplaces will know that there is reputational risk if they are not protecting their customers. Therefore, I think there will be a shift on their side to implement better security and try to mitigate some of these risks,” says Topliss.
Fergusson concurs, adding that this is especially important as the NFT space attracts more mainstream audience. “There’s a lot more to be done to mitigate fraud in the NFT industry. While what we came up with has the ability to do so, there needs to be higher take-up on various platforms to give creators and buyers more confidence when selling and purchasing NFTs. Bad actors will continue to come up with nifty ways to perpetrate fraud. We have to stay ahead of that — this is the game in this industry,” he concludes.
From left: Stephen Topliss, vice president of fraud and identity strategy at data analytics firm LexisNexis Risk Solutions and Kirk Fergusson, CEO at validation-as-a-service platform UREEQA
Cover photo: Shutterstock