Scams and hacks have troubled the crypto world for a long time. From market manipulations to rug pulls, users have had their cryptos and NFTs stolen frequently. NFTs specifically are under constant threat from scammers who steal these digital collectibles from exclusive and expensive series.
According to the latest report by Elliptic, a blockchain analytics firm, NFTs worth $100 million have been stolen over the last year. The report has raised an alarm for the NFT community to guard their wallets against scammers and hackers.
So how did these NFTs get stolen and laundered? Let’s find out.
How did so many NFTs get stolen?
Because of their high value and popularity, many stolen NFTs included Bored Apes, Mutant Apes, and Azuki. As per Elliptic’s report, the stolen collectibles were used as instruments to launder crypto, mainly by using mixers such as Tornado Cash.
Phishing is the most common method of getting hold of a user’s NFT. In fact, according to the report, 23% of cases of stolen NFTs came from phishing messages sent to potential victims. Scammers used emails and social media to send spurious links and trick users into divulging sensitive information, including wallet keys and seed phrases.
Discord is a popular platform among NFT teams and users and is often used for trading, networking, and keeping up-to-date about the project. A common Discord scam is when hackers send fake links to users, manage to hack into their private channels and get a hold of the mint addresses of NFT projects.
Lack of Security
Nifty Gateway users reported having a lot of their "Nifties" stolen and their entire accounts hacked. This mostly happened to users who had not enabled 2-factor authentication.
Rug Pull Scams
Rug pull scams have become quite common in the world of NFTs. The most recent one was the SudoRare NFT marketplace, which shut shop after just six hours of launch, and investors lost over $800,000.
What can users do if their NFT is stolen?
If your NFT is stolen, contact your exchange platform. While some do get their stolen NFTs back, many others don't, and the lack of regulation leaves little recourse for a refund.
The exchange platforms, for their part, use various special tools to track funds and gather evidence that can be used against the fraudulent party. For example, OpenSea now requires a formal copy of a police complaint made within 7 days of the theft. Upon receiving the report, it disables the stolen NFTs for sale. But if the marketplace does not receive a complaint, the buying and selling of that NFT are re-enabled to prevent false reports.
Always investigate the history of an NFT before buying. Most marketplaces like OpenSea have a "reported for suspicious activity" banner that helps. Also, adopt a healthy scepticism approach along with on-chain safety practices to be wary of stolen NFTs.