NFT sales (non-fungible token), these digital certificates registered in the blockchain, a technology aimed at guaranteeing the security of transactions, and supported by a photo, text or video, it may have plummeted by 75% in the first quarter of 2022, but thieves’ appetite is not weakening. According to a report released on August 24 by Elliptic, a blockchain research firm, more than $ 100 million (€ 100.3 million) of NFTs were stolen in one year. In July alone, no less than 4,600 NFTs disappeared. A figure probably underestimated because the smallest thefts are rarely made public.
According to Elliptic, the OpenSea market even advised its community to disable Discord direct messaging due to a “overabundance of scammers”. Digital robbers primarily target popular NFTs. The flights of “Bored Apes Yacht Club”, these images of tired primates randomly generated by an algorithm in order to give each one a slight singularity, its variant “Mutant Apes”, but also the series “Azuki”, manga-style avatar, a variation of the same order called “Clone X”, as well as plots in the Otherside metaverse, they represent two thirds of the crimes.
In December 2021, New York art dealer Todd Kramer said on Twitter that he had been deprived of fifteen “bored monkeys”. Four months later, it was the turn of Taiwanese singer-songwriter Jay Chou to have one of these precious tokens stolen. But isn’t the blockchain considered inviolable and tamper-proof? ” The problem is not blockchain technology, but bad cybersecurity habits “explains collector Brian Beccafico, before detailing beginner mistakes: “Use the same password for different sites, connect to unsecured networks, have a virtual copy of your wallet’s security key on your computer when you need to have it offline …”
One of the most common methods of phishing is to mimic the domain name and image of a well-known NFT platform, playing on a similarity that can easily be confusing. A few minutes of distraction, too much haste and that’s it. Other hacks are much more sophisticated. “Hackers earn user trust by posing as a support agent to solve a technical problem or by hacking into Discord messages or a community’s Instagram account”adds Gaspard Broustine, project manager of Ledger, a leader in the custody of cryptocurrencies on physical media.
According to Elliptic, security breaches via social networks are on the rise, accounting for 23% of NFT thefts. There is also one final fraudulent practice, mentioned in this study: investor scam. Cybercriminals launch NFT projects that look like viable investments, raise money from gullible users, then vanish overnight with the funds raised. Goodbye calves, cows and cryptocurrencies …