Prevention is better than cure: Avoiding Crypto / NFT fraud and theft (Part 1 of 2)

At the end of March 2022, Ronin Network (who run the online game Axie Infinity) suffered the second biggest known crypto hack to date, with users losing a total of $600 million in Ether. This has bolstered the total crypto funds lost in the first quarter of 2022 to almost $1.6 billion, already surpassing the $1.55 billion total lost in the whole of 2021.

Moreover, it is becoming increasingly apparent that it is not just cryptocurrency that is susceptible to theft, with NFTs also under threat. In February 2022, over 200 tokens with an estimated value of $1.7 million were stolen from NFT marketplace OpenSea when a fraudster used a fake email purporting to be from the platform itself. A significantly larger attack took place in April 2022, with hackers using a phishing post on Instagram to steal an estimated $3 million worth of high-value Bored Ape Yacht Club NFTs, which frequently sell for six-figure sums.

NFT fraud is also on the rise, with numerous artists finding their artwork fraudulently minted and placed onto NFT marketplaces. Indeed, OpenSea commented in a January 2022 tweet that an estimated 80% of its NFTs were plagiarized, fake or spam.

In the face of these reports of both fraud and theft, what can be done by those creating, buying or selling NFTs? Whilst NFTs may never be completely protected, strategies can be put in place to reduce the chances of getting scammed.

Tips for investors

For investors in this area, key aims should be avoiding interacting with stolen or fraudulent NFTs, and making sure any purchased NFTs and crypto currencies are adequately protected from hacking.

When buying and selling NFTs, investors should be on the lookout for fraudulent and counterfeit NFTs. Whilst it may be difficult to guarantee authenticity, especially where the seller is not the creator of the artwork, some key steps can be taken to protect the value of any investment. Separate research should be undertaken to try to identify the creator of the artwork in question, and the provenance of the NFT. Even simple tools such as Google’s reverse image search can help to locate the origin of digital artwork. In addition, many platforms, including OpenSea provide a verification process meaning that certain accounts can apply to be checked for authenticity. NFT investors should look out for this verification, often shown with a blue check mark, as an additional layer of comfort.

Following purchase of NFT or crypto currency, the goal will be protecting the private keys giving access to the digital assets, and owners can utilise a number of means to protect these from hacking and theft.

For example, whilst NFTs to be traded might often be kept in online ‘hot’ wallets for ease of access and utility, NFTs kept for investment purposes can be kept offline, in a ‘cold’ wallet. Typically this would be on an external hardware device, with popular options including Trezor and Ledger. This offline storage means hackers would need to have physical possession of the hardware device itself to be able to access the private key, and even then would need to get past the device’s security features, typically including two-factor authentication.

It is also important for crypto owners to be alert to scam tactics utilised by hackers. Many attacks, including the recent Bored Ape Yacht Club hack, take place by the use of ‘phishing’, where users are tricked or manipulated into handing over their private keys. These may take the form of fake adverts for NFT drops on Instagram or Discord, or may impersonate emails from wallet providers of marketplaces. Such attacks are often sophisticated and difficult to spot. Danger signs include free NFT drops, which might be too good to be true, or limited time offers, which encourage haste.

Last month it was reported that fraudsters cloned the Metamask and Coinbase wallets in order to encourage users to send funds to a compromised wallet. This highlights the importance of making sure that wallets are downloaded from a trusted source (e.g. Apple’s App store), and, if downloading onto your computer, checking the URL.

Crypto owners can further protect themselves and their investments by not entering their private keys or linking their wallets on any sites unless they are sure of the source, and by going direct to official websites or apps rather than using links.

Tips for NFT artists

For many online and digital artists, NFT technology offers an exciting new business venture but, whether they choose to pursue this or not, their art might find its way fraudulently onto the blockchain.

There are a number of options out there for those wishing to protect their artwork. DeviantArt, a large online art platform, recently expanded its offering, DeviantArt Protect. This allows users to protect up to 10 images for free, or up to 100 for a monthly fee. The tool scans multiple blockchains including Ethereum and Polygon, for NFTs corresponding with these images and alerts the user if matches are found. With fraud on the rise, there are an increasing number of options offering a similar service, such as SnifflesNFT which automates takedown requests when it finds a match to users work.

NFT platforms themselves have been criticised for a slow response to this issue. Most platforms have a ‘takedown’ system when they are notified of counterfeit NFTs, but this requires artists to file a request to be considered by the platform, which can be a slow process. In addition, even if platforms take down advertisement of the NFT, this doesn’t prevent it being further transferred on the blockchain, and clearly the artist’s rights have already been infringed by the NFT being minted in the first place. Verification systems on online marketplaces help to combat this problem by reducing incentives for fake NFT minters who then might not be able to sell the item.

Whilst artists can take some action in the form of identifying stolen artwork on the blockchain, enforcing their rights in relation to this is a separate issue, and may well require legal intervention.

Prevention should always be the first line of defence for investors and artists however even the most diligent efforts might not always be successful. Part 2 of this article explores the options for enforcement in relation to NFTs in a situation where fraud and theft has already occurred.