More than $100m worth of NFTs stolen since July 2021, data shows

theguardian.com:

More than $100m worth of non-fungible tokens were stolen in the year to July, research shows, with criminals making off with an average of $300,000 per scam.

Criminals have stolen valuable NFTs – crypto assets that confer ownership of a unique digital item, often a piece of virtual art – in a variety of ways, according to a report by the cryptocurrency analyst Elliptic.

“The most valuable NFT ever stolen is CryptoPunk #4324, which was sold by scammers soon after the theft on 13 November 2021 for $490,000,” Elliptic reports. “Meanwhile, the largest single heist from an individual victim resulted in the loss of 16 blue-chip NFTs worth $2.1m on 28 December 2021.

“Emphasising the persisting problem of scams, Assets #9650 and #5759 in the CloneX collection have been stolen twice in the space of three months – in two unrelated scam incidents – having been worth around $50,000 on both occasions.”

Phishing scams, the most common type, entice users to accidentally hand over the credentials to their cryptocurrency wallets, with which a fraudster can initiate an irreversible transaction.

Sometimes that can be done through a hacked social media account, as when $3m of NFTs from Yuga Labs’ “Bored Ape Yacht Club” collection were stolen after an Instagram hack, and sometimes it can be through domain squatting or impersonation.

“Scammers have also been known to pay to advertise their sites on search engines,” the Elliptic report notes, “meaning that unwitting individuals searching for the impersonated NFT platform will see a host of phishing links at the top of their search results.”

However, other scams are more unique to the NFT space. A “Trojan Horse” NFT, for instance, uses the unique features of a “smart contract” to create a