Thieves stole non-fungible tokens (NFTs) worth over $100 million between July 2021 and July 2022, according to a report by blockchain research firm Elliptic.
The report covering financial crimes and NFTs found that with just under $24 million, May 2022 saw the highest confirmed value of NFTs lost through fraud.
Attacks on NFTs from social media
The research said social media compromises, especially in Discord servers, have surged in 2022, accounting for 23% of all NFTs, or close to 5,000, worth around $20 million.
“The growing availability of tailored malware that can bypass multifactor authentication is likely to be partially responsible,” researchers said.
The report also notes that since thefts are not always made public, the actual numbers are likely to be higher.
NFT trading spiked sharply in the summer of 2021, with daily average sales of over $50 million and annual NFT sales of over $17.7 billion (an increase of over 200% from 2020).
Experts also see a growing use case for NFTs as the gaming and metaverse markets develop.
State-sponsored exploits and sanctioned mixers
“As with traditional scams, once a community of threat actors, or Scam-as-a-Service operators, understand the basic mechanisms from deception to execution, the community of illicit actors can scale that activity by reusing and iterating on services or practice,” Blockchain intelligence company TRM Labs said earlier this month.
Meanwhile, state-sponsored exploits and authorized entities are seen as a growing threat to NFT-based services. Examples include the $540 million theft from Axie Infinity’s Ronin Bridge by North Korea’s Lazarus Group and the possession of NFTs by the U.S.-approved Chatex crypto assets exchange.
Be[In]Crypto previously highlighted that North Korean hackers are posing as job applicants for crypto jobs in wealthy countries to fund government operations. In addition, fund flows in the $620 million attack on the Ronin sidechain of Axie Infinity were also linked to authorized crypto mixers.
The report also found that before being blacklisted by the Office of Foreign Assets Control (OFAC) in Aug, Tornado Cash, a U.S.-sanctioned mixer, was the source of the $137.6 million in crypto assets processed by NFT marketplaces and the preferred method of money laundering for 52% of NFT scam proceeds.
The crypto community remains divided on the Tornado Cash ban, a smart contract mixer built on Ethereum.
BeInCrypto has reached out to company or individual involved in the story to get an official statement about the recent developments, but it has yet to hear back.