Euro Security Watch with Mathew J. Schwartz

Cryptocurrency Fraud , Fraud Management & Cybercrime , Social Engineering

Non-Fungible Tokens: Of Course They're Attracting Scammers

Ownership of Digital Assets Selling for Large Amounts of Bitcoin? Cue Fraudster Love
Non-Fungible Tokens: Of Course They're Attracting Scammers
Since digital ownership of Jack Dorsey's first tweet sold for $2.9 million, expect fraudsters to focus more on non-fungible token aficionados.

Anyone wanting to invent a system designed to stoke widespread abuse by fraudsters would be hard-pressed to best the non-fungible token. Not least because those perpetual fraudster magnets - blockchain and cryptocurrency - are also involved.

See Also: ISO/IEC 27001: The Cybersecurity Swiss Army Knife for Info Guardians

For those not in the know, NFTs represent an entry on the blockchain certifying that someone owns a particular digital asset. If you don't know your digital asset from your elbow, you're not alone. But while the concept might seem inherently abstract, it boils down to this: being able to claim sole ownership of something collectible.

NFTs can represent digital ownership of just about anything - Twitter CEO Jack Dorsey's first tweet, original art created by the musician Grimes, unique superhero comic drawings by Marvel artists, virtual land sales for online realms or any other type of creative work, including videos and audio.

By February, more than $100 million in NFT "cryptocurrency collectibles" had been sold.

Open for debate: Whether NFTs are a bubble that's set to burst. Similar criticism has been leveled at the likes of bitcoin and other cryptocurrencies, with proponents saying they are the future of financial systems and critics deriding them as being little more than a Ponzi scheme in digital form.

In the meantime, cryptocurrency values - and in particular the price of bitcoin - have been soaring. Accordingly, can it be long before fraudsters breach the NFT world in force?

Criminals are already on the hunt for ways to obtain the maximum possible amount of bitcoin, monero, ethereum and other valuable digital coins, as demonstrated in recent years by their love for ransomware, cryptomining and hacking into cryptocurrency exchanges and stealing all their funds.

"The higher the value of a cryptocurrency, the higher the volume of fraud targeting its users," says Abhilash Garimella, research scientist at fraud prevention firm Bolster, based in Mountain View, California, in a blog post.

Likely NFT Scams

Here are several types of scams that could easily be - or already are being - repurposed for the NFT world.

  • Doppelgänger stores: Spinning up lookalike stores online is easy, perhaps backed by a domain name that looks legitimate, as a way to get users to enter legitimate credentials or payment card details. The same could happen for stores selling NFT merchandise, or for NFT-only sites. In March, Garimella says, "the number of suspicious-looking domain registrations with names of NFT stores like 'rarible,' 'opensea' and 'audius' increased nearly 300%" compared to prior months.
  • Counterfeits or knockoffs: On the internet, no one knows a seller's digital certificate of ownership for a piece of artwork that looks as if it was done by Banksy isn't legitimate. Buyers may get caught out by digital goods that suggest they're one thing but turn out to be another. "Counterfeit and real-world 'inspired' artwork/content will become a problem shortly," Garimella says.
  • Fake giveaways or "airdrops": In 2020, two Florida teenagers and a British man managed to trick numerous victims into believing that the 130 high-profile Twitter accounts they'd taken over really would double individuals' bitcoin funds, once the likes of Elon Musk and Bill Gates had received them. How many individuals might fall for a scam involving the likes of Musk supposedly offering "free" NFTs, once victims "verified" themselves by "temporarily" sending a small amount of bitcoin?
  • Fake apps: This week, The Washington Post reported that an Apple iOS user had downloaded a fake app named after the Trezor hardware wallet for storing bitcoins. But after he entered his 17.1 bitcoins to track their value - which was then $600,000 - the app siphoned them off. No doubt scammers will find ways to trick NFT users via similar means, for example, by sneaking fake versions of NFT marketplace apps into app stores.

Exactly how fraudsters will fleece NFT users largely remains to be seen. But Garimella says that "considering the amount of money that is being poured into NFTs, the scams are not too far away."

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.