NFT scam

Crypto scammers feel the chill: Revenue drops 46% in 2022 — Chainalysis

February 17, 2023 Coin Telegraph

chainalysis

Falling crypto prices caused crypto scam revenue to plummet in 2022, though two scam types managed to persist.

Crypto scam revenue was slashed by almost half in 2022 due mainly to falling crypto asset prices, but two scam types managed to stay immune.

Crypto scam revenue in 2022, which includes investment scams, NFT scams and romance scams, among others, amounted to $5.9 billion in the year — down 46% from 2021.

The data came from a Feb. 16 crime report from Chainalysis, which attributed most of the decline in scam revenue to poor market conditions — as lower crypto prices generally result in lower scam performance.

*Yearly crypto scam revenues from 2017-2022. Source: Chainalysis.*

Chainalysis however pointed to two different scam types that managed to stay relatively immune to the price falls — romance scams and giveaway scams.

"Scam revenue throughout the year tracks almost perfectly with Bitcoin’s price, consistently maintaining a three-week lag between price moves and changes in revenue. However, not every distinct type of scam follows this pattern — some types of scams see revenue changes increase as crypto asset prices decrease," explained the firm, adding:

"For instance, unlike other kinds of scams, romance and giveaway scams don’t show a positive correlation with Bitcoin’s price."

Romance scams, while having lower overall revenue as a category, racked up the highest average victim deposit size in the year — with the average victim losing just under $16,000, nearly 3x more than the next biggest scam type.

*Average losses for victims throughout 2022 by scam type. Source: Chainalysis.*

Romance scams typically involve building a relationship with the victim, with the scammer convincing them that they need their help.

Chainalysis said that these scam types are most likely to persist when crypto prices are down because it's playing to a victim's compassion rather than greed.

"That kind of emotional pitch is probably equally effective regardless of trends in the wider market, because the victim’s primary goal isn’t to get rich quick, but rather to help someone they believe to be a potential romantic partner," the firm wro

Romance scams, and particularly "pig butchering scams" have been seen as a growing area of concern within crypto.

For example, a United Kingdom investigation published on Jan. 29 found that half of all crypto companies involved with scams in the state were linked to pig-butchering scams.

US Arrests ‘Mutant Ape Planet’ NFT Creator in $3M ‘Rug Pull’ Scheme to Defraud Crypto Investors

January 11, 2023 Bitcoin.com

British Army’s social media accounts hacked by crypto scammers

July 4, 2022 Coin Telegraph

account compromise

Hackers had access to multiple official social media accounts of the British Army for nearly four hours, when they posted crypto phishing links and scams.

The British Army’s official Twitter, Facebook, and YouTube accounts were breached on July 3 for almost four hours, with scammers promoting rip-off non-fungible token (NFT) collections and cryptocurrency scams.

Just after 2PM ET on July 3, the United Kingdom Ministry of Defence (MOD) Press Office tweeted it was aware the Army’s social media accounts were compromised and had begun an investigation.

Nearly four hours later, close to 5:45PM ET, the Office provided an update that the account breaches were resolved. The British Army's official Twitter account also apologized for the posts, saying it would conduct an investigation and “learn from this incident.”

The breach of the Army’s Twitter and YouTube accounts that occurred earlier today has been resolved and an investigation is underway.

The Army takes information security extremely seriously and until their investigation is complete it would be inappropriate to comment further.
— Ministry of Defence Press Office (@DefenceHQPress) July 3, 2022

Screenshots of the British Army’s official Twitter account posted by users show the hackers promoting at least two fraudulent derivatives of “The Possessed” and “BAPESCLAN” NFT collections.

British Army Twitter account @BritishArmy appears to have been hacked pic.twitter.com/41HPtSeln1
— OSINTtechnical (@Osinttechnical) July 3, 2022

One screenshot shows the hackers pinning a tweet to a fake mint of The Possessed NFT collection, likely a phishing link that would drain user funds if their crypto wallet was connected. Tom Watson, one of the collection's creators, warned that the information was fake and asked his followers to report the account.

The @BritishArmy has been compromised and is currently being used to shill NFTs.

Previous archive of the Twitter profile: https://t.co/dQmlxlY5l8 pic.twitter.com/gifpsOy000
— vx-underground (@vxunderground) July 3, 2022

Over on YouTube, the hackers rebranded the account to resemble the Cathie Wood-founded investment firm Ark Invest, posting live stream videos of supposed interviews with Elon Musk and Twitter founder Jack Dorsey which were being watched by thousands of people.

the British Army's YouTube page, still under the control of some crypto scammers, is running 4 consecutive livestreams with approx 19,000 people watching as we speak. would be interesting if any of them who fall for the scam could have grounds to sue the Army pic.twitter.com/oVWrDsXKZ1
— Señor Rules (@wariotifo) July 3, 2022

On the commandeered YouTube channel, the posted videos presented QR codes for viewers to send crypto to, claiming they would receive double back, and promoted other cryptocurrency giveaway scams through QR codes.

It’s unknown at this time who was behind the attack, how they achieved it, and how many people may have fallen victim to the phishing and scam links. All of the links, tweets, and related material from the account breaches have since been deleted by the British Army.

As reported by Cointelegraph, as much as $1 billion has been lost to crypto scammers in 2021, with nearly 50% of all crypto-related scams coming from social media platforms. The United States Federal Trade Commission even labeled social media and crypto a “combustible combination for fraud.”

In late May, the Twitter account of NFT artist Beeple was compromised and posted links to a phishing website which netted the attacker over $438,000 in crypto and various NFTs. The links were made to look like a “surprise mint” of a new Beeple NFT collection.

Later in June, a similar “stealth mint” phishing link was posted on the compromised Twitter account of the upcoming Duppies NFT collection, with at least one victim losing 650 Solana (SOL), worth around $18,850 at the time.

NFT Rug Pull: DOJ Charges Two People in Million-Dollar Scheme to Defraud Investors

March 26, 2022 Bitcoin.com

DOJ cracks down on ‘rug pulls’, charging Frosties NFT project founders

March 25, 2022 Coin Telegraph

Coin Telegraph

“You can’t solicit funds for a business opportunity, abandon that business and abscond with money investors provided you,” stressed IRS-CI Special Agent-in-Charge Thomas Fattorusso.

The Department of Justice (DOJ) has taken action against an alleged NFT rug pull, after it slapped the founders of the Frosties project with charges relating to fraud and money laundering.

The two founders are accused of purposely concealing their identities to operate a rug pull on the Frosties community by failing to deliver on the project’s roadmap and “utility” which touted rewards for NFT hodlers, giveaways, access to a Metaverse game and exclusive access to future mints from the project.

According to a March 24 release from the Attorney’s Office of the Southern District of New York, 20-year-olds Ethan Nguyen and Andre Llacuna were arrested in Los Angeles and both charged with one count of wire fraud and one count of conspiracy to commit money laundering in “connection with a million-dollar scheme to defraud purchasers” of the NFTs ‘Frosties.’

The DOJ’s complaint alleges that they “abruptly abandoned” and shut down the project within hours of selling out $1.1 million worth of NFTs, and transferred the proceeds to various crypto wallets “under their control in multiple transactions designed to obfuscate the original source of funds.”

“As the term suggests, a 'rug pull' refers to a scenario where the creator of an NFT and/or gaming project solicits investments and then abruptly abandons a project and fraudulently retains the project investors’ funds,” the release stated.

WOW: if you rugpull and don't complete your roadmap, you can be charged with fraud. So many rappers and influencers shaking rn. pic.twitter.com/v7VW7CjoLp
— Coffeezilla (@coffeebreak_YT) March 24, 2022

As part of the release, IRS-CI Special Agent-in-Charge Thomas Fattorusso warned that his team is watching crypto closely, and despite NFTs being a relatively new choice for financial investments, the “rules apply to an investment in an NFT or a real estate development,”:

“You can’t solicit funds for a business opportunity, abandon that business and abscond with money investors provided you. Our team here at IRS-CI and our partners at HSI closely track cryptocurrency transactions in an effort to uncover alleged schemes like this one.”

The DOJ also stated that prior to their arrests in Los Angeles, the duo were preparing to launch the sale of another NFT project dubbed “Embers” that was expected to generate “approximately $1.5 million in cryptocurrency proceeds.”

If they are found guilty, they may face a lengthy stay behind bars as each count carries a maximum sentence of 20 years.

While it appears that more than a few dodgy NFT projects flew under the radar of the DOJ in 2021, there is speculation that the department is ramping up its focus on the NFTs this year via its National Cryptocurrency Enforcement Team (NCET) which was formed in October.

In this instance, the investigation was conducted by agents from the Internal Revenue Service, Criminal Investigation (IRS-CI), New York Field Office of the Department of Homeland Security (HSI) and the U.S. Postal Inspection Service (USPIS).

Rare Bears Discord phishing attack nabs $800K in NFTs

March 18, 2022 Coin Telegraph

Rare Bears Discord phishing attack nabs 0K in NFTs

Coin Telegraph

The account of a moderator from the non-fungible token project was compromised in the attack, posting a phishing link that drained user wallets.

Recently launched NFT project, Rare Bears, was hit with an attack, after a hacker posted a phishing link in the project's Discord channel, stealing nearly $800,000 in NFTs.

Analysis from blockchain security firm Peckshield detailed that the attacker was able to steal 179 NFTs, including Rare Bears and other NFTs from various collections, including CloneX, Azuki, a “mfer” from artist sartoshi, and 6 LAND tokens used for The Sandbox metaverse.

According to on-chain analysis, most of the NFTs were sold, netting the hacker 286 ETH, worth over $795,500, most of which was promptly put through Tornado Cash, a crypto mixer used to obfuscate the source of funds.

A slate of similar phishing scams have occurred in recent months on Discord, suggesting some teams need to more carefully consider the security on admin accounts. Earlier today, the Rare Bears team posted that they had hired security consultant and auditor “Pandez” for a full security audit of its Discord.

How the attack happened

According to an update posted by the Rare Bears team, the hacker gained access to the account of a Rare Bears Discord moderator known as “Zhodan”, posting an announcement within the group's channel that a new mint of NFTs was taking place.

It was a fake of course — a phishing link designed to steal funds from a users' wallet.

Warning @BearsRare
Discord has unfortunately been compromised. Please DO NOT click any links, connect your wallet and block all incoming DMs in our discord. Our team are working on the situation as we speak
— Rare Bears (@BearsRare) March 17, 2022

The update from the security audit found that the head of the project’s Discord account was compromised. The attacker, using the compromised account, then banned other members, or removed their roles from the server, thereby removing their ability to delete the posted phishing link.

The attacker then invited a bot which locked all channels on the server, removing the ability for others to publicly communicate that the posts and links were fake.

Rare Bears said the team was able to regain control of the server, removing the compromised account and transferring ownership to a new one, and that the server is secure from another attack.

Speaking to Cointelegraph, security consultant Pandez said that users should look out for a few key signs that could mean a message is a scam.

“Almost no serious project will ever do a stealth mint,” Pandez said, “never click any links which appear like this.”

Pandez said other red flags are if channels are locked during a “drop” of a new NFT collection, if the link differs to those shared on Twitter or other official sources for the project, and if the link is continuously posted in the channel.

Past attacks of a similar nature have happened on Discord. In December, Solana NFT project Monkey Kingdom announced that hackers made off with $1.3 million of the community's crypto funds after a security breach. Attackers there also posting a phishing link which drained users’ wallets.

Last November, members of the Discord of popular NFT artist Beeple were also scammed, with attackers gaining access to a moderators account to post a phishing link, similarly draining user funds.

Study Highlights the Most Common NFT Scams Amid the Current Mainstream Hype

April 2, 2021 Bitcoin.com

How the attack happened

Share this video