More Than $100 Million Worth of NFTs Have Been Stolen in the Past Year as Crypto Scams Continue to Rise – artnet News

Thieves are deploying increasingly sophisticated scams to gain access to collectors’ digital wallets.
Artnet News, August 25, 2022
Over $100 million worth of NFTs have been stolen over the course of the past year, according to a new study, and thieves made off with an average of $300,000 each time.
The 110-page report, published this week by the London-based blockchain analysis company Elliptic, suggests that thefts have not decreased with the recent cryptocurrency crash. In fact, the rate of the cybercrimes may be going up: In May, just under $24 million in NFTs were swiped from owners’ wallets—the highest amount recorded in a single month. In July, a whopping 4,600 NFTs were stolen, another record number.
The most valuable NFT ever stolen, according to the report, is CryptoPunk #4324, which was pinched in November before being sold for $490,000. The biggest single heist occurred a little more than a month later, when 16 blue-chip NFTs worth $2.1 million were stolen from a collector. 
At the center of many of these cases are elaborate scams that trick NFT owners into voluntarily sharing access to their NFTs or wallet. Phishing attacks are the most common form, used to lure NFT owners with fake websites, pop-ups, and transaction opportunities. Often this involves criminals imitating well-known crypto-art platforms or even counterfeiting NFTs. 
🚨Over $100 million worth of NFTs were publicly reported as stolen through scams between July 2021 and July 2022, netting perpetrators $300,000 per scam on average.
Head to https://t.co/u6iPLjXgpR to read our NFTs and Financial Crime Report.#nft #crypto #aml
— elliptic (@elliptic) August 24, 2022

Social media has left NFT players particularly vulnerable as scammers hack the accounts of popular NFT projects to post phishing links. Close to 5,000 NFTs have been filched this way, Elliptic reports, noting that social-media compromises accounted for nearly a quarter of all crypto-art thefts over the last year.
What’s more, the cost of these crimes has skyrocketed in recent months. Between the first and second quarters of 2022, the value of NFTs stolen through social-media scams went from $3.2 million to $15.4 million—a 386 percent jump.
“The growing availability of tailored malware that can bypass multi-factor authentication is likely to be partially responsible,” Elliptic’s report explains.
It was through Instagram that an attacker was able to steal $3 million worth of NFTs from Yuga Labs, the collective behind the Bored Ape Yacht Club, in April. After hacking the company’s account, the con sent users a “smart contract” that ultimately yielded access to their crypto wallets. 
Elliptic also found that some services have been especially instrumental in enabling blockchain crime. Roughly 52 percent of NFT scammers used the virtual currency mixer Tornado Cash to launder money after thefts. The U.S. Treasury Office placed the service on sanctions earlier this year, saying it “indiscriminately facilitates anonymous transactions by obfuscating their origin, destination, and counterparties.”
Still, for NFT lovers growing weary of their wallets’ exposure, the outlook may not be as bleak as it looks. “As with many crimes,” the report says, “the perceived chances of NFT-based crime occurring is higher than it actually is. Elliptic’s data-driven analysis has found that the true instances of these crimes account for a small proportion of NFT-related trade.” 
The “responsibility” for combating such crime, Elliptic argues, “lies on everyone engaging in the NFT space—regulators, marketplaces, project developers, NFT traders and influencers—to motivate safe and secure development of this technology.”

Share
By Amah-Rose Abrams, Jun 10, 2022
By Taylor Dafoe, May 25, 2022
By Eileen Kinsella, Apr 26, 2022
By Artnet Auctions, Aug 25, 2022
By Annie Armstrong, Aug 25, 2022
©2022 Artnet Worldwide Corporation. All Rights Reserved.var w = Math.max(document.documentElement.clientWidth, window.innerWidth || 0),
h = Math.max(document.documentElement.clientHeight, window.innerHeight || 0),
pagetype = document.querySelector(‘meta[property=”og:type”]’).getAttribute(“content”),
pagetypeurl = document.URL,
pagetypeforce = pagetypeurl.substr(pagetypeurl.length – 3);
isnewsletter = pagetypeurl.includes(“?page_1”);
w = pagetype + 20 * Math.round(w / 20), h = pagetype + 20 * Math.round(h / 20), googletag.cmd.push(function() {
googletag.pubads().setTargeting(“width”, w), googletag.pubads().setTargeting(“height”, h), 1 == isnewsletter && googletag.pubads().setTargeting(“isfirstpage”, [‘Y’, pagetypeforce] )
});
(function defernl() {
if (window.jQuery) {
if (jQuery(window).width() > 619) {
setTimeout(function() {

var cookieSettings = {
recentlyShown: {
expiration_minutes: 5
},
signedUp: {
expiration_days: 14
},
closedSignupBar: {
expiration_days: 5
}
};

var generalSettings = {
loadFontAwesome: false
};

if (!window.jQuery) loadJQuery();
var $ = window.jQuery;

function addCss(fileName) {
var head = document.head
, link = document.createElement(‘link’);

link.type = ‘text/css’;
link.rel = ‘stylesheet’;
link.href = fileName;

head.appendChild(link);
}

function appendNewsletterSignup() {
var signup =
”
//hide on mobile phones
+ ‘ @media (max-width: 575px){ #ouibounce-modal {display:none !important;} }’
+ ‘ @media (max-width: 767px){ .close-signup {top:0 !important;} }’
+ ‘ @media (max-width: 1199px){ #ouibounce-modal .description {font-size:13px !important;} }’
+ ”
+ ‘

‘;

$(‘body’).append(signup);
}

var paywallPagesRegex = /^/subscribe|subscribe-confirm|my-account(/|$)/;

function initNewsletterSignup() {
// don’t show it on paywall-related pages where the user might be in the process
// of subscribing, or managing their account
if (paywallPagesRegex.test(window.location.pathname)) {
return;
}

// Append ouibounce to page
var ouibounceScript = ”;
$(‘body’).append(ouibounceScript);

// Add animation css
addCss(‘https://cdnjs.cloudflare.com/ajax/libs/animate.css/3.5.2/animate.min.css’);

if (generalSettings.loadFontAwesome) {
addCss(‘https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css’);
}

// Check if ouibounce exist before calling ouibounce
var initOuibounce = setInterval(function() {
if (typeof ouibounce !== ‘undefined’) {
appendNewsletterSignup();

var $modal = $(‘#ouibounce-modal’);
SignupForm.init($modal.find(‘form’), function onSuccess() {
//hide form fields and show thank-you message
$modal.find(‘.form-row’).hide();
$modal.find(‘.newsletter-signup-thank-you’).fadeIn(‘fast’);

setNewsletterCookie(‘signedUp’, 1);

//after successful signup, hide the signup bar after 5 seconds
setTimeout(function() {
closeSignupBar();
}, 5000);
});

// Handler for close signup button
$(‘body’).on( ‘click’, ‘.close-signup’, function(){
setNewsletterCookie(‘closedSignupBar’, 1);
closeSignupBar();
});

ouibounceAPIaccess = ouibounce(
$modal[0], {
aggressive: true,
sensitivity: 50,
callback: function() {
slideInModal(‘Down’);
}
}
);

clearInterval(initOuibounce);
}
}, 100);
}

function slideInModal(upOrDown) {
$(‘#ouibounce-modal’)
.removeClass(‘slideOutDown slideOutUp’)
.addClass( ‘slideIn’ + upOrDown );

setNewsletterCookie(‘recentlyShown’, 1);
}

function setNewsletterCookie(cookieName, value) {
//exdays*24*60*60
var settings = cookieSettings[cookieName];
var expirationMinutes = settings.expiration_minutes;
if (!expirationMinutes) {
expirationMinutes = daysToMinutes(settings.expiration_days);
}
setCookie(cookieName, value, expirationMinutes);
}

function daysToMinutes(numDays) {
return numDays * 24 * 60;
}

/**
* Generic setCookie() method, used by setNewsletterCookie().
* There is probably no need to call this directly – use setNewsletterCookie().
*/
function setCookie(cname, cvalue, expMinutes, prefix) {
//default prefix is ‘artnet_newsletter_’
if (prefix == undefined) {
prefix = ‘artnet_newsletter_’;
}
var d = new Date();
d.setTime(d.getTime() + (expMinutes*60*1000));
var expires = “expires=”+d.toUTCString();

//console.log(prefix + cname + “=” + cvalue + “;” + expires + “;path=/”);
document.cookie = prefix + cname + “=” + cvalue + “;” + expires + “;path=/”;
}

function getCookie(cname, prefix) {
//default prefix is ‘artnet_newsletter_’
if (prefix == undefined) {
prefix = ‘artnet_newsletter_’;
}
var name = prefix + cname + “=”;
var ca = document.cookie.split(‘;’);
for(var i = 0; i <ca.length; i++) {
var c = ca[i];
while (c.charAt(0)==' ') {
c = c.substring(1);
}
if (c.indexOf(name) == 0) {
return c.substring(name.length,c.length);
}
}
return "";
}

function closeSignupBar() {
var $modal = $('#ouibounce-modal');
$modal.addClass( $modal.hasClass('slideInUp') ? 'slideOutDown': 'slideOutUp' );
}

function loadJQuery() {
var script = document.createElement('script');
script.src = "https://code.jquery.com/jquery-3.1.1.min.js";
script.integrity = "sha256-hVVnYaiADRTO2PzUGmuLJr8BLUSjGIZsDYGmIJLv2b8=";
script.crossorigin = "anonymous";
document.body.appendChild(script);
}

function checkCookies() {
//if any of these cookies are found, we don't show the modal.
var cookieNames = ['recentlyShown', 'signedUp', 'closedSignupBar','signup_cookie'];
var i = cookieNames.length,
found = false;
while (i–) {
if (getCookie(cookieNames[i]).length) {
found = true;
break;
}
}

if (!found) {
initNewsletterSignup();
}
}

var SignupForm = {
regex: {
email: /^([a-zA-Z0-9_.-])+@(([a-zA-Z0-9-])+.)+([a-zA-Z0-9]{2,4})+$/
},

// Init – Anything you want to happen onLoad (usually event bindings)
// ——————————————————————-
init: function (formElement, onSuccess) {
var ctx = this;
ctx.customSerializer();
if (!onSuccess) {
throw Error('onSuccess callback is required');
}

var $form = $(formElement);
$form.submit(function(e){
e.preventDefault();

var $email = $form.find('.signup-email');
var valid = ctx.validate( $form, $email);
if(valid){
// Hide the errors
$form.find('.errors').children().hide();
// Submit the form
ctx.submit($form, onSuccess);
} else {
// Focus on the email input box
$email.focus();
// Show email validation error and hide other errors
$form.find('.invalid-email').show().siblings().hide();
}
});
},

// FUNCTIONS
// ===================================================================

// Signup validation
// ——————————————————————-
validate: function( $form, $email ){
var ctx = this;
// Does the email match our regex?
return ctx.regex.email.test( $email.val() );
},

// Signup submission
// ——————————————————————-
submit: function($form, onSuccess) {
var ctx = this;
$.ajax({
type: $form.attr('method'),
url: $form.attr('action'),
data: JSON.stringify( $form.serializeFormJSON() ),
// dataType: 'json',
contentType: 'application/json; charset=UTF-8',
crossDomain: true,
timeout: 10000
})
.done(function(data, textStatus, jqXHR) {
onSuccess();
})
.fail(function(jqXHR, textStatus){
// Show signup failure error and hide other errors
$form.find('.signup-failed').show().siblings().hide();
});
},

// Extends jQuery with a function to serialize to JSON
// ——————————————————————-
customSerializer: function(){
$.fn.serializeFormJSON = function () {
var o = {};
var a = this.serializeArray();
$.each(a, function () {
if (o[this.name]) {
if (!o[this.name].push) {
o[this.name] = [o[this.name]];
}
o[this.name].push(this.value || '');
} else {
o[this.name] = this.value || '';
}
});
return o;
};
}
};

//show automatically after delay
setTimeout(function(){
var $modal = $('#ouibounce-modal');
//if there are cookies indicating that we shouldn't show the signup bar, then the modal won't have been added to the page
//and we can just return here.
if (!$modal.length) {
return;
}
//don't run this function if the user has already triggered the modal by leaving the viewport
if ($modal.hasClass('slideInDown')) return;

//position at bottom of screen
$modal.css({
top: 'auto',
bottom: 0
});

slideInModal('Up');
$modal.show();

},20000); //20 seconds

$(function() {
checkCookies();
});

}, 7500);
}
} else {
setTimeout(function() { defernl() }, 250);
}
})();

artnet and our partners use cookies to provide features on our sites and applications to improve your online experience, including for analysis of site usage, traffic measurement, and for advertising and content management. See our Privacy Policy for more information about cookies. By continuing to use our sites and applications, you agree to our use of cookies.
You are currently logged into this Artnet News Pro account on another device. Please log off from any other devices, and then reload this page continue. To find out if you are eligible for an Artnet News Pro group subscription, please contact [email protected]. Standard subscriptions can be purchased on the subscription page.
Log In

source