On Oct. 6, 2021, the U.S. Department of Justice (DOJ) announced the creation of a National Cryptocurrency Enforcement Team to tackle investigations and prosecutions of criminal misuses of cryptocurrency.1 As the non-fungible token (NFT) market continues to expand, DOJ's heightened focus on cryptocurrency has begun to encompass NFTs. Just as with any other market, a particular focus of DOJ's efforts will be to identify and prosecute fraud. At the same time, fraudulent activity is becoming increasingly common in the NFT market.2 This paper provides an overview of common fraud typologies in the NFT market and steps NFT market actors can take to protect themselves from becoming victims of fraud or unwittingly facilitating fraud.
Recent Examples of Fraudulent Activity in the NFT Market
The following recent examples show some of the NFT fraud typologies that have arisen to date:
- In August 2021, a fake Banksy NFT was sold for £244,000 on a now-deleted page on the artist's website following a hack. After wide press coverage, the hacker eventually returned most of the money to the buyer.3 In September 2021, insider trading allegations shook the NFT space after leading NFT marketplace OpenSea confirmed reports that an employee purchased NFTs they knew were to be featured on the company's front page before they appeared publicly only to resell them at a higher valuation after the NFTs were featured on OpenSea's site.4
- On Jan. 10, NFT marketplace LooksRare launched as a competitor to OpenSea, attracting high volumes with its token incentives and trading rewards; however, on Jan. 30, Cointelegraph reported that a very small group of traders executing trades worth hundreds of thousands of dollars between their own wallets reaped most of the trading rewards.5
- On Jan. 15, NFT artist Liam "Sharpy" Sharp announced that he would be shutting down his DeviantArt gallery due to piracy of his NFTs and the cumbersome process artists must undertake to report every instance of piracy to the NFT platform.6
- Between Jan. 23 and 27, a series of blockchain transactions show that cryptocurrency used to purchase an NFT of Melania Trump's first official state visit came from a wallet that belongs to the entity that originally listed the project for sale.7
- On Jan. 24, Elliptic identified at least five attackers who exploited still-active old marketplace ads to purchase $1.1 million in NFTs from OpenSea users – well below market value – later selling them for multiples of the purchase price. At least one of the attackers sent his profits through a mixing service.8
- On Jan. 27, VICE reported that some NFTs on OpenSea were utilizing custom code to capture viewers' IP addresses, potentially for the purpose of mining other identifiable information of the viewers.9
- On Feb. 2, Chainalysis published a study reporting NFT wash traders made nearly $8.9 million in profits, likely from sales to unsuspecting buyers who believed the NFT they bought had grown in value. The study also reported that $2.4. million from illicit addresses were sent to NFT marketplaces for money laundering purposes, including significant amounts of stolen funds – even those with sanctions risk.10
- On Feb. 11, NFT marketplace Cent announced it was suspending sales of NFTs due to rampant NFT fakes and plagiarism and may introduce centralized controls as a short-term measure to reopen the marketplace.11
- On Feb. 14, HM Revenue & Customs of the British government seized its first NFTs as possible proceeds of money-laundering methods in a suspected £1.4 billion value-added tax (VAT) fraud in which two individuals tried to claim back more VAT than they were owed using stolen identities, unregistered phones and false invoices to hide their identities.12
- On Feb. 19, OpenSea announced it was investigating a potential phishing campaign that took advantage of its planned smart contract upgrade to steal NFTs of at least 17 NFT holders.13
- On March 24, DOJ charged two defendants in connection with the execution of a $1 million NFT "rug pull" scheme. The defendants created and sold NFTs before abruptly abandoning the project, shutting down the website and making off with investors' money just hours after the NFTs sold out.14
- On April 25, Cointelegraph reported that Yuga Labs, developer of the Bored Ape Yacht Club NFTs, fell victim to hackers who breached its social media account and shared phishing scam links to a website that was used to steal NFTs from users who connected their MetaMask wallets to the website. Approximately 100 NFTs, with an estimated value of more than $40 million, were stolen during the attack.15
- On April 28, the Joint Chiefs of Global Tax Enforcement (J5), an intergovernmental organization dedicated to combating transactional tax crime, issued an intelligence bulletin entitled "J5 NFT Marketplace Red Flag Indicators" that provides guidance on NFT fraud indicators and how to improve fraud detection in the NFT market.16
- On May 11, securities regulators in five states filed enforcement actions against Flamingo Casino Club, a metaverse casino with alleged ties to Russia, ordering the casino to halt the sale of its NFTs. Among other things, the regulators alleged that Flamingo Casino Club sold unregistered "securitized NFTs," purportedly giving would-be investors a portion of the casino's profits; used fake information to conceal the identities of its principals; and falsely claimed to have partnerships with and endorsements from various high-profile businesses, including a brick-and-mortar casino in Las Vegas.17
- On June 1, DOJ published a press release announcing the unsealing of an indictment charging a former OpenSea employee with wire fraud and money laundering "in connection with a scheme to commit insider trading." The indictment relates to reports confirmed by OpenSea in September 2021 and alleges that the former employee used confidential information to purchase NFTs with the knowledge that the NFTs would be featured in the future on the NFT marketplace's homepage, at which time the NFT value would likely increase and the former employee would gain a personal financial benefit.18
- On June 4, CoinDesk reported that Yuga Labs suffered a hack of its social media server, with hackers stealing NFTs valued at approximately $360,000 via a phishing scam posted on the social media channel.19
- On June 30, DOJ announced criminal charges against a defendant who allegedly orchestrated an NFT rug-pull scheme by abruptly ending a purported NFT investment project, deleting its website and absconding with investors' money. The defendant and his coconspirators allegedly then laundered $2.6 million of investors' funds through "chain hopping," a form of money laundering in which one type of coin is converted to another and funds are moved across multiple cryptocurrency blockchains.20
1. Press Release, "Deputy Attorney General Lisa O. Monaco Announces New Cryptocurrency Enforcement Team," Dept. of Just., Oct. 6, 2021, available at https://www.justice.gov/opa/pr/deputy-attorney-general-lisa-o-monaco-announces-national-cryptocurrency-enforcement-team.
2. The Chainalysis 2021 NFT Market Report, https://go.chainalysis.com/nft-market-report.html.
3. "Fake Banksy NFT sold through artist's website for £244k," Aug. 31, 2021, available at https://www.bbc.com/news/technology-58399338.
4. "Largest NFT marketplace admits the fix was in, surprising no one," Dec. 11, 2021, available at https://sea.mashable.com/tech/17544/largest-nft-marketplace-admits-the-fix-was-in-surprising-no-one.
13. https://www.coindesk.com/business/2022/02/20/opensea-investigating-exploit-rumors-as-users-complain-of-missing-nfts/; https://www.coindesk.com/business/2022/02/21/opensea-says-phishing-attack-impacted-17-users/.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.