Cybercriminals have stolen $100 million worth of non-fungible tokens (NFT) in the first half and a bit of 2022, new research has revealed..
A report from Elliptic found most of the NFTs were stolen in July, while the average theft set NFT investors and buyers back $300,000 per incident. The number could even be higher, the company further added, as many incidents aren’t even reported and as such do not affect the average figures.
Most of the time, the thieves would scam people into giving away their NFTs, rather than trying to find a vulnerability or a flaw in the system, with thefts usually carried out via social media. In fact, almost a quarter (23%) of all NFT thefts this year originated on social media.
But Elliptic also seems to hint that many of the NFT acquisitions that contributed to the stellar growth of the niche market came from shady sources. Almost $330 million worth of funds in the NFT market came from crypto mixers, such as Tornado Cash, it said.
These services hide the origins of the tokens, making them ideal for people looking to launder cryptos stolen via ransomware, data breaches, cryptojackers, and other means.
“There is a growing threat to NFT-based services from sanctioned entities and state-sponsored exploits,” Elliptic said.
Earlier this month, Tornado Cash was frozen by the U.S. government, and its developer, Alexey Pertsev, arrested. The US government argued that the Lazarus Group, a known state-sponsored threat actor from North Korea, was using the service to launder funds stolen in various cybercriminal activities.
Lazarus Group is being linked to the theft of more than $600 million in various cryptocurrencies from Ronin bridge, which was one of the biggest crypto heists in history.
NFT’s are non-divisible digital tokens, such as images, music, or text. One of the most popular NFT collections out there is the Bored Ape Yacht Club (BAYC), with individual tokens reaching prices in millions of dollars.
- These are the best firewalls right now