Olivia Cavallaro Tech 08.24.2022 22:Aug PM EDT

More Than $100 Million Worth of NFTs Stolen Since July 2021, Elliptic Research Reveals

A blockchain analytics firm reported that NFTs worth $100 million had been stolen as a result of scams in the last year.

Over $100 million worth of non-fungible tokens or NFTs have been stolen from July 2021, with cybercriminals earning an average of $300,000 per scam, research from blockchain analytics company Elliptic has revealed. Cybercriminals have been targeting valuable NFTs, which are cryptocurrency assets that grant ownership to a digital product such as visual art, videos, or text.

Reuters reported that the NFT market burgeoned in 2021 as cryptocurrency holders spent their money on NFTs in the hopes of making a profit as prices increased. However, cryptocurrency prices crashed in May and June this year, causing NFT prices to plummet as well.

As the cryptocurrency and NFT market declines, scams remain rampant, with July recording the highest number of NFTs reported stolen, research from Elliptic showed. The company said that 23% of NFT thefts in 2022 were attributed to security compromises through social media.

How Much Money Cybercriminals are Earning From Stealing NFTs

On average, scammers and cybercriminals make about $300,000 for every scam transaction. In July 2022, as NFT prices continued to decline, more than 4,600 NFTs were reported stolen, Fortune reported. As per Elliptic, this was the "highest month on record" for NFT scams.

In May, almost $24 million worth of NFTs were also stolen through scams carried out by cybercriminals. Elliptic said it was the "highest confirmed value' to date, adding that the actual figure is most likely higher as victims of such scams often do not publicly report thefts.

How Cybercriminals Enact Malicious Activities

Cybercriminals carry out such thefts often through phishing scams, in which fake pop-ups urge users to log into their crypto wallets or agree to malicious transactions. Sometimes, cybercriminals would impersonate websites of well-known NFT platforms or wallets or hack into the social media accounts of a legitimate NFT project, which they then use to share malicious links that provide them access when users click on them.

Elliptic reported that social media-based phishing activities significantly increased in the last year, resulting in about $20 million worth of NFTs stolen in 2022. The blockchain research firm added that this is also caused by an increased use of malware that bypasses two-factor authentication.

More NFT Cyber Crimes

According to Elliptic, NFT thieves and scammers also use paid advertisements on search engines to advertise their malicious links or websites, causing unwitting users who are searching for an NFT platform to come across phishing links at the top of the search results. Other cybercriminals use a Trojan horse NFT that uses a "smart contract" that creates a malicious token that can drain a user's account.

Meanwhile, NFT swap scams work by creating a new digital asset with the same name and image as the valuable NFT, fooling people into accepting a "like-for-like" swap and then leaving the user with nothing, The Guardian reported. Elliptic added that the most valuable NFT stolen so far was CryptoPunk #4324, which was stolen on November 13, 2021 and sold soon after for $490,000. On December 28, 2021, cybercriminals launched the largest single heist from just one victim who lost 16 blue-chip NFTs worth up to $2.1 million.