View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

NFTs worth over $100m stolen in the last year

Non-fungible tokens are popular with consumers and businesses, and criminals are taking advantage.

By Matthew Gooding

Non-fungible tokens (NFTs) worth more than $100m were stolen in the past year, new research says. The report from crypto compliance company Elliptic also highlights other NFT crime trends, with the digital assets being widely used by money launderers.

NFTs worth more than $100m were stolen in the past year. (Photo by Jose Martinez Calderon/iStock)

NFTs, digital tokens representing a unique asset such as a photo or video, have enjoyed a boom in popularity among consumers and businesses over the past two years. Yesterday, ticketing giant Ticketmaster said it would allow event organisers to issue NFTs linked to tickets using the Flow blockchain. These could be made available before or after events, and possibly be linked to special experiences for customers.

However, the report from Elliptic lifts the lid on some of the problems associated with the tokens.

The cost of non-fungible token crime in 2021

The Elliptic research says more than $100m worth of NFTs were publicly reported as stolen through scams between July 2021 and July 2022, netting the perpetrators $300,000 per scam on average.

The most valuable NFT ever stolen is CryptoPunk #4324, which was sold by scammers soon after the theft
in November 2021 for $490,000. The largest single heist from an individual victim occurred in December and resulted in the loss of 16 so-called “blue chip” NFTs worth $2.1m.

July 2022 was the most prolific month for this kind of crime, the report says, with more than 4,600 NFTs stolen. This indicates that scams have not abated despite the well-publicised problems in the cryptocurrency market, which have seen the value of digital currencies such as Bitcoin and Ethereum tumble.

In terms of value, May 2022 recorded the highest cost of thefts, at just under $24m. The authors believe the true number is likely much higher, with crimes often going unreported.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

NFTs are also being used by criminals, as the authors found evidence of more than $8m of illicit funds being laundered through NFT-based platforms since 2017. Again the true figure is likely to be a lot higher, with a further $328m spent on NFTs emanating from what the report describes as “obfuscation services” like crypto mixers, where crypto assets from different sources are mixed to disguise their origins. “A proportion of this may reflect proceeds from illicit activity,” the report says.

How are cybercriminals stealing NFTs?

NFT platforms compromised in the past year include OpenSea, the world’s biggest NFT marketplace, which reported a data breach in June which saw user information stolen. It has not disclosed whether this led to any NFTs being pilfered.

The report says that social media compromises – particularly of NFT project Discord servers – have surged in 2022, accounting for 23% of all NFTs stolen this year: just under 5,000 NFTs with a value of $20m were taken in such breaches. The authors say: “The growing availability of tailored malware that can bypass multi-factor authentication is likely to be partially responsible.”

Phishing scams remain the most popular attack vector, accounting for 51.5% of all reported losses in the last year, the Elliptic report says.

Read more: NFTs seized by HMRC as illegal crypto crackdown continues

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.