Aside from the market decline, which had a significant impact on NFT value and produced a significant "slump," it is stated that scammers contributed their share in the already fallen market with an estimated 4,647 of the tokens stolen in July 2022 alone.
Non-fungible tokens (NFTs), valued at more than $100 million, have been stolen by scammers since 2021, according to Elliptic (1), a cryptocurrency risk management company. Its NFTs Financial Crime report claimed that in the 13 months between July 2021 and July 2022, cryptocurrency users had fallen prey to NFT-related scams totaling around $100.6 million.
The value of NFTs has already "slumped" due to the market collapse. Scammers stole the most in July 2022—4,647 assets—and the most money in May 2022—roughly $23.9 million. The most expensive NFT theft that a company could verify involved a CryptoPunk (2) worth $490,000 when it was stolen in November 2021.
Scammers also managed to steal 16 blue chip NFTs valued at $2.1 million from a single victim in the cryptocurrency space in December 2021. According to the report, since 2017, individuals have laundered more than $8 million in illicit money through NFT platforms, while more than $328 million has been transferred through cryptocurrency mixers, including the significant Tornado Cash (3) that was blacklisted by the US Office of Foreign Asset Control in August (4).
The contentious mixer was thought to be the preferred method of money laundering for most of the frauds, processing over $137.6 million in cryptocurrency via NFT platforms. Although many of the crypto and NFTs implicated in the scam have gone unreported or were discovered after the fact, it is uncertain how close the statistics above are to the precise worth of crypto and NFTs involved in the scam.
According to the study, more than 2,000 NFTs worth around $20 million were stolen in April 2022. However, a false airdrop that primarily targeted Bored Ape Yacht Club NFT holders is believed to be the main cause of the estimated tens of millions of dollars stolen in a single attack and time. In July 2022, con artists had bored apes removed from the BAYC (5) and MAYC (6) for about $58.1 million.
This NFT theft trend partially reflects valuable NFT owners' holding their assets throughout the bear market and have not actively participated in new projects vulnerable to scammer activity. Across June and July 2022, thefts were induced by the value of NFTs greatly decreasing. That affected lowering value, and early-stage projects rose.
Scammers still use various techniques, including phishing attacks and market exploits, to strip cryptocurrency users of their NFTs. The tokens are currently the subject of a class action lawsuit that could persuade the U.S. Securities and Exchange Commission to classify cryptocurrency assets as securities.
Tornado Cash
The protocol has been the focus of recent hacks and attacks on decentralized finance, including the alleged loss of $455 million by the Lazarus Group. The Office of Foreign Asset Control, also known as OFAC (7), added 40 cryptocurrency addresses purportedly linked to contentious mixer Tornado Cash to its list of Specially Designated Nationals.
With the department alleging that individuals and groups had used the mixer to launder more than $7 billion worth of cryptocurrency since 2019—including the $455 million stolen by the North Korea-affiliated Lazarus group (8)—OFAC effectively banned American citizens from using Tornado Cash and listed 44 USD Coin USDC and Ether ETH addresses that were connected to the mixer on its list.
A $375 million attack on Wormhole in February and a $100 million hack on the Horizon Bridge in June used the protocol as their entry point. Despite guarantees made to the public, Tornado Cash has continually failed to enact controls that would effectively prevent it from regularly laundering money for hostile cyber hackers without even the most basic risk management strategies.
According to reports, the Treasury Department's Under Secretary for Terrorism and Financial Intelligence (9) will reportedly keep up his vigorous pursuit of legal action against virtual currency mixers and anyone who helps them. While erroneously claiming in the tweet that Tornado Cash is a DPRK state-sponsored hacking outfit utilized by the DPRK to launder money, Secretary of State Antony Blinken.
Today, Treasury sanctioned virtual currency mixer Tornado Cash, which has been used to launder more than $7 billion worth of virtual currency since its creation in 2019. Virtual currency mixers that assist criminals are a threat to U.S. national security. https://t.co/x8sCXsNzUv
— Treasury Department (@USTreasury) August 8, 2022
Later, he deleted the tweet and added another, saying that a state-sponsored cyber hacking outfit supported by the DPROK state had utilized the crypto mixer to launder funds.
We’ll continue to aggressively pursue actions against currency mixers laundering virtual currency for criminals. Today, @USTreasury sanctioned virtual currency mixer Tornado Cash, which has been used to launder money for a U.S.-sanctioned DPRK state-sponsored cyber hacking group.
— Secretary Antony Blinken (@SecBlinken) August 8, 2022
The Treasury Department took similar action against the cryptocurrency mixer Blender.io in May, and according to OFAC, the mixer allegedly processed $20.5 million of the estimated $620 million that was allegedly stolen from the play-to-earn game Axie Infinity's Ronin Bridge (10), which is roughly equal to 173,600 ETH and 25.5 million USDC.
The firms and people had their assets frozen while they were subject to OFAC penalties, and U.S. citizens are generally forbidden from doing business with them. As part of its efforts to achieve total decentralization and transparency, Tornado Cash declared in July that the user interface code had been entirely open-sourced. A compliance tool allowing users to display the origin of each transaction was also available on the mixer's website.
Bored Ape Yacht Club
The phishing attack occurred on the same day BAYC celebrated its first anniversary, leading many people to think the link was legitimate. The popular NFT collection's official Instagram profile was hacked by hackers, according to BAYC engineers, who then distributed links to a bogus airdrop for the project's followers.
The attack appeared to coincide with the anniversary of the BAYC collection's debut, heightening the phishing link's perceived legitimacy. Crypto enthusiasts who connected their MetaMask wallets to the bogus website were drained of their Ape NFTs. Even though sources claimed that the phishing assault resulted in the theft of about 100 NFTs,
If the indication of stolen NFTs is accurate, then the attack has resulted in the loss of assets valued at $40 million, with the numbers simply indicating the lower end of the estimate based on the floor price of each BAYC NFT, which is around 139 ETH or $400,726.
