18.04.2023 - For some time now, cases of fraud involving NFT art have also been reported to the NCSC. Last week, the NCSC received two identical reports of artists being approached by a supposed art enthusiast. This person probably would have gone on to steal their digital art file. Anyone interested in NFTs ought to be able to recognise the most common scams.
What are NFTs? What is NFT art?
Compared to art in the analogue world, digital art can also exist in the form of images, designs, pieces of music and even accessories in games. While the ownership of physical artworks is not always easy to prove, NFTs provide clear evidence in the digital world.
NFT stands for "non-fungible token". As with cryptocurrencies, NFTs are based on the blockchain, which makes each token distinguishable and impossible to fake. Cryptocurrencies such as Bitcoin (BTC) or Ether tokens (ETH) can be exchanged (i.e. they are fungible) on a 1:1 basis. In contrast, an NFT is unique and its ownership is recorded on the blockchain. Clearly, any number of copies can be made and stored, as is the case with non-digital art, but the ownership of the original can always be traced.
This is made possible with two keys that are created on a blockchain based on the digital fingerprint (hash value) of the token. One is a public key that identifies the artwork, while the second is a private key that is only known to the owner. This private key is stored in a digital wallet, the crypto wallet.
NFT tokens are mostly traded on large marketplaces where artists, collectors and resellers meet. If a trade takes place, fees are charged (so-called gas fees) to finance the operation of the blockchain.
What kind of attacks on NFTs are possible?
Just as artworks can be stolen in the analogue world, theft is also possible in the digital world, by means of cyberattacks.
Phishing attacks are the most frequently reported. Here, links are spread that divert people to fake websites posing as well-known trading platforms or crypto wallets.
Rug-pull attacks are another attack vector. In these attacks, new NFT tokens are advertised and investors can secure rights to the NFT tokens in advance against payment. As soon as the fraudsters have accumulated enough crypto money, they close the project and disappear.
Bump-and-dump scams work in a similar way. The price of NFTs is artificially driven up in order to sell the NFT at a massively inflated price.
Well-known NFTs are often copied or imitated and then passed off as originals.
Currently, the NCSC is mainly receiving reports of cyberincidents in which the artist's work has been stolen or attempts have been made to steal it.
In these cases, individuals who are supposedly art lovers get in touch via social media and pretend to want to support the artist to get their work listed on one of the marketplaces. In addition to sometimes horrendous "gas fees", copyright to the works is also transferred to the purported dealers. It then becomes difficult for the original artist to prove ownership.
Recommendations:
- Never pass on your private key to other people. Be very careful where you enter it.
- Be careful when working with digital assets. In particular, you should pay close attention to the rules of conduct to prevent phishing attacks. Never follow a link that has been sent to you, instead enter the web address yourself in the browser.
- If you, as an artist, are approached on social media by unknown individuals regarding NFTs, you should act with scepticism.
- Do not let strangers create crypto wallets or other accounts on crypto platforms in your name.
- Do not give your digital art file to a stranger for them to create an NFT for you.
- If you want to trade NFTs: verify in detail the history behind the NFT and see if you can get independent information about it.
Current statistics
Last week's reports by category:
Last modification 18.04.2023