As the popularity of NFTs has grown over the past year, hackers and scammers have found increasingly creative ways of exploiting security loopholes for their own gain.
NFTs have seen explosive growth in the past year. In August alone, NFT marketplace OpenSea recorded over $3.4 billion in transactions. As the popularity of NFTs grows, hackers and scammers have found increasingly creative ways of exploiting security loopholes for their own gain. Issues like sleepminting, mistaken identity, website hacks and duplicate content have all contributed to what some see as the ‘Wild West’ NFT market, eroding trust between buyers and sellers.
NFTs - short for non-fungible tokens - are unique digital assets that exist on blockchains. To ‘mint’ an NFT is to register the artwork on the blockchain and assign ownership to that file to a particular user, becoming the initial link in a publicly verified, tamper-proof chain of custody. In theory, because this chain of ownership is immutable - it’s unable to be changed or undone - buyers can place confidence in NFTs without necessarily having to trust their creators or sellers like in traditional markets.
But while there’s been hype around NFTs solving issues prevalent in the global art market - notably issues of identity theft and fraud - recent hacks and scams show us that even foolproof technology can’t escape the whims of technologically adept fraudsters. Keep reading to learn more about different types of fraud and how we can protect against it in the explosive, rapidly changing NFT market.
In April 2021, a hacker known as Monsieur Personne (French for ‘Mr. Nobody’) attempted to destabilize the NFT market through a crypto-counterfeiting scam known as ‘sleepminting’; a technique which sought to undermine one of the key value propositions that NFTs supposedly ride upon - authenticity.
The scam, which Personne dubbed ‘NFTheft’, capitalized upon a structural flaw in smart contracts, permitting the hacker to make it appear, to the casual observer, as if the NFT was transferred from another creator’s account.
The sleepminted NFT was Beeple’s ‘Everydays: The First 5,000 days’. The NFT made headlines back in March after it was sold at a Christie's auction for $69 million, making it one of the most expensive artworks in art history.
On August 31, 2021, a page advertised on Banksy’s official website linked to an NFT artwork depicting a pixelated avatar in front of an industrial landscape entitled ‘The Great Redistribution of the Climate Change Disaster.’
Being an avid fan of the artist and believing that it was an original work, the collector (known as ‘Pranksy’) purchased the NFT for over $330k. In an interesting turn of events, the money was then returned to the collector in what appeared to be an elaborate stunt.
Back in February 2021, a scammer posing as Banksy sold $900,000 in NFTs on OpenSea. Despite Banksy’s announcement that he had no involvement in the sales, the scammer kept the profits but has been banned from the platform. Shepherd Farey has also had his identity impersonated on the NFT trading platform Rarible in recent months.
There has been an influx of bad actors within the NFT space minting known artists’ works without their permission. DeviantArt, an online-platform for sharing digital art, now uses artificial intelligence software to screen NFT marketplaces and public blockchains for duplicate content. In a beta-phase, 86% of suspicious matches spotted by the AI technology were potential infringements, according to the Wall Street Journal.
NFTs were supposed to allow artists to exercise more control over their creative outputs and to strengthen their positions with regard to intellectual property, but this doesn’t seem to always be the case. Although some marketplaces require creators to submit their social media handles prior to minting, they don’t always check whether or not that account actually belongs to them. This is clearly not enough to deter NFTs of stolen works from being issued by illegitimate sellers.
A common misconception of NFTs is that they are Certificates of Authenticity in and of themselves. Although NFTs provide a transactional record of the work, they don’t always prove the identity of the creator and therefore don’t guarantee creative authenticity. Without this, there’s no way of truly discerning if the creator is truly who they say they are. Because NFTs don’t require creators to prove they are the artist before they mint an artwork, this has opened up the floodgates for all kinds of illicit activity.
One reason for this is that blockchain supports anonymous transactions. This is one of the main differences between mainstream banking and the cryptocurrency market. The blockchain community has long since operated under the premise that privacy is paramount. Users operate under the guise of pseudo-anonymity, meaning that users are identifiable by pseudonyms and wallet addresses but not necessarily by their real-world identities. In other words, users can be whoever they want to be on the blockchain, making it difficult to track fraudulent transactions.
Although there are ways for collectors to avoid being scammed, such as comparing the creator and seller's wallet addresses, more rigid identity verification measures will help to identify fraudulent activity and guarantee creative authenticity in the digital realm.
At Verisart, we have been pioneering global technological solutions within the art market since 2015. We use the world’s most popular blockchain, the Bitcoin blockchain, to register digital Certificates of Authenticity for artworks and digital creations.
Only verified creators are able to create Certificates of Authenticity with Verisart. Creators gain a verified status by verifying their identity through our external identity verification provider, Vouched, represented through the verified tick which appears next to the artist’s name. Our NFT certification process also checks that users have linked their crypto wallet which owns their NFT to their Verisart account, ensuring a clear link between the wallet address and verified artist.
The verification process is simple. All the artist needs to do is upload their photo ID and provide any additional information required to prove that they are the creator of that work (portfolio links, social channels etc).
At Verisart, we recognize that privacy is important to artists. That’s why we manually verify artists who use pseudonyms. Our certificates are publicly registered on the blockchain while still protecting the privacy of owners, buyers, and sellers. This way, the artist is able to remain pseudo-anonymous whilst ensuring buyers that their real-world identity has been verified.
NFT artists like Alexander Reben and Rebecca Rose certify their works with us. In 2021, we partnered with leading NFT marketplace SuperRare to launch a curated drop of genesis NFTs from over 25 leading artists, all certified by Verisart, including Shepard Fairey, Random International and Quayola.
As the NFT market begins to mature we believe that verifying the authenticity and authorship of NFTs should be a standardized practice. We have a responsibility to safeguard the NFT community at such an early stage of its development through providing trust around NFT transactions.
References: