An attacker breached the site of famed street artist Banksy to host a fraudulent NFT auction but then gave back the money.
The attacker was apparently able to breach the site for Banksy & sell a fake non-fungible token (NFT) of the artist’s work for more than $336,000.
The fraudster has since returned the cash, less a “transaction fee.” But the incident has delivered an invaluable lesson on a whole new emerging cyber-security threat: NFTs.
In this instance the attacker hosted an auction on the real Banksy site, banksy.co.uk, for what was billed as the 1st-ever Bansky NFT, according to BBC.
When a collector purchases an NFT, it doesn’t give them ownership or copyright over the image itself. Rather, it lets the purchaser own a piece of the item in the form of a “token” that’s recorded forever on its blockchain.
Anonymous British Collector
An anonymous British collector the BBC identifies as “prominent” & who goes by the name “Pranksy” was willing to offer 90% more than the next-highest bidder to score the Banksy NFT certificate. After handing over more than $336k in Ethereum, the bidder realised he had been conned.
“It does seem to be some hack of the site. I confirmed the URL on PC & mobile before bidding,” Pransky told BBC. “I only made the bid because it was hosted on his site. When the bid was accepted, I immediately thought it was probably fake.”
He added that he suspects he was alerted to the sale by the attacker.
Largely Gets Refund
After doing some work tracking down the attacker, the attacker returned all of the money last Mon. evening, minus a £5k ($6,918) “transaction fee.”
“The refund was totally unexpected,” he told the BBC. “I think the press coverage of the hack plus the fact that I had found the hacker & followed him on Twitter may have pushed him into a refund.”
Pranksy also acknowledged that others in the same situation might not be as lucky.
The real Banksy had his team respond to the incident with a simple statement: “The artist Banksy has not created any NFT artworks,” according to the BBC.
Hard for Anyone
Young-Sae Song from Bolster said it would have been hard for anyone to see signs this was a fake Banksy NFT auction.
“The fake Banksy NFT scam is one that would be difficult to detect for any cybersecurity technology, and it highlights the risk of purchasing NFTs, which do not have a centralized authentication method that is fool-proof, as we saw in this scam,” Song concluded.
He added that this is unlikely to become a widespread issue because these transactions are very easy to track.
Unlikely to Become a Trend
“The hacker returning stolen funds is an interesting twist, but it is unlikely to become a trend,” Sing stated.
“I think it’s a sign that fraudulent cryptocurrency transactions are not as easy to hide, the days of rampant, illicit monetary systems may be behind us. This could actually help legitimise crypto-currencies further & increase adoption.”
Bolster offers a free tool called Check Phish to check whether an NFT site is legitimate.
The Bolster research team also tracks emerging NFT scams & found the most popular cyber-criminal tactics include setting up fake stores, the sale of fake art (Banksy is a popular lure), Airdrop scams offering free crypto & brand impersonation on social media.
”These scams will get more complex & sophisticated,” Bloster researcher Abhilash Garimella predicted at the end of March.
“Scammers will keep innovating to make sure users fall for these. Not just NFTs, when buying anything online, a buyer needs to be aware of where & to whom they are giving away their credit card or banking information.”
Tricking the User
Hardly technical, most NFT scams rely on tricking the user into thinking they’re buying the real deal.
“3rd-party marketplaces are an easy target for hackers & ‘IP impostors,’” Christian Ferri from NFT PRO’s GREER explained. “The level of security tends to be fairly minimal & anyone can pretend to be Nike. The same happened back in the ’90s with e-commerce platforms.”
Market has Surged
The NFT market has surged recently, with more than $2.5b so far just this year. And as the market attracts money, it will draw in cyber-criminals looking to profit. Consumers will have to increase their awareness around potential NFT fraud, experts predict.