Beyond the Hype: Understanding NFT Scams & Mitigation Strategies

Treasury’s Analysis of NFT Risks & Mitigation Strategies

On May 29^th, the U.S. Treasury Department issued the “Illicit Finance Risk Assessment of Non-Fungible Tokens (NFTs)” as part of its 2022 “Action Plan to Address Illicit Finance Risks of Digital Assets.” This assessment provides a detailed analysis of the NFT market, focusing on potential risks related to illicit finance such as money laundering and fraud. The report outlines vulnerabilities within the NFT ecosystem and proposes strategies to mitigate these risks. While not legally binding, the Treasury’s assessments play a crucial role in shaping future regulatory and policy discussions concerning digital assets. They aim to safeguard consumers, industry participants, and the broader public from potential harm, thereby upholding the stability and trustworthiness of financial systems.

The U.S. Treasury Department’s risk assessment on NFTs explicitly states that “illicit finance activities utilizing NFT products and markets, including terrorist financing, money laundering, and proliferation financing, are uncommon in the space and that these activities primarily take place in traditional finance.” It highlighted significant issues of fraud, scams, and theft within the NFT market. The assessment also reported that from July 2021 to July 2022, scams resulted in the theft of approximately $100 million worth of NFTs, with $24 million stolen in May 2022 alone.

Common NFT Scams

In the Treasury’s analysis, NFT scams are a focal point. Some of the key types of scams identified include:

• Rug Pulls: This circumstance involves creating fake projects to attract investments, then abruptly shutting down the project and absconding with the invested funds. “Slow rug pulls” occur when funds from an initial project are diverted to finance subsequent scams.
• Market Manipulation: Market manipulation refers to artificial attempts to influence the price of NFTs. Scammers use deceptive practices to inflate or deflate the perceived value of NFT assets, misleading investors.
• Fake and Counterfeit Sales: Scammers misrepresent the value, brand association, or access rights of NFTs. An emerging tactic called “sleepminting” involves hackers minting NFTs to appear as if legitimate sources created them, and then selling them as authentic.
• Fraudulent NFT Platforms: Using this tactic, scammers create fake platforms that either fail to honor NFT exchange agreements or are designed solely to steal NFTs from unsuspecting users.
• Theft: Criminals spread malware through social media links, fake advertisements, or airdropped NFTs, enabling them to drain victims’ digital asset wallets. Fake NFT creator accounts with phishing links trick victims into connecting their wallets. Unrestricted digital wallet access allows criminals to steal funds.

The assessment also noted vulnerabilities and glitches in smart contracts, which facilitate various types of NFT theft and manipulation. Due to the immutability of many smart contracts, developers often cannot rectify or recover funds lost through these exploits.

Overall, these findings underscore the urgent need for robust regulatory measures and enhanced security protocols within the NFT ecosystem. Implementing crucial security practices can help to protect investors and maintain the integrity of digital asset markets. To implement these processes and controls effectively, the report emphasizes the necessity for increased collaboration between the government and industry.

NFT Vulnerabilities & Security Flaws to Watch For

NFTs face vulnerabilities stemming from their unique characteristics, associated assets, and regulatory gaps. One of the unfortunate results of these gaps is that criminals find various ways to exploit NFTs. Some examples are:

Cyber Vulnerabilities

NFTs are susceptible to cyberattacks and hacking due to their digital nature and reliance on blockchain technology. Criminals exploit weaknesses in platforms, smart contracts, and digital wallets to steal NFTs or defraud users.

Trademark & Copyright Challenges

Criminals misrepresent NFT ownership rights, often violating copyrights and trademarks. They create counterfeit NFTs, inflate their prices by falsely attributing value, or sell unauthorized digital representations of copyrighted material. Identifying infringers is challenging due to the anonymity provided by blockchain and jurisdictional issues.

Market Hype & Pricing Fluctuations

Scammers leverage the hype surrounding NFTs to create fraudulent schemes. They use high-pressure tactics, such as time-sensitive offers or false scarcity, to manipulate potential buyers into making hasty and uninformed decisions. Fluctuating prices in the NFT market can also obscure fraudulent activities like price manipulation and money laundering, making it harder to detect and prevent.

Regulatory Compliance Issues

Non-compliance with U.S. regulations and regulatory gaps in foreign jurisdictions pose significant risks. The decentralized and cross-border nature of NFT transactions complicates enforcement efforts and regulatory oversight, allowing criminals to exploit jurisdictional discrepancies and evade legal consequences.

Addressing these vulnerabilities requires coordinated efforts among regulators, platform operators, and market participants. Partnership across these key groups will help establish robust cybersecurity measures, enhance copyright and trademark protections, and strengthen regulatory frameworks. Ensuring transparency, accountability, and consumer protection within the NFT market is essential to mitigating these risks and fostering trust among investors and users alike.

Best Practices to Mitigate NFT Risks

Although there are no guaranteed ways to avoid risks associated with NFTs, the Treasury’s analysis shares ways consumers can prevent fraudulent activities. The report suggests several effective mitigation strategies against the identified threats within the NFT space:

Industry Tools

Implementing tools such as scam databases, transaction controls, and blockchain analytics can significantly enhance security measures. These tools help identify fraudulent schemes, preventing wash trading (where a trader simultaneously buys and sells the same asset to create misleading activity), and flagging high-risk users. Enhanced software reviews and cybersecurity measures further bolster protection against vulnerabilities.

Applicability of Law Enforcement Authorities & Public Announcements

NFTs are recognized as property, allowing law enforcement authorities to pursue asset recovery in cases of fraud or theft. Victims are encouraged to report incidents to agencies like the FBI or through platforms like IC3.gov. Public announcements raise awareness among users and provide guidance on how to recognize and prevent fraudulent activities.

Public Blockchain Transparency

Public blockchains offer transparency by allowing the tracking of pseudonymous transactions. This transparency aids investigations into illicit activities involving NFTs. However, the effectiveness of this transparency may be limited by anonymity-enhancing technologies and off-chain transactions that aren’t visible on public blockchains.

Involvement of Covered Financial Institutions & Compliance Obligations

Many NFT transactions involve traditional financial institutions acting as intermediaries. These institutions are encouraged to comply with anti-money laundering (AML), countering the financing of terrorism (CFT), and sanctions obligations. Their involvement in NFT transactions helps mitigate risks by ensuring that illicit funds do not flow through the financial system. Non-compliance, particularly by foreign virtual asset service providers (VASPs), introduces additional risks and underscores the need for international cooperation in regulatory efforts.

By employing these mitigation strategies, stakeholders can enhance the security, transparency, and integrity of the NFT market, thereby reducing the prevalence of fraud, scams, and other illicit activities associated with NFTs. Furthermore, international counterparts can harmonize regulatory approaches and enhance global enforcement. Education efforts should also focus on raising awareness about NFT rights and risks among consumers and investors.

What’s Next

Overall, the Treasury’s assessment provides a clear understanding of the risks associated with NFTs from an illicit finance perspective. The report goes a step further by proposing actionable steps to mitigate these risks while fostering a safe and innovative environment for digital asset transactions.

By acknowledging these vulnerabilities and implementing mitigation strategies, consumers and regulators can work toward a safer NFT market. This will support continued growth in the digital asset space. Until then, reach out to Wolf’s Crypto and Blockchain team to learn how we can support your organization’s regulatory framework.