Amit Dar, ActiveFence’s Senior Director of Strategy, shares how NFT marketplace fraud is no different than the fraud we see throughout all marketplaces, just with new technology. Highlighting how the supposed security of NFT marketplaces brings more trust and therefore, more fraud, Trust & Safety teams must take a proactive approach.
In the new age of decentralized markets, where cryptocurrency and NFTs are now the norm, the same old fraud continues to wreak havoc. The creation of blockchain and a myriad of other new online security measures provided some hope for a secure and traceable financial future, creating entirely new markets for transactions based on their unique identification capabilities. But with the rise of supposed security came a lowering of one’s guard, and thus a striking point for fraudsters.
New Tech, Old Fraud
To understand NFT fraud, it is critical to understand how marketplace fraud works. Interestingly enough, the tactics of online fraud haven’t changed much since the start of internet transactions, remaining quite similar to old-school fraud.
Essentially, fraudsters use various ways to gain their victim’s trust, which often involve platforms unrelated to the marketplace. Once trust is obtained, the fraudster eventually gains access to the victim’s data (and funds) or sells them fake or non-existent items. The core component, however, remains the same: trust. Whether obtained by fraudulent emails or what appear to be reputable profiles – fraud is remarkably low-tech.
How Fraud has Scaled
The most significant change to online fraud in the past thirty years is the potential to scale: with over 1000 times more platforms to target and 5 billion new users, the opportunity for growth is endless. Additionally, as more online platforms (like social media companies) allow on-platform transactions, marketplaces are everywhere. For fraudsters, this means new avenues for fraud and a copious and steady stream of new targets at their disposal.
Another change involves ease of communication and access to knowledge. As the web has scaled, so too have the outlets in which threat actors can collaborate. The dark web and dedicated forums are filled with fraudster chatter – as they share best practices and tactics and collaborate on complex operations.
NFTs are just a slice of the fraud pie: every emerging technology has a phase of illegal activity, especially when no regulation exists. While the threat of fraudulence isn’t necessarily new to those that use blockchain, scams are surging as more consumers flock to seize the opportunities it offers them. In the last year alone, cryptocurrency scams hauled in $7.7 billion, up 81% over the previous year.
For NFTs, Risks Lie Beyond the Platform
NFTs should offer a feeling of security, as they operate on the blockchain allowing users to track all transactions. But this awareness creates an illusion of safety that enables users to drop their defenses, opening them up to severe risks.
Because fraud employs low-tech methods, the promise of security on the blockchain does not deter fraudsters. In fact, most scams do not take place directly on NFT marketplaces: fraudsters lure unknowing purchasers outside of the exchanges, stealing their data to unlock their accounts.
Methods of attack involve various tactics, both on- and off-platform. These include carefully crafted phishing messages sent via email or messaging platforms and imposter apps or websites that fool users into sharing personal and account information. Malware attacks are launched that gain access to data stored on a victim’s device, while apparently reputable on-platform accounts are deployed to trick victims into purchasing a fake (or non-existent) product. The results can be dire. In one example, fraudsters posing as customer support representatives swindled one NFT enthusiast out of assets worth over $480,000.
What Platforms can do
As discussed, the threat of fraud is unrelated to the blockchain and new technologies. In fact – fraudsters live off of the assumed safety of the blockchain. Being aware of this paradoxical situation is the first necessary step toward making NFT marketplaces safer.
The next step is to take proactive action. Knowing that NFT fraud doesn’t start and stop in the marketplace, Trust & Safety teams must therefore gain access to chatter and collaboration conducted in the murky waters of the dark web. By doing so, platforms can learn how fraudsters operate, the tools they use, how they use them, and what the newest threats and trends are. By taking a proactive approach, platforms need no longer to react to threats after the damage is done but can protect users before they face financial loss.
The approach to mitigating the risk will be dictated by many factors, including the risk itself. However, with foresight, Trust & Safety teams will have the advantage of time to choose the right approach.
To draw on a simple metaphor, we used to be in the position that when a bank heist was pulled, we would be left to negotiate with the criminals at the scene of the crime. Now, we can sit in their planning room, learn exactly what they intend to do, and wait at the bank before they even appear.
As we move towards an internet where more platforms emerge and existing platforms evolve to offer more forms of e-commerce, Trust & Safety teams must be ready to respond to fraud when it inevitably comes.