From inception till today: the biggest NFT heists
In recent years, non-exchangeable tokens (NFTs) have become extremely popular. Increasingly, the internet space is filled with news of NFT purchases for colossal sums of money.
The popularity of tokens surged in 2021, following the December sale of NFT art project The Merge for a whopping USD 91.8 million. Another high-profile event is the sale of NFT collage Everydays: the First 5000 Days, which was bought by a collector for USD 69.3 million, making this token the most expensive among individual NFT pictures.
The above examples confirm the staggering sums associated with NFT sales. However, are NFTs and money in NFTs safe? And how much money has been lost due to hacks of NFTs and their platforms?
Let’s take a look at the 10 biggest NFT-related incidents of all time. And let’s also take stock of NFT thefts over the past year.
Impressive volumes of NFT thefts
Since the non-exchangeable token standard was first introduced, there have been 186 incidents, totalling USD 722.3 million in losses up till October 2022.
This data has been collected by means of Comparitech’s service.
The first NFT theft was recorded in the spring of 2020.
The largest NFT thefts to date are published below, with damage amounts in USD at the current exchange rate at the time of the attacks.
1. Lympo — USD 18.7 million stolen. The NFT sports mining platform, a subsidiary of Animoca Brands, lost 165.2 million LMT tokens in hot wallet hacks in January 2022.
2. Farmers World — USD 15.7 million stolen. The WAX cryptocurrency network game, Farmers World, suffered a hack in November 2021, resulting in a loss of more than ¥100 million (USD 15.7 million). However, some experts speculate that the figure could be as high as ¥300 million.
3. Bored Ape Yacht Club — USD 13.7 million stolen. In April 2022, fraudsters stole tokens from the developers of the Bored Ape Yacht Club collection. The theft was committed by hacking into an Instagram account. Mutant Apes, Azuki, Otherside and CloneX tokens from the same developers also suffered from scammers, but in different incidents.
4. DragonSB Finance — USD 10 million stolen. In April 2022, the smart contract of the company that developed this game project was hacked by hackers.
5. OpenSea — USD 3.4 million stolen. In February 2022, hackers managed to steal over 1,200 ETH from the NFT in a phishing attack. The attackers tricked users of the OpenSea marketplace.
6. TopGoal — USD 2.2 million stolen. In February 2022, TopGoal was attacked and over 4.8 million TMT were transferred from the platform’s hot wallet to the hacker’s address.
7. The Shifters — USD 2 million stolen. At the launch of The Shifters collection, thieves stole money from users through fake websites and Discord messages. The incident happened in March 2022.
8. Alethea AI — USD 1.8 million stolen. In March 2022, 840 ETH was stolen as a result of a Discord compromise.
9. Moonbirds — USD 1.5 million stolen. Hackers created a malicious link that, by tricking users, brought them 29 NFT Moonbirds with an estimated value of 750 ETH. The incident took place in May 2022.
10. Omni — USD 1.4 million stolen. NFT financial platform Omni, suffered a hacking attack in July 2022. The damage to the platform was estimated at 1,300 ETH. Omni provided the ability to borrow funds against NFT collateral. The theft took place through a re-entry attack.
Another expensive stolen NFT asset, according to Elliptic, was a token from the well-known Cryptopunks collection. The damage cost at the time of the theft in November 2021 amounted to USD 490 thousand.
NFT scams over the past year
Between July 2021 and July 2022, fraudsters managed to steal more than USD 100 million worth of NFT, according to a study by blockchain analyst Elliptic.
Below is a chart showing the number of tokens stolen and their value by month
In calculating the damages, Elliptic’s analysts took into account only those cases that were publicly reported. Since cases of low-cost NFT theft are not always widely known or publicly disclosed, it is logical to assume that the total number of actual losses is much higher than that shown in the chart.
The study concluded that, on average, each attack generated USD 300,000 in riches for fraudsters.
According to experts, scams in the NFT industry are not declining despite the market entering a bearish phase. The most “productive” month for criminals in 2022, in terms of the value of stolen assets, was May – the total amount was about 24 million USD, and in July a record number of tokens was stolen – 4647.
According to the report, scammers managed to get 23% of stolen NFTs by compromising social networks (mainly Discord) and sending phishing links in them. Other methods of deception are also practised, including fake malware sites and email exploits. Hackers also hack into users’ wallets, as in the recent Solana case, when attackers managed to steal millions of dollars using more than 8,000 hacked Phantom, Trust Wallet and Slope wallets.
How to counteract this frightening trend of theft? We need to know the weaknesses of NFTs and address them. That’s why we not only investigate these incidents but also prevent them. We regularly perform security audits of smart contracts, software and systems of NFT companies. We also teach how to recognize fraud and counteract it. Consider our blockchain security services to mitigate the risks of the incidents described.
Subscribe to our Telegram channel to make sure you do not miss any new articles on our blog.