On 31 August, an NFT collector and trader known as Pranksy was scammed into buying a fake digital artwork by the famous street artist Banksy.
The Banksy NFT scam and the environmental damage
The collector was tricked by an elaborate scam set up by a hacker who managed to place a link, right on Banksy’s official website, promoting an auction on the well-known OpenSea marketplace of an NFT depicting a pixelated avatar with factories behind it, supposedly symbolizing the environmental damage caused by mining.
Believing it to be an original work and being, as he claims, a big fan of the artist, Pranksy outbid rival bidders by 90%, i.e. almost 100 ETH or roughly 380,000 USD.
But when his bid was immediately accepted, ending the auction days earlier than expected and removing the link on the official website, he realised he had become the victim of fraud.
The confirmation came when a Banksy collaborator explicitly stated that the artist had never created any artwork in NFT and that those in circulation were in no way associated with him.
A few hours later, the perpetrators of the scam refunded Pranksy 97 Ethereum (ETH); according to the anonymous trader, the refund was made because he believed he had spotted the possible hacker and had started following him on Twitter.
The winner in this case was OpenSea, a peer-to-peer marketplace for cryptographic collectibles and non-fungible tokens, which also earned a 2.5% transaction fee from the sale of the fake work.
Cyber Crime and DeFi
DeFi crime and fraud are among the most lucrative in the cybercrime landscape, which is why hackers are increasingly exploiting security gaps in a rapidly expanding market that, as a result of decentralization, has difficulty monitoring and anticipating fraud.
In recent years, criminal activities such as phishing and ransomware attacks have become increasingly common and frequent.
On OpenSea and Rarible, two of the main platforms where people can buy NFTs, it is not necessary to verify that you own something before putting it on the blockchain. Even verifying oneself on these platforms is not difficult: OpenSea, for example, doesn’t have verification at all.
In some cases, cybercriminals, impersonating real artists on NFT platforms, have offered works for sale digitally without the authors’ knowledge, which is what happened to Derek Laufman.
The illustrator and comic book creator discovered that a verified profile had been illegally created on the Rarible platform.
Tokenized images, online fraud and rugpulls
Another artist, Milos Rajkovic of Serbia, was left in disbelief when he found an impostor trying to sell 122 of his works as NFT for $50,000.
Also, the Hermitage museum in St Petersburg is awaiting a response to its complaints about the illegal sale of tokenized images by Rammstein frontman Till Lindemann and the NFT Frame Art platform.
In May, the musician had been granted permission to shoot a music video in one of the museum’s rooms, so Lindemann collected some photos taken inside and subsequently released them as NFTs without permission from the Hermitage.
A widespread phenomenon in DeFi is the “rugpull”: a manipulation in which a little-known token suddenly collapses when liquidity disappears, metaphorically pulling the “rug” out from under the feet of investors. The owners and developers of the DeFi project can then abandon the project and run off with the investors’ money who, according to some experts, can only be certain about the value of NFTs when they are inseparable from physical artworks.
Blockchain technology guarantees the authenticity of transactions and preserves data by denying the possibility of modifying it, but it cannot verify the genuineness of the data being entered and therefore cannot block the entry of false data or, as in these cases, a counterfeit NFT.