How Political Contributions, The NBA, And The Masked Singer Can All Be Manipulated Through NFTs

News | October 22, 2021 By:

The Manhattan District Attorney Office published a recent article, “NFT scam and frauds” stating: “Recent months have seen an explosion in consumers’ interest and investment in non-fungible tokens (“NFTs”).

To experienced scammers and criminals, the smart contracts and NFT ecosystem is easy money. As they wipe out millions of dollars from unsuspecting investors’ portfolios, what can be done to stop them?

Manipulating the price of an NFT is a shockingly simple task, so much so that a single person can easily execute an auction manipulation scheme with just a few simple steps.

Stage 1: Utilizing DeFi to pool funding

Outside funds such as BTC can be converted in Wrapped Bitcoin (WBTC), and then further converted via decentralized exchanges like Uniswap into USDC stable coins.

The funds can then be distributed to a multitude of wallets, all owned by the same person but posing as unique bidders: ‘1’ ‘2’ and ‘3’

Stage 2: Build an NFT auction house: “Ascending Auctions”

A prospective scammer can code or simply copy known smart contracts and create his own NFT auction house, or exploit a pre-existing and vulnerable marketplace. A typical NFT auction house smart contract has three key functions:

  • CreateAuction

  • Bid

  • Cancel

Suppose a listed NFT starts bidding at $10,000

Stage 3: Pumping Up the Price

“1” Bids  $10,000 USDC on the NFT to the auction house. Aside from the commission fee, the only cost is the Ethereum gas fee (we set it as low as 10 GWei) to call the “bid” function, which costs only $8.

“1” receives the NFT; and then re-lists the NFT for $500,000

“2” bids and wins the NFT. “1” receives $500K.

“2 calls CreateAuction to list the NFT for sale yet again, this time for $1 Million!

The scammer, consolidating his remaining funding, bids $1 Million as “3”, winning the NFT.

The most expensive operation is the Bid smart contract function call. Fortunately, with the recent Ethereum London upgrade, we are seeing that the cost has dramatically dropped, and the total gas fees for an operation like this can be as low as $100.  For as little as $100, the perceived value of an NFT can be dramatically manipulated by just a single individual, with far-reaching implications in money-laundering, the funding of terrorism, the integrity of the market, and beyond.

All of these, however, can be remedied with a few key measures.

  • KYC processes, ensuring that all participating wallets can be linked to individuals/entities

  • AML Compliance & transaction tracing. The technology does exist to trace NFT transactions, wherever they may end up (seen below)

Combined, these tools can provide sufficient insight into NFT market participants to close the glaring vulnerabilities that currently exist, and empower the retrieval/investigation efforts carried out by NFT platforms and law enforcement.