Share
Security Research
How to Blow Up a Scammer’s Business Model
July 6, 2023
•
Forta is a real-time detection network for security monitoring of blockchain activity. The decentralized Forta Network scans all transactions and block-by-block state changes, leveraging machine learning to detect threats and anomalies on wallets, DeFi, NFTs, bridges, governance and other Web3 systems. When issues are detected, Web3 infrastructure can respond to prevent attacks via transaction screening and incident response.
In recent years, the NFT marketplace space has skyrocketed, bringing in billions of dollars in trading volume. Like a bustling bazaar where digital artists, collectors, and speculators converge, it has become a fertile ground for innovation and commerce in the web3 ecosystem. These marketplaces primarily function through decentralized on-chain protocols, such as Seaport, Blur and LooksRare providing the perks of transparency and immutability.
However, with growing visibility and accessibility, NFT marketplaces have unwittingly attracted an unwanted element – scammers. They have weaponized the protocols to trick users into selling their NFTs for Weis on the Ether. Their scheme involves duping users into signing offers to sell their NFTs at zero cost or well below the floor price, with the scammers then executing the sale on their unsuspecting victims' behalf.
For instance, consider this example where an offer to ‘sell’ five NFTs from popular collections such as Wolf Game and ALIENFRENS for a grand total of 0 ETH was executed. To put things in perspective, the floor price for these collections hovers around 0.1199ETH and 0.1138ETH respectively. The victim, in this case, has been deprived of assets worth approximately 0.5873ETH, translating to an estimated loss of $1,879 USD.
A brief overview of the past month reveals a sad reality – fraudulent NFT orders executed on Seaport, Blur, and LooksRare protocols resulted in plenty of stolen assets. Seaport may have been the darling for fraudsters at the start of the year, but the Blur protocol is gaining more popularity with scammers. The distribution of the stolen NFTs now shows little preference between platforms. Scammers do not seem to care what they can get their hands on as long as there is an opportunity for profit in the end.
In response, Forta, a real-time distributed threat detection network, has been vigilant, identifying scams as they occur. Forta’s Scam Detector (threat category: fraudulent-nft-orders) is designed to recognize these fraudulent activities. However, identifying these scams as they occur seem to provide little opportunity for protection as detection happens at the point of the fraudulent sale.
However, scams rely on the return on investment. For instance, the transaction above cost the scammer 0.0469ETH (or 88.40USD). Following this, they have to sell the stolen assets and launder the proceeds. And let's not forget the costs and time associated with R&D that may be required. Currently, scammers find this business lucrative because the profit margin tips the scale in their favor.
But what if the balance could be tipped against them? Imagine a Web3 ecosystem with broader knowledge about stolen NFTs; picture a wallet that alerts you when you are about to purchase a stolen NFT; envisage marketplaces displaying such indicators. If implemented, do you believe scammers would be able to sell the stolen NFTs at the floor price of 0.5873ETH? Or do you anticipate a shrinking buyer cohort, leading to a drop in price and subsequently, their profits? Could the proceeds shrink below the transaction cost of 0.0469ETH, resulting in an overall loss for the scammers? Could such an initiative push scammers out of business?
The proposition seems plausible. Scammers are driven by economic incentives. Yet, to shift the landscape against them requires collective action. This calls for a united front from users, wallets, exchanges, NFT marketplaces, and threat intelligence providers. To clarify, this isn't about censorship; rather, it's about providing actionable real-time threat intelligence to render scamming unprofitable.
The Forta Community is stepping up, offering one part of the solution: real-time threat intelligence about scammers engaged in this activity and stolen NFTs. Such a Forta detection bot can be found here. If this is leveraged to warn users about potentially purchasing stolen NFTs, the tide may begin to turn against these nefarious actors in the Web3 ecosystem. The Forta Network encourages everyone who can utilize this threat intelligence to integrate it into their systems, helping push scammers out of business. Together, the community can safeguard Web3 and foster a secure, thriving NFT ecosystem.
Subscribe to Forta’s News
Stay updated on the latest Forta news and announcements.