Stolen NFTs Part 1: the rise of theft

February 12, 2024

As anyone involved in the crypto sector knows, hacks, thefts, and exploits feel omnipresent.  

And while attention tends to focus on the higher-profile, higher-value events - think Wintermute, Mango Markets, Wormhole and Axie Infinity (which amount to more than $1 billion in stolen funds) - other types of theft continue to happen right under our noses, to almost no fanfare or recourse.

The phrase ‘rug-pull’ entered the crypto lexicon less than two years ago.  Often used in tandem with ‘exit scams’, it is now in wide use to describe the theft of investor funds by founders and administrators.  

The phenomenon has been popularised on crypto Twitter - driven by self-taught internet sleuths who are determined to lift the veil on shady crypto operators and influencers.  

Increasingly there are resources for crypto users to report stolen funds or even check to see whether addresses have touched high-risk addresses (see Hoptrail’s own EthScamCheck).

But there remains almost no avenues to assist in recovery or reprimand.  It is an issue that the crypto space is grappling with: identification of stolen assets is (relatively) easy; recovery is not.

More pertinently, there remains limited data on the perpetrators and wallets involved, nor sufficient communication between protocols and platforms to inform of high risk events.  In this series, we seek to shed light on these issues and the accounts and addresses behind some of the more egregious heists.

Limited data, no recourse

One area which goes almost unnoticed in the public domain is the issue of stolen NFTs.  Victims have typically been caught out by a malicious link, a bug, or an exploit; or have been tricked into an off-marketplace transfer.

Part of the reason these issues fly under the radar is because the victims are individuals, with few or no legal routes.  They typically do not know who the perpetrator is, nor have any way of conducting investigations to unpick the attacker’s identity.  

Data from OpenSea, the world’s largest NFT marketplace, indicates that almost 1,000 NFTs belonging to the top seven collections have been marked as suspicious or stolen in the last year.  

The most compromised collection in absolute terms is Mutant Ape Yacht Club, which has suffered at least 268 transfers of stolen or suspicious goods across 207 assets in the last year and a half.  This is around 1.1% of the entire collection.  

This is a similar percentage to other collections Clonex, Azuki, and Bored Ape Kennel Club, ranging between 0.87 - 1.34%.

But in terms of percentage and value, Bored Ape Yacht Club outstrips them all.  The floor price for BAYCs is ETH 78 ($101,000).  They are among the most highly-valued assets in the NFT ecosystem.  

Hoptrail estimates that 144 BAYCs have been identified as stolen or suspicious.  This equates to more than 1.4% of the collection since April 2021.  The value of stolen or suspicious BAYCs now exceeds $30 million.

Stopping the Steal

OpenSea has begun tagging assets that are reported as stolen or associated with suspicious activity.  It is the first marketplace to do this.

Red flag tagging halts buying and selling on the platform but it does not prohibit the transfer of the asset.  Off-market sales can and do occur, and there is little that can be done to stop it.

Moreover, there is little information on when (and for what reason) the assets have been flagged.  Which specific transfer does the suspicious activity related to?  That too is unclear.

The good news is that deeper analysis can be done on individual holders of the assets to determine their connection to any high-risk issues.

Hoptrail has identified more than 3,000 buyers of stolen or suspicious assets across the top collections.  In some cases, addresses are seen multiple times, suggesting that these accounts may be involved in orchestrated, organised schemes to target and steal high-value NFTs.

These accounts continue to transfer uninhibited, often on other marketplace platforms, among which there is limited communication on stolen or flagged assets.

As long as NFT collections hold or rise in value, the presence of scammers will persist.  But until there is a coordinated response among market participants to ensure data is shared, theft will continue unpunished.

Hoptrail Insight

OpenSea is currently 11th in our NFT Marketplace Leaderboards with a score of 52.07.  To put that into context, it would not feature in our Gambling Top 10 for AML controls; and is over 15 points behind the leading NFT Marketplace, Sorare.  

Our Leaderboards track, score, and rank VASPs across more than 20 AML variables, showcasing how well services are responding to and dealing with financial crime risks.

In part two we explore the mechanics behind NFT heists, and dig into the key accounts driving NFT theft.


Hoptrail Intelligence: Real-Time Risk Alerts on Wallets & VASPs

April 18, 2024
Alerts is the latest feature in the Hoptrail crypto compliance toolkit, designed to ensure users stay on top of counterparty risk issues in real-time.We are thrilled to announce the release of Alerts, our real-time risk monitoring tool for cryptocurrency wallets and Virtual Asset Service Providers (VASPs).

HM Treasury applies first-ever crypto sanctions amid coordination with US and Israel

April 8, 2024
HM Treasury issues sanctions on crypto addresses as part of wider efforts from allies to crack down on crypto use by terrorist groups
Media & Press

Hoptrail and Recap secure InnovateUK grant funding to develop crypto onboarding tools 

March 14, 2024
A consortium including Hoptrail and led by UK crypto tax software provider Recap has secured a £300,000 Innovate UK grant to build crypto onboarding and AML tools for professional services.

Subscribe to the Hoptrail newsletter

Sign up with your email address to get the latest insights from our crypto experts.

No spam! We respect your privacy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.