Cybersecurity experts urge investors to err on the side of caution
A prominent collector was scammed into buying what he thought was street artist Banksy’s first NFT, exposing a key security risk when engaging in these types of digital investments.
An NFT, or non-fungible token, is a type of digital certificate of ownership commonly attached to artwork that can be verified through a blockchain ledger.
While they’ve been around for a few years now, prices have recently gone through the roof after digital artist Beeple sold an NFT for US$69 million at an auction in March.
And last week, it seemed even the notoriously secretive Banksy was jumping on the NFT bandwagon when his official website contained a link to an auction on the online NFT marketplace OpenSea that had what was claimed to be the artist’s first NFT on the block.
The winner of the auction, a well-known British NFT collector who goes by the name of Pransky, paid £244,000 in cryptocurrency for the artwork, called Great Redistribution of the Climate Change Disaster.
However, Pranksy grew suspicious after the link to the auction disappeared from Banksy’s site disappeared after the transaction.
Is this... real? https://t.co/jzxlAYs99T#Banksy #NFT on @opensea commentating on potential climate damage of PoW blockchains? pic.twitter.com/GG8FkGr2k7
— Pranksy 📦 (@pranksy) August 31, 2021
The BBC finally contacted Pranksy to confirm that the artwork he purchased was indeed a fake, and that scammers had hacked into Banksy’s website to post a link to the auction.
I've just had a @BBC journalist confirm that the #NFT that was hosted on https://t.co/t0Gq79xewG was not a real banksy, hopefully I can get in touch with the team who represents him, if not it was fun entertainment for us all today.
— Pranksy 📦 (@pranksy) August 31, 2021
Onwards and upwards! #NFTs #PranksygotBanksyd pic.twitter.com/VR51I4k4Cb
Pranksy’s money was eventually returned by the scammers, with the collector speculating on Twitter that the stunt was the act of an “ethical hacker” who was probably “proving a point.”
My ETH from the #Banksy #NFT purchase was just returned to me, ethical hacker proving a point?https://t.co/idDNEsEIhK
— Pranksy 📦 (@pranksy) August 31, 2021
However, the event highlighted one potential security risk of investing in NFTs – the need to verify that sellers are who they say they are.
“Potential buyers should remain largely skeptical of NFTs while they are in these early stages, as they can be easily exploited, and always err on the side of caution,” Jake Moore, a cybersecurity specialist at cyber security firm ESET, told CNBC. “Scammers are very good at manipulating people, and the makeup of NFTs lends itself to being abused even more due to the lack of a physical product or service.”
Meanwhile, Tom Robinson, founder and chief scientist at cryptosecurity analysis firm Elliptic, told the BBC that once a bid is placed in an online NFT platform like OpenSea, there’s nothing else a buyer could do if it turned out the sellers misrepresented themselves.
"OpenSea is the eBay of NFTs – it allows anyone to sell digital art that they own, or have created themselves. Once a bid has been placed, the seller can accept and the cryptocurrency is irreversibly transferred," he said.
