As a blockchain analytics company focused on monitoring, detecting and investigating crypto fraud and financial crime, TRM routinely alerts our clients — crypto exchanges, financial institutions and government agencies — to new threats that could target their systems and end-users.
Over the last several months, TRM investigators have identified a significant increase in attacks targeting Non-Fungible Token (NFT) consumers. These attacks originate from various access points, including social media direct messages, encrypted chat apps, SMS texts, and solicitation through email to download attachments, or visit a phishing website. In some cases attackers tricked individuals into revealing their private keys.
Last week, we investigated two NFT rug pull incidents that totaled approximately $2.5 million in losses for victims. A rug pull is a malicious maneuver in the cryptocurrency industry where crypto developers abandon a project and run away with investors’ funds. Here's a summary of the scams:
Scam #1: IconicsSOL
Last week, the IconicsSOL NFT drop opened with a mint price of 0.5 SOL. TRM reviewed on-chain flows associated with the IconicsSOL NFT drop and found that users submitted 0.5 SOL over a period of three minutes before the website refreshed with a sold out message. The NFT mint website launched by IconicsSOL was mini-guys[.]on[.]fleek[.]co, suggesting that IconicsSol was actually a rebrand of the Mini Guys NFT.
@SOLBigBrain was first to break news of the scam on Twitter, announcing that the scammers may have collected over 1,000 SOL by minting as many as 2,000 NFTs — worth approximately $156,000 USD at the time of this publication. Shortly after the IconicsSOL scam was uncovered, as many as ten different Solana NFT projects offered to provide free NFTs to victims of the rug pull.
What we know
The above graph shows on-chain Solana flows associated with the attacker. TRM Labs analysis connected a recipient wallet of the IconicsSOL scam to a Degen Lizzy NFT purchase. TRM is collaborating with law enforcement and industry partners to provide additional details on this investigation. Please reach out to firstname.lastname@example.org to inquire.
Scam #2: Baller Ape Club
On October 1, 2021, the highly anticipated Baller Ape Club NFT drop went live with 5,000 apes available for mint at the price of two Solana. Shortly after the mint was sold out, the Baller Ape club admins deleted their Discord, websites, and Twitter accounts. Twitter went viral with investors confirming it was a rug pull.
What we know
On-chain analysis by TRM has identified approximately $2 million USD worth of Solana stolen by the Baller Ape Club from investors. This is the largest known NFT rug pull to date across any blockchain. TRM is collaborating with law enforcement and industry partners to provide additional details on this investigation. Please reach out to email@example.com to inquire.
What can be done to counteract NFT fraud?
TRM is actively tracking multiple actors and exploits that have occurred over the last several months connected to NFT drops. TRM's blockchain intelligence team quickly spins up attribution reports that automatically notify TRM partners through our risk engine of possible scammers using their platforms. We routinely monitor NFT drops across multiple blockchains and actively investigate any identified or reported scams to ensure our partners are aware of the fraud and the addresses associated with it.
Recently we announced that our Blockchain Intelligence platform is now integrated with Solana. The integration is a key enabler for the investigations outlined above, in which proceeds from illicit activity are being moved across the Solana network. Read more about the integration here.
About TRM Labs
TRM provides blockchain intelligence to help financial institutions, cryptocurrency businesses and public agencies detect, investigate and manage crypto-related fraud and financial crime. TRM's risk management platform includes solutions for transaction monitoring and wallet screening, entity risk scoring including VASP due diligence, and source and destination of funds tracing. These tools enable a rapidly growing cohort of organizations around the world to safely embrace cryptocurrency-related transactions, products, and partnerships.
TRM is based in San Francisco, CA, and is hiring across engineering, product, sales, and data science. To learn more, visit www.trmlabs.com. To report a lead to Global Investigations, email us firstname.lastname@example.org.
Access our coverage of TRON, Solana and 23 other blockchains
Fill out the form to speak with our team about investigative professional services.