At the moment, there are many local laundering through the purchase and sale of NFTs, we have chosen about three of the main ones.
All information is provided for informational purposes only. Remember that we’ve all heard of the “smartest” scammers, which means that even the most cunning ones get caught up in their “cunning” tricks.
METHOD 1. PURCHASE AND SALE
The essence of this laundering is simple — it is required to clean the funds as much as possible by running them through many transit addresses using various mixers.
The final step will be to clear funds through NFT buying and selling.
Imagine that “UnknownUser” is a scammer who ran the stolen funds through all possible mixers, creating hundreds of transit addresses along the way, ultimately collecting all the funds in one address. What to do next? — Go and buy NFTs for resale! “UnknownUser” buys an expensive, hype NFT and then resells it.
The point is that when another user pays “UnknownUser” in tokens for an NFT, “UnknownUser” will receive clear funds in his address (unless, of course, you are selling this expensive NFT to another scammer).
Further, these funds can again flow into the mixer, then into the purchase of a new token, and so on until the “detectives” behind the stolen funds lose trace.
METHOD 2. BUYING NFT FOR INCREASING LIQUIDITY
In this method, the attacker tries not to attract the attention of “whales” so that there is no extra attention from large investors, companies or just large traders.
The first step is to complete method 1, but with one correction — you need to buy not a hype NFT, but some unknown one. The easiest way is to create your own NFT, but some scammers resort to promoting existing NFTs.
Imagine that “UnknownUser” is a scammer who took possession of other people’s funds, he drove all the funds through the mixer and distributed them to hundreds of addresses. Next, he finds a collection that already has a small, existing community. With the help of his hundreds of addresses, he begins to buy up NFTs and resell to himself. The community that is involved in this collection sees the movement of funds, and begins to buy up these NFT tokens, thereby giving the attacker clean funds.
Here is an example from the Chainalysis investigation:
This figure visually shows the flow of funds. The seller gives the NFT to the buyer → the buyer puts it on the marketplace → the same seller buys the same NFT token. Only there is one caveat — the seller and the buyer are the same user.
After analyzing the entire scheme in detail, Chainanlysis identified all the addresses that participated in the purchase and sale of the token:
Thus, it turned out that all addresses that bought the same NFT have a common connection — one address (in our example), which financed all addresses for further purchases.
We assume that such addresses were identified using the science of heuristics, which, in combination with ML algorithms, gives high accuracy in detecting behavior patterns. Thus, it turned out that all addresses that bought the same NFT have a common connection — one address (in our example), which financed all addresses for further purchases.
We assume that such addresses were identified using the science of heuristics, which, in combination with ML algorithms, gives high accuracy in detecting behavior patterns.
METHOD 3. ROYALTIES OR REWARDS
If the first two methods have already been known since the advent of NFT marketplaces, and talk about money laundering through the use of trading platforms began back in 2017, then this method was first talked about at the end of 2021-beginning of 2022.
Instead of inflating the value of NFTs, scammers make money from the rewards they receive from the marketplace.
On one of the largest marketplaces, at the beginning of 2022, NFT movement between a group of users was noticed. To summarize, 3 addresses exchanged NFTs between each other, reselling the NFTs to each other for large amounts. As a result of such transactions, they managed to generate more than 650,000 promotional tokens. At the same time, these tokens were immediately sent to staking.
The amount they spent on commissions on transactions paid off several times over through sales royalties.
What exactly did “UnknownUser” do?
“UnknownUser” creates an NFT, the marketplace determines that “UnknownUser” is its creator and some marketplaces pay rewards in their tokens for the sale of your NFT (under certain conditions). Further, with the stolen funds transferred to other addresses, “UnknownUser” begins to buy this NFT from himself, receiving reward tokens from the marketplace.
By the way, about the real facts:
-
from January to May 2022, wallets were able to accumulate 106 million in rewards, that is, more than 185 million dollars;
-
114 million was paid out in transaction fees;
-
the profit from this scheme was $71 million.
NOW LET’S PRETEND WE ARE A HACKER
Step 1. Preparation
In the Web3 world, our name is “UnknownUser” and we just hacked small regional exchange, withdrew 750.000 USDT on the ETH network and keep it in the wallet. Of course, we did not forget to withdraw $250,000 in ETH tokens directly from the same hacked exchange to the same address to pay fees.
Next, we converted all USDT to ETH on DEX, because it doesn’t matter to us in which token to withdraw funds, and extra actions are always required with a non-native token, and we will convert on DEX due to the lack of KYC.
Step 2. Hiding funds
Roughly speaking, we stole 1 million dollars and all the tokens on our address are ETH. For cashing out, we will use method 3, since the first method is too simple, and the second is too unreliable.
Next, with the help of scripts, we generate 1000 addresses for ourselves. Deployment in the Ethereum network is not required, so in just a couple of clicks we will get 1000 different public keys. Also, we are creating another 1115 addresses for further use.
We will distribute the entire stolen million to all addresses, so, taking into account commissions, we will end up with an unequal amount of money at each address. Remember about heuristics, so we make addresses with amounts less than $1000 in any range, for example $850, $944, $956$. Often, transaction monitoring is interesting to any crypto company, and in most cases, monitoring begins if the ongoing transactions exceed $1000. That is why, in order not to catch the eye, we take into account this factor.
Let’s do the rough math. $1,000 for each of 1,000 addresses (excluding fees). Further, with each address, we go to the mixer, for example, Tornado Cash and ask him to withdraw all our funds to unused 1115 addresses with one condition — the amounts must be different. Thus, we will receive on the “clean” addresses the amounts:
We leave $19610 for expenses, namely:
for the first thousand addresses — $3 for each address to make a transfer transaction to Tornado Cash; for 1115 generated — $7 per address, for buying and selling. In total, we will spend: $3000+$7805=$10805, part of the remaining funds will go to commissions in Tornado Cash.
The last step will be to create 1 Airdrop address for regular ETH users. We have about $8,000–5,000 left, and we will transfer these funds to him through the mixer.
Step 3. Gathering an audience
The first step is to gain some kind of audience. The topic of your community will be cryptocurrency, memes, anything to make the user linger and read any of your work to the end. To keep active, let’s buy $1,000 worth of ads, which will be enough to gather a small group of a couple of thousand people.
At this point, many would have already started counting profits, but do not forget about maintaining anonymity! The main thing is not to compromise your bank details, IP addresses when paying and communication when buying advertising.
Further, the activity of users will be supported by Airdrop ETH. The conditions are simple — bring a friend, tag and get $1. Next, we make a couple of drawings, during which the audience will receive some funds.
Thus, we have collected a couple of thousand people who come to check your community for freebies.
Step 4: Create an NFT Collection
Next, you will need to make an NFT collection. Distinctive features will be something that catches the eye of users. In our case, this is something around the “18+” limit. Let’s create a collection by rendering everything in Photoshop. Idea: depraved dinosaurs. BTW, the collection is real. Let’s create a fun website where you can at least laugh heartily, tap different buttons so that the user stays longer, for example — gondinoton.io.
We will spend about $500-$1500 to create everything.
After that, we notify everyone that the next draw will be directed to NFT, all you need to do is tell your friends, check in and randomly you will receive one or another NFT.
Further, the audience can react in any way, but you will be satisfied with any alignment. If the audience starts activity, we are holding a raffle and give away part of the NFT to users, if there is no feedback from the audience, then we make a fake raffle and mint all NFTs on the marketplace, which pays Roalty to the author.
Step 5. Increasing the cost to show users its liquidity
Further, we, having in our hands 1115 addresses with balances of less than $1000, we start to increase the price of our NFTs by buying them from ourselves. Along the way, it is required to inform the audience about our achievements.
What will we have on hand? About 2000 people, who could bring as many more freebie lovers who see how NFTs are growing in front of their eyes:
-
each NFT is on auction;
-
new bids with higher costs every hour;
-
floor (minimum NFT value) of the collection grows every hour.
Of course, after that, users will appear who will begin to fight for such a tidbit.
Step 6. Calculate profit or “we laundered dirty money”
The essence of this laundering is simple — it is required to clean the funds as much as possible by running them through many transit addresses using various mixers.
When selling, it is worth manipulating each user, because no matter what art is, everyone wants to make money on it. And, even if there is a user who will beat all your bets, you should not be upset — this is another pure money, just received by 2nd laundering method, not 3r.
In our method 3, we receive the so-called promotional tokens, as the author of the NFT. We will receive these tokens every time, even if we bought a token from our fake address.
When passing the circle: the seller (we) → the buyer (we) → the marketplace, we still receive reward tokens that have value. With these tokens, we can go staking to further increase our income and recoup the fees.
