This article comes from the WeChat public account Laoyapi (id: laoyapi).

This article comes from the WeChat public account Laoyapi (id: laoyapi)."I purchased an NFT on OpenSea the other day, it was a cartoon by the talented artist Helen Holmes from her"original

I commissioned Helen to draw the cartoons that I used to illustrate my articles, these cartoons were original works created by her and I have the right to use them under our own agreement. And I'm happy to say that if someone bought her NFT, the money would rightfully go to her. It turns out that this makes"mine"mine"NFTs become one of the few legitimate examples, as last month OpenSea said more than 80 percent of NFTs created for free on the platform were"。

Plagiarized works, fake favorites and spam

I say "my" NFT, even though owning an NFT doesn't mean I have any rights to the underlying intellectual property, which still belongs to Helen, nor does it mean I have unique access to the image itself, anyone just right clicks The pictures above can be downloaded.

Even NFTs that aren’t knockoffs tend to be evasively hidden. I also put in this category the NFT of an x-ray of a survivor of the Bataclan massacre in Paris that was offered for sale by the surgeon who treated her, and the questions contained in it are not related to us. It's not about OpenSea, it's about the market as a whole.

secondary title

innovation

innovation

It looks like NFTs are providing a platform for both innovation in fraudulent behavior and innovation in creative works. The most common one is the so-called "false transaction", that is, a group of fraudsters trade NFT among them at higher and higher prices, until retail investors who don't know the truth think that the price is real and step in to buy the "art". ". At this point, the group divides the proceeds among themselves, repeating the operation in the market.

This type of fraud is rampant and sellers are both buyers and sellers laundering money. This isn’t just some cryptocurrency looting from the public by falsely inflating the value of NFTs. The U.S. Treasury Department has already raised concerns that the activity could be used for money laundering.

OpenSea was recently overtaken by LooksRare in terms of numbers. LooksRare rewards users financially for their trading volume, which predictably means some rogue gaming systems. Cryptocurrency analysis firm CryptoSlam estimates that roughly 87% of total transaction volume since launch was actually fake transactions.

(According to Chainalysis' detailed study of the problem, there is an interesting asymmetry in fake trading of NFTs. Most traders are unprofitable, but successful traders are so profitable that as a group , this group has gained huge profits).

Looking at NFTs as a platform for fraudulent innovation, I have to admit that I sometimes admire the ingenuity of some of the crypto hackers/exploiters who get jobs in this new world. Taking OpenSea's "pending order vulnerability" as an example,

There is an issue between OpenSea and Rarible, another NFT trading platform, "If you don't properly delete NFT pending orders on OpenSea, this issue will be exploited."

If the seller lists an NFT product for sale and later decides to delete the pending order, the correct way is to pay a Gas fee to cancel it. If the user simply transfers the NFT to a different Ethereum address in order to save the Gas fee, although OpenSea's front-end pending order is not displayed, but when the NFT is sent back to the original address, it can still be purchased on Rarible. The loophole was exploited because some NFT owners were unaware that their old sale listings were still valid. When the price of a certain NFT was inflated, the prices of these old pending orders remained unchanged, and were discovered and purchased by hackers. This has resulted in multiple expensive NFTs being shed for rock-bottom prices."To give a specific example, an attacker paid a total of $133,000 for 7 NFTs, and quickly sold them for $934,000 in ETH. Five hours later, the ill-gotten gains were sent away through Tornado Cash, a fully decentralized non-custodial protocol that allows users to conduct private transactions in the cryptocurrency world."mix

Service to prevent tracking of funds on the blockchain.

In other words, by trying to be helpful and telling users to unlist vulnerable, the marketplace is providing exactly the information criminals need to automate their attacks.

An illustration taken in London on December 30, 2021 shows a gilded souvenir.

secondary title

size and scope

Not all frauds are particularly sophisticated. So much money has been lost to very basic frauds like project runaways where an innovative cryptocurrency engineer announces the release of a fabulous new digital asset that will do amazing things in the future. In the next period of time, the value will increase by 100 times and other magical expectations. The public will respond enthusiastically and invest a lot of cash. At this time, the issuer will disappear, and their website, Telegram chat history and fake LinkedIn profile will be deleted by the way. Once the public opened the box containing Schrödinger's cat, they would find it empty.

However, there are some fraudulent activities that take more advantage of the nature of the new infrastructure. "Honeypot technology" is such an example. In the honeypot, the programmers of the smart contracts that control the new tokens insert backdoor code to ensure that only their own wallets can actually sell them. Everyone else who bought tokens found their money stuck in a honeypot while scammers who created smart contracts could cash out at any time.

When it comes to honeypot technology, we enter new territory. As a November report from Elliptic showed, many of the most high-profile frauds have flooded decentralized finance, or DeFi, with projects losing more than $10 billion to DeFi theft and fraud. In my opinion, this is just the beginning, as the ability to automate fraud in the DeFi space is a fascinating and terrifying development.

(Of course, automated fraud is not limited to the Web3 world. PayPal recently closed 4.5 million accounts and is lowering its forecast for new customers after taking advantage of their incentives. They offer $10 as an incentive to open new accounts, at this time , robots start plowing PayPal's fields, not employees. As I've always insisted, one day the IS-A-PERSON certificate will be the most valuable certificate of all).

When it comes to web3, the intersection of bug-ridden smart contracts, cryptocurrencies, and anonymity presents a whole new playing field for fraudsters, terrorists, and pranksters. The combination of automation and complexity presents problems that need to be addressed.