French cyber-crime authority leverages ZachXBT’s research to apprehend NFT scammers
ZachXBT's investigation into a criminal group who allegedly stole $2.5M worth of NFTs helped French authorities identify and arrest its members.
France’s OCLCTIC cyber-crime authorities apprehended a group of five NFT scam artists for allegedly stealing $2.5 million worth of NFTs via phishing with the help of on-chain sleuth ZachXBT, according to an Oct. 12 press release by BFM crypto in association with Paris à l’AFP.
ZachXBT launched the investigation when holders of the limited-edition Bored Ape Yacht Club NFTs complained online about their lost Apes and posted the findings online, which OCLCTIC referenced to cohere with their own.
Those who came forward about the NFT fraud allegations include footballer Neymar, rapper Eminem, and TV personality Paris Hilton.
ZachXBT found that the phishing scams by the NFT scam group were carried out between late 2021 and early 2022. The scammers managed to steal their victim’s Bored Ape Yacht Clube (BAYC) and Mutant Ape Yacht Club (MAYC) NFTs by luring them into a website they built that masqueraded as a service that animates the static artwork from the NFTs.
Unwitting holders who provided credentials to the website ended up transferring ownership of their NFTs to the scammers.
Twitter user Dilly Dilly was phished for his BAYC #237 NFT on Dec. 13, 2021, when he approved a transaction via the website, which he believed would produce an animated version of his NFT artwork.
His NFT was stolen from his wallet and ended up in the hands of the scammers afterward. The scammer then sold the NFT on OpenSea for 47 ETH or $176,000, according to ZachXBT’s blog post detailing the investigation and a tweet by Dilly Dilly.
An additional four victims also lost their blue-chip NFTs in a similar fashion, their losses amounting to $1.7 million at the time.
ZachXBT identified mathys.eth address as the wallet address used by scammers to conduct NFT thefts and move the stolen funds. The funds generated from selling their victim’s NFTs were deposited into the mathys. eth address and then mixed on Tornado Cash.
The scammers “carefully” withdrew 10 Ether in intervals during the thefts but “were not careful about covering their tracks” when withdrawing from Tornado.
The five NFT scam artists are now facing charges, including fraud committed as part of a criminal gang, concealing fraud, and criminal association.