On June 8, 2022, Devin Finzer, the co-founder and CEO of OpenSea, the world’s largest NFT marketplace, pledged to double OpenSea’s efforts to fight fraud and plagiarism.
Scammers frequently look for ways to defraud NFT project creators. One area that is endemic for NFT scams is NFT promoters on social media. While we cannot quantify the amount of money lost in NFT promoter scams as no open-source data set tracks that figure, analysts found multiple NFT promoter scams over our research. For this brief, we identified how people running NFT promoter scams operate and provided some strategies to help mitigate risk in the NFT space.
Our Use Case
Twitter, which has 330 million active monthly users, is frequently used by people involved in NFT promoter scams.
A person involved in an NFT promoter scam often pays for a Twitter profile with an established history and tens of thousands of followers. Our research suggests that those followers are mostly bots. One NFT promoter running a scam that we identified is Spoogy_NFT.
Spoogy_NFT set up his Twitter account to make it appear as legitimate as possible. First, he has a Bored Ape Yacht Club (BAYC) NFT for his profile picture. A BAYC is worth about 135k USD. In addition, Spoogy_NFT lists himself as a Marketing Manager, and he claims he owns the 4,232nd BAYC NFT.
However, scrolling through Spoogy_NFT’s tweets shows that he has only tweeted 190 times, despite having an account with Twitter since 2011.
In addition, Spoogy_NFT has no public interaction on Twitter, which indicates Spoogy_NFT likely purchased his Twitter profile.
With our suspicions heightened through reviewing Spoogy_NFT’s social media activity, analysts reached out to him on Twitter to see what he charges for using his services.
Spoogy_NFT told us that he charges 0.222 ETH, which is, at the time of writing this brief, around $390.47. He also claimed to be well-connected in the NFT community. Spoogy_NFT said, “From the Telegram communities, I’ll bring people that will buy into your project, people I worked with before and with who I had good results as well. I want to be straight with you and let you know that I’m here to stay for the long term and not just for some posts, meaning unlimited time collaboration. I would like to make your project known in the NFT’s communities where I have influence as soon as possible so let me know when you are willing to start cooperating with me. I’m waiting for a feedback from you and hope we can get started!”
We told Spoogy_NFT that we would agree to his terms. However, when we asked him to sign an NDA before receiving his marketing services. Spoogy_NFT said, “Sure, but I’m not opening any file for security reasons.”
Spoogy_NFT said that we could send the NDA in a Jpeg format, and we would edit it and send it back. He wasn’t willing to go outside of Twitter for communication, suggesting a significant lack of transparency, which analysts note is typical for cybercriminals.
Because we wanted to identify more about how Spoogy_NFT’s scam works, we agreed to send him some cryptocurrency for his services. Spoogy_NFT provided us with his Bitcoin wallet address.
When analysts input the Bitcoin wallet address into an investigation tool, there was no history of transactions—having no activity with a wallet address for a person that does NFT promotions is exceptionally unusual. When we asked for a different wallet address, analysts continued to find no transactions to review. These findings suggest that Spoogy_NFT sets up a new wallet whenever he finds someone to defraud.
As we looked further into Spoogy_NFT, he had no digital footprint on the open web outside of Twitter.
We wanted a deeper analysis of Spoogy_NFT’s Twitter profile, so we used Sparktoro, which analyzes Twitter accounts for fake followers. Sparktoro returned results that show that 63.3% of Spoogy_NFT’s Twitter followers are fake.
Since the writing of this brief, Twitter suspended Spoogy_NFT’s profile.
Overwatch spoke with someone that Spoogy_NFT defrauded. That individual mentioned how Spoogy_NFT’s initial approach was “very professional,” but after he sent money to Spoogy_NFT, he was blocked from communicating with him. The victim said they were convinced that Spoogy_NFT was a legitimate promoter and that’s how he had set up his profile was persuasive. Because of that, the victim did not research Spoogy_NFT.
Analysts note that Spoogy_NFT is just one NFT promotion scam we identified. However, for the sake of brevity, we are only including one use case.
Things You Can Do and What to Look Out For
A basic Google search of a Twitter username or NFT can tell an investigator or consumer a lot about a project. If there is no digital footprint outside of one social media platform, that should give more cause for additional research.
If a Twitter account has tens of thousands of followers but only retweets profiles and doesn’t interact publicly, it suggests a lack of transparency from the account holder.
If the user tells you they want to conduct all business through direct messaging in conversation with the Twitter account holder, it further confirms a lack of transparency.
If you search the wallet address on a website like blockchain.com, and the wallet comes up with no transactions, it indicates that the person may be opening a new wallet each time they defraud a victim.
Additionally, you can copy and paste the Twitter handle into sparktoro.com to get an analysis of the profile’s fake followers.
While Twitter suspended Spoogy_NFT, he could immediately purchase a new Twitter account and begin scamming victims again. Until Twitter has more robust security measures to identify bots and cryptocurrency scams, users like Spoogy_NFT will continue exploiting Twitter’s vulnerabilities. Twitter will likely not allocate significant resources to a problem like NFT promoter scams until a data set tracks how much money people are losing to this scam.
Additionally, with Twitter suspending Spoogy_NFT, he is likely to be more cautious with his criminal activity in the future. Analysts also assess that as the cryptocurrency market and NFT projects expand, cybercriminals will continue to identify loopholes and weaknesses to defraud their victims.