NFTs and Surging Crimes – How Shufti’s AML/KYC Solution Can Secure The Digital Ecosystem

Non-Fungible Tokens (NFTs) are by far one of the most popular topics right now. Artist Mike Winkelmann, better known as Beeple, sold one of his works as NFT at Christie’s for $69 million in March 2021. He became one of the top three most valuable living painters as a result of the transaction. In January 2022, less than a year later, the leading NFT marketplace OpenSea began the year with an NFT trading volume of over $5 billion. This is the same as the entire year of 2021. Since then, it’s safe to conclude that NFTs are no longer considered specialized. Maybe, but one thing is certain: NFTs are here to stay. 

Digital currency’s decentralized nature and anonymity factors make it appealing for a variety of reasons, but it also makes legal monitoring difficult. NFTs are frequently utilized as a digital tokenized version of a physical item and are just like traditional high-value assets prone to money laundering and other financial crimes. In addition to this, NFTs’ are more vulnerable to crimes, thus they are merely another route that criminals to wash their illicit gains.

The Rise of NFTs and Financial crimes 

NFTs are digital tokens used to represent an asset. The word ‘non-fungible’ alludes to the asset being one-of-a-kind, and the token aspect relates to the asset’s ownership being maintained on a digital, decentralized ledger known as blockchain technology, such as the Bitcoin blockchain. The blockchain keeps track of ownership in the same manner that an actual piece of the physical asset would. In addition to this, there are significant risks associated with NFTs, just as there are with other financial assets. These dangers affect both customers, sellers, and government agencies.

Buyers must be certain that the NFT they are purchasing is genuine and comes from a reputable seller. NFTs are a target for cybercriminals, and sellers must be aware of this. Fraudsters may forge an NFT and sell it as legit, just as they would a genuine piece of art or other high-priced assets. Furthermore, both buyers and sellers must be mindful of the risk of sophisticated hackers compromising NFT marketplaces or personal accounts and transferring assets to their own accounts before selling them.

Moreover, one of the most common concerns regarding NFTs is that anyone can effectively ‘right click and save’ the NFT itself, making a duplicate for themselves. While this does not give hackers ownership of the NFT, they may still be subject to copyright rules they use. 

However, despite the heaps of benefits NFTs have emerged with, the rise in popularity of NFTs is becoming the catalyst for money laundering and financial crime. NFTs are frequently purchased using cryptocurrencies, and the concerns of money laundering that cryptocurrencies represent have been extensively reported. Money launderers use virtual currencies to hide the source of bogus transactions and frequently generate, purchase, and trade NFTs to add further complex layers to the money laundering process, similar to how they abuse real-world assets.

Star Loses $500,000 NFT After Hackers Manipulated Rarible Market

Cybercriminals took advantage of a now-fixed design defect in the Rarible NFT marketplace to steal a non-fungible token from Taiwanese musician and actor Jay Chou and sell it for around $500,000. That’s according to CheckPoint, which warned on Thursday that the flaw could have been used by criminals to take complete control of victims’ marketplace accounts and their assets. 

However, when Roman Zaikin, Dikla Barda, and Oded Vanunu studied the security flaw, they discovered that fraudsters may entice consumers to click on a link to malware NFT, allowing them to seize control of their marks’ Rarible accounts utilizing the EIP-721 standard. This includes a function called setApprovalForAll, which is typically used to track and transfer NFTs. According to CheckPoint, this function authorizes who can control a user’s tokens and is intended largely to allow third companies like Rarible and OpenSea to control tokens on behalf of users.

“By design, this function is exceedingly dangerous because it may allow anyone to manipulate your NFTs if you are duped into signing it,” the trio of researchers warned. “Users aren’t always sure what permissions they’re giving when they sign a transaction. The victim frequently believes these are routine transactions when, in reality, they are handing away control of their own NFTs.”

These types of transactions are commonly used in phishing attacks, but they become even riskier when an NFT marketplace is involved. The rail allows anyone to produce and sell art, which can be anything with a PNG, GIF, SVG, MP4, WEBM, or MP3 file extension with a maximum size of 100MB, according to the threat hunters.

FATF Guidance for NFTs to Combat Financial Crime on the Horizon

As  NFTs are not formally regulated, governments or international financial watchdogs may impose legal responsibilities. These could include “know your customer” checks, to verify the true identities of the buyers and sellers along with the ownership of the assets. In addition to this, as the NFTs are being widely used for money laundering such assets are also becoming subject to Anti-Money Laundering (AML) regulations as well as  European Markets in Crypto-Assets Regulation (MiCAR).

However, the legality status of NFTs has yet to be determined, and there is still uncertainty as to whether an NFT may be classified as a security under Financial Conduct Authority guidelines. Thus,  Financial Action Task Force (FATF) has recognised the need for additional clarification on NFTs. Its recent guidance the concerns regarding when and how government or regulatory authorities should recognise or regulate NFTs as digital assets.

According to the FATF’s NFTs guidance, they have not considered the digital assets due to their diverse use, yet their evaluation is need to be done on the basis of cases.

“Some NFTs that on their face do not appear to be virtual assets may fall under the virtual asset definition if they are used for payment or investing purposes in practice,” States FATF.

The FATF wants to see a strategy based on the actual use of NFTs rather than the technology. Those interested in NFTs are now faced with the task of determining which NFTs fit the FATF functional definition of a virtual asset. If the definition is met, then compliance and monitoring requirements must be met. This will necessitate a risk-based approach to avoid undesired customer transactions and guarantee that any suspicious instances are quickly reported. Regulators will require those working with NFTs to be proactive in their risk management.

How Shufti Can Help

Shufti’s state of the art identity verification and anti-money laundering screening solutions are ideal for NFTs service providers as it allows them to determine the real identities of the customers along with the legit ownerships of the digital assets. Other than this, the AML solution powered by thousands of AI modules screens customers against 1700+ global financial watchlists. Apart from AML background screening, according to FATF’s guidelines and suggestions businesses need to comply with KYC compliance. To ensure that, Shufti’s all-in-all ID verification solution is an optimum option.

Want to know more about KYC/AML solutions for the NFTs market?