An attacker was able to gain control over the site of famous street artist Banksy, then holding a fraudulent NFT auction. The attacker returned the money, however. During the auction, a fake non-fungible (NFT) token of Banksy’s work was up for sale. The work was eventually sold during the auction for $336,000. The hacker has since returned the cash after the move that was likely meant to make a statement on NFTs rather than for financial gain. The incident has delivered a lesson on new emerging cybersecurity threats posed by the sale and auction of NFTs.
When a collector purchases an NFT, it does not give ownership or copyright over the image itself. Instead, the owner purchases a piece of the item in a form of a “token” that is recorded forever on its blockchain. An anonymous British collector who goes by the name Pranksy was willing to offer 90% more than the second-highest bidder for the Banksy NFT. Pranksy allegedly confirmed the URL and PC and mobile before bidding, and only did so because it was hosted on Banksy’s site. They realized after placing the bid that it was likely fake.