The curious world of NFT’s and associated ML/TF risks

Hint - This will be a relatively longer read for you

At the drop of a hat I see so many occasions where people believe that NFT's are the perfect vehicle for money laundering as there is no real value in those odd Ape images to start with. It’s very comfortable to make judgement on anything new, specially a new technology. I decided to dig deeper into this space and spent almost a complete week (last week and hence a slight delay in this article) working on a small project which started from a concept, then the imagery, followed by development and then the roll-out. I can say one thing for sure, we are living in an exciting time, same as what people might have felt when internet was becoming mainstream or we moved to the Google and Facebook world.

Basics of NFT

Now let’s go back to the odd Ape images I was talking about.The image on the right was sold for 769 ETH (or approximately $2.3 million). You may wonder why would anyone pay such a huge amount for an art which does not feel like a Rembrandt or Picasso? There are several factors which play a role. In the NFT space there is something what you call a “rarity”. This image, for example, is from a collection “Bored Ape Yacht club” which consists of 10,000 NFTs. Now imagine if you get hold of a NFT from this collection which is one of the rarest ones, you may pay a good price to get hold of it, right (of course if you have a fat wallet😉)! The question arises why would you select this project and what determines rarity. On the first topic, I can simply say its all Marketing and also some utility/benefits attached to being an owner of this “prestigious” collection. I do want to dig deeper on the “rarity” part.

Every image or NFT has what you call a “Property”. This percentage shows how many other NFT’s in the same collection have the same set of properties. Now closely look at the comparison image below and guess which property group (yellow or blue) may be rarer than the other?

I hope you guessed it right 😁. The property group in “blue” represents a much rarer NFT because the attribute “Trippy” is linked to only .77% of the NFTs in this collection. Moreover this NFT has only 4 properties (with a low percent) as compared to the one on left which has several properties, all having relatively high percentage. To complete the circle, blue encircled property belongs to the Ape I shared earlier (ranked 9 in the collection). The yellow properties belong to an Ape whose rank is 9999 in the collection! I hope by now you get the point why some NFT’s are sold at such a high price as compared to others in the same collection. Keep in mind that the marketing and hype around this collection was so much (including some celebrity endorsements) that even the least rare NFT (with rank 9999) was last sold for 77 ETH or approx $275K two months ago.

Follow the money…

You may be wondering, how do I know all these details about when a particular NFT was bought and for how much etc. This is where block chain comes in. Every NFT, when it’s created, is recorded on the block chain. Basically it means from a simple image sitting on a server, the NFT gets it’s own identity assigned on the blockchain and then further linked to an address of a person who minted the NFT.

In our classical ML/TF investigations, we have a saying “follow the money”. It’s nothing different in the NFT, but I must say, it is much more open and transparent (to an extent) as compared to the classical fund movement. Let me now elaborate on how you can follow the money for a particular NFT.

Some terminology clarifications:

1. Our classical bank account equivalent are are referred to as “address” on the blockchain. I will be using address going forward;

2. The transaction amounts are not in classical $ or € but in ETH (Ethereum) and it’s current value is approx 1 ETH = $2400.

3. A big disclaimer - I am only using the Bored Ape collection to demonstrate the fund movement and in no way a suggestion that there is any laundering involved…

With the “important” disclaimer and terminology out of the door, let’s start getting a bit deeper. There are several market places where NFT’s are bought and sold, but underneath they either use Ethereum, Binance, Solana etc. networks. In this example let’s try to follow who/how/when the ownership of the NFT’s transferred/sold etc. When you check the OpenSea link for this rare NFT, you will notice an address “0x79782b0ae9b71cff36bb32b4ef0935fd3c190350 (say A1)” purchased this NFT almost 6 months ago. If we look at the transactions of this address (around the same time) an incoming transaction of approximately $4 million (or 1500 ETH) was noticed.

Going further deep and analyzing the fund movements of the funding address 0x21faa7406de0e6f99c313375b4e0dcad3ea38e2a (say A2), you see that 1500 ETH (exactly the same amount) was credited from another address 0x1f4678082b9edefde441be43b4d0dab17c302bd3 (say A3). As the balance of this address was not significant during the time, we need to go a back in time to look at incoming transactions on this address. There are some significant ETH deposits on this address as listed below -

As there are several of them (all coming from the same “from account”), let’s try to dig deeper into the 2643.78 ETH deposit. This deposit comes from another address 0xd52055a39a3d2f7505c739f981f296ea31b50191 (say A4). This chain goes deeper and deeper and eventually I came to a possible end of the chain to an address 0x079495cf40e8dd9b1bdd78046950364ec3c9557c (say A5) where you will notice a lot of incoming transactions from Coinbase and Gemini (crypto exchanges).

As I have been highlighting in my previous articles (particularly Crypto currencies - take a step back in the current context), funds (as in cash) primarily enter the crypto world via these exchanges. These exchanges perform (or should ideally perform) a thorough KYC while onboarding their clients and hence we can safely say that from a random set of numbers (blockchain addresses), we can trace all the way to who might be behind these addresses.

The complete chain now looks as listed below :

Coinbase / Gemini -> A5….A4 -> A3 -> A2 -> A1 -> NFT

With the above example, I just tried to demonstrate that using blockchain explorer you can simply navigate through, starting from a NFT all the way to the source of funds (stopping just short of knowing who is behind the funds at an exchange). As a FI, if you have sufficient doubts, you can reach out to the respective exchange and fetch information about the person (or company) behind these unknown addresses. It’s really a game changer as compared to cash exchanging hands and going from one unknown person to another unknown person!

ML/TF risks in the NFT space

If you are a crypto exchange or a FI who wants to track exposures to laundering using NFT’s, there are a few things you need to take into consideration.

1. The real value - This is the most difficult aspect in the NFT space. However there are a few things which can help in judging whether it’s a legitimate “high value” project. Generally, popular NFT’s are driven by communities. You can follow their discussions on Discord or Telegram. If there is no community and the prices are still sky rocketing, look at the utility. For example some offer exclusive real life memberships, other have benefits in high profile games, some offer passive rewards etc. , making the NFTs interesting for investors (as they look for future value). If none of these ring a bell then the values may have been inflated out of proportion to hide something odd underneath. You may want to start thinking about a suspicious angle and explore the addresses buying/selling the NFTs and possible linkages between them.

2. Addresses involved - In a few clicks you can create a new address on blockchain. This makes it very easy to disguise who really owns a NFT because the ownership can be moved from one to another as and when required. On the other hand, every transaction is recorded on blockchain so no matter how deep the transactions go, you can always dig deeper. There may be a legitimate reason to do so, but if you see nested transactions underneath, involving a lot of addresses where funds go back and forth, you may want to do some deep dive.

3. Instant hit - If a NFT is created for the sake of just cleaning dirty money, it is very likely that after the initial launch (mint process) there is a high volume activity followed by silence (or may be vice versa… similar to traditional behavior based scenarios). There is a reason why I mention this. It takes time to gain popularity (probably 6-8 months) before a NFT becomes a success and gets good value. You can analyze this by accessing the top NFT projects on OpenSea and look how much duration it took from the initial mint to reach their current value. Anything which follows an awkward path may be too good to be true and possibly requires attention.

4. Is it your problem? This is a key question you need to think about. Regulators and law enforcement follow the money. If the money trail leads to an NFT being bought or sold, a back-tracking will be done and all the exchanges and FI’s (banks, PSP etc.) in the chain will be requested to demonstrate whether they were able to identify any suspicious funds movements in/out leading up to these NFTs. Of course NFT’s may be the last in a chain (or first depending on how you follow the money trail) but the responsibility to detect potentially odd fund movement (fiat currency as it’s known in the crypto currency world) linked to laundered cash will always be the responsibility of the party who allowed the fiat to enter (or exit) the crypto world. So be extra cautious and be aware that your involvement can be too deep, but something you cannot ignore. So it is your problem and you need to get your house in order.

I have listed just some pointers to give a hint what you are up against and what you should be thinking about.

Conclusion

I can go on an on but I need to conclude. I hope you had the time and patience to read all along and I added some value to your knowledge repository 😊. Please do bear in mind that I have tried to make things super simple for any type of reader to understand this “secret world”. It does go quite deep once you start exploring the nuances. Having said that, I have also demonstrated how you can easily track the fund movement right from a NFT to almost the end point (at an exchange for example). This is all public information, giving power to you as a normal user to perform a deep dive and investigate to the extent you want. This is one of the strongest arguments in favor of cryptocurrencies and NFT’s where anonymity can only take you so far. Eventually your trail will end up at an exchange or a FI. With some good collaboration, identities of these supposedly “unknown” addresses can be revealed in no time.

Have your investigations revealed any links to NFT’s being involved. If yes, what did you find out or what can you suggest to fellow investigators? I will be very interested to know more.