Who Stole My NFT? Investigating Web3 NFT Phishing Scams on Ethereum

With the popularity of Non-Fungible Tokens (NFTs), the high value of NFTs makes them a target for phishing scammers, which harms the security and reliability of the Web3 NFT ecosystem. Despite the significance of this issue, there is a lack of systematic research in the area of emerging NFT phishing scams. To address this gap, we are the first to conduct a case retrospective analysis and empirical measurement study of real-world historical NFT phishing scams on Ethereum. We collect and publicly release the first NFT phishing dataset which includes 1,625 NFT phishing accounts and transaction records as of August 2023. We further categorize the existing scams into four phishing patterns and investigate their distinguishable behaviors. Then, we reveal the modus operandi preferences and economic impacts to characterize NFT phishing scams. We find that NFT phishers stole 67,188 NFTs, with a total direct selling profit of ${\$}$ 20.92 million. We also observe that scammers favor certain categories and collections of NFTs, coupled with signs of gang theft. Furthermore, we design a variety of account features for the classification task of NFT phishers based on empirical conclusions. Experimental results on real-world NFT transaction data demonstrate the effectiveness of these features in detecting NFT phishing accounts, and outperform traditional phishing detection methods with 41% average Precision and 44% average Recall.