ACFE Insights Blog

Fraud Perspectives: Nonfungible Tokens

While NFTs offer numerous benefits, such as increased security and unique ownership, they also present new fraud risks. Understanding these risks and how to mitigate them is essential for organizations that are considering investing in NFTs. 

By Kate Pospisil, CFE May 2023 Duration: 4-minute read
Please sign in to save this to your favorites.

In the third webinar of the Fraud Perspectives series, presented by the Association of Certified Fraud Examiners (ACFE) and The Institute of Internal Auditors (IIA), Mason Wilder, Research Manager at the ACFE, chatted with Kishan Patel, CIA, CITP, CPA, and Chris DeAngelis, CFE, about nonfungible tokens (NFTs) and their role in the current anti-fraud landscape. A confusing and often abstract concept, NFTs have made headlines recently as an innovative new technology with the potential to revolutionize various industries. While NFTs offer numerous benefits, such as increased security and unique ownership, they also present new fraud risks. Understanding these risks and how to mitigate them is essential for organizations that are considering investing in NFTs. 

What is an NFT? 

NFTs are assets that have been tokenized via a blockchain, and these digital, programmable transactions on the blockchain allow anyone to see the transaction flow. Following the digitization of many aspects of our daily lives, NFTs offer a way to tokenize anything of economic value, including branding and marketing, loyalty and rewards programs, event tickets and passes, identity and access management, data management and more. NFTs are considered more of a collectible asset than a security, and anything that can be put into a smart contract can be used for NFTs. 

Fraud Risks Associated with NFTs 

Several primary fraud risks are associated with NFTs, including money laundering, fake or counterfeit NFTs, intellectual property theft, shilling (multiple parties colluding to pretend interest to drive price) and cyber theft in general. Additionally, the burden of proof on art ownership is low, making it difficult to authenticate and prevent theft. Furthermore, rug pulls and airdrop scams are two common NFT-specific schemes that raise a new set of challenges for both auditors and fraud examiners. Rug pulls involve developers hyping a project to attract investors, then the scammer disappears with the invested funds. Air drop scams involve the promotion of a user receiving an exclusive NFT drop that requires them to connect their digital wallet, which is then drained. 

One of the main challenges of NFTs for auditors and fraud examiners is how to assess their value on a balance sheet. Experts suggest looking at comparable assets in the marketplace, contract history, the price people are willing to pay, rarity of the asset and whether an NFT has held its value since its original purchase. Without regulatory guidance, it is difficult to determine the actual value of an NFT. Additionally, the vast array of applications for NFTs makes it challenging to define regulatory guidance. 

Despite their perceived security with transaction histories available on a public blockchain, both Patel and DeAngelis agree that the potential for fraud risks is always present when dealing with NFTs. According to DeAngelis, “It’s hard to define something at the beginning of its lifecycle as truly good or truly bad … if there’s a way to use it [badly], it’s probably going to happen.” Patel added, “Permissionless, trustless technology … will always be susceptible to bad actors.”  

Controls and Best Practices 

The volatility of cryptocurrency is a significant red flag that may indicate that an NFT is being overvalued. Auditors should verify how the value is being claimed and whether that value has held, increased or dropped over time. A further cause for concern is the lack of required control, cooperation and compliance regulations, which make NFTs susceptible to many forms of manipulation. 

Implementing standard best practices is a critical step in controlling NFT fraud risks. Good know-your-customer (KYC) practices, continuous monitoring of digital wallets and regular digital wallet hygiene are essential controls to mitigate fraud risks. An extra layer of identification in the creation of a wallet, such as multi-factor authorization, and transacting in a safe environment is highly recommended.  

The Future of NFTs 

Entering the NFT space from a fraud-fighting perspective requires a foundation of understanding from blockchain to crypto to NFTs. To get started, consider taking blockchain courses, understanding smart contracts, picking up coding skills (especially Python) and building a foundation of understanding — you need a solid beginning to successfully advance in an evolving NFT environment. 

New experts are emerging who have gone through specific training to help auditors navigate NFTs and blockchain technology. For instance, "Know Your Meme" uses proprietary tools and investigations to determine the creators of memes, which can help prevent intellectual theft. Determining the underlying currency that supports an NFT and monitoring the lifecycle of the NFT itself (collectible or art) can also aid auditors in navigating the NFT space. 

NFTs have numerous potential current and future use cases, including branding and marketing, loyalty programs, customer engagement with "techiness," commercial and mainstream applications, and the increase of digital money becoming the norm. 

In conclusion, while NFTs might ebb and flow in use cases moving forward, as they have since their inception, they also present a unique set of fraud risks that organizations, auditors and fraud examiners must be aware of. 

This webinar was originally broadcasted on May 10, 2023.