When a global artist like Banksy appeared to have advertised a link on his official homepage in August 2021 to an online auction of his work, it is unsurprising that his fan base jumped at the opportunity of bidding. The winning bid of $336,000 was from a British collector, known on Twitter as Pranksy, and was for a digital piece entitled Great Redistribution of the Climate Change Disaster, which was thought to be Banksy’s first Non-Fungible Token (””NFT”).
By way of brief explanation, NFTs are digital assets which represent real-world objects, such as art and music. They are bought and sold online, typically using cryptocurrency, and are verified through blockchain. NFTs have been available since around 2014 and are typically one of a kind, or at least part of a very limited run, each with unique identifiers. In recent years, many artists have produced NFTs, with some selling for significant sums of money, such as CryptoPunk #7523 for $11.8 million, and we note that the NBA, for example, has even produced digital trading card collections.
In terms of the supposed Banksy NFT, it is perhaps significant that a few days prior to the apparent auction, a professional ethical hacker at Palisade seemingly made several attempts to warn Banksy’s team that his website was vulnerable to cyber-attacks. Soon after the auction concluded and the collector had paid for the NFT using cryptocurrency, the webpage was deleted from Banksy’s website and the artist’s team confirmed that Banksy in fact had no affiliation with the NFT or the auction. After much speculation and coverage from the media, by the end of the day, the fraudster had apparently refunded all but the transaction fee to the collector.
Although the fraudster’s identity and reasons for returning the funds remain unclear, there has been speculation that the scam was orchestrated by the ethical hacker to prove a point as to the vulnerability of the website.
As the popularity of NFTs and their associated sales, which are thought to have exceeded $2.5 billion this year alone, continue to rise, so do their vulnerabilities and the resulting opportunities for hackers. The Banksy incident is unfortunately not an isolated case in terms of cyber-security issues and NFTs, with other examples including entire NFT collections having been hacked and stolen in a matter of minutes.
In addition to highlighting the vulnerabilities with NFTs themselves, the incident provides a salutary reminder as to the need to investigate vulnerabilities raised by ethical hackers. In Banksy’s case, it is not clear whether the ethical hacker’s concerns were investigated or not.
However, we have advised clients previously who have ignored ethical hacker concerns and who have gone on to suffer cyber-incidents. As such, where businesses are alerted to potential vulnerabilities, it would seem prudent to investigate and, where appropriate, to remediate and mitigate risk.
