NFTs: A New Frontier for Money Laundering?
Non-fungible tokens are the latest craze in the digital and traditional art markets – can we mitigate the money laundering risks?
In 2021, non-fungible tokens (NFTs) have seen their popularity skyrocket. An NFT is a unique digital token which is used to represent an asset, usually digital artwork, a piece of music or an item in a computer game. The NFT can be held by its owner, traded, and sold for cryptocurrency or even real-world fiat currency, as occurred when the world’s most expensive NFT artwork was sold for $69 million in March 2021.
NFTs, especially for digital art, have come into existence for a number of reasons. First, they provide an unchangeable record of ownership for any item represented in a digital format. This concept is important because as more of the world moves online, individuals will increasingly want to ‘own’ assets in their digital environment. If desired, the owner of the NFT can also trace previous transactions to determine the origin of the item and prove authenticity. Second, NFTs provide their creators with the ability to earn royalties long after the original sale of the asset.
Both of these attributes make NFTs especially attractive to digital artists who want to prove the authenticity of their work and who in the physical world would only receive payment for the initial sale of their work. While these attributes may encourage more artists to move online, they might also encourage criminals and money launderers who abuse the traditional art market to do the same.
What are the Risks?
This technology can raise alarm bells from a money laundering and financial crime perspective. To start with, NFTs are most often purchased with cryptocurrencies on online marketplaces. Cryptocurrencies are routinely exploited for malicious means, such as obfuscating the source of criminal proceeds and, despite transactions being traceable, more sophisticated criminal actors use a variety of techniques to disrupt investigations by law enforcement.
A system of ‘know your customer’ policies and ongoing monitoring, similar to those used in the traditional art market and in compliant cryptocurrency exchanges, needs to be implemented
Along with the risks stemming from cryptocurrency usage, money launderers can exploit the trade and sale of NFTs in a similar way to which they exploit physical art.
In the real world, for example, an individual may attempt to replicate a famous piece of art and sell it as a forgery. Similarly to physical art, there are opportunities to forge NFTs. In March 2021, a hacker created a piece of digital artwork and put it up for sale on an online marketplace claiming it was a limited edition Banksy print. To add authenticity, the creator hacked into the official Banksy website and posted a link to the NFT. The token sold for roughly £244,000. In a final twist however, the funds were returned by the hacker following the sale.
An art heist is also possible within the NFT realm. Criminal actors can hack into user accounts on NFT marketplaces and transfer NFTs to their own accounts. After transferring the NFTs, the hacker can quickly sell the stolen token(s) and attempt to launder the proceeds.
The digital aspect of these tokens also provides room for other novel risks. During the creation process of an NFT, it is possible for creators to ‘hide’ information within the NFT. This hidden information could, for example, be about a newly identified security vulnerability in a piece of software with the NFT used as the transfer mechanism to share this information between two criminals parties.
Can These Risks be Mitigated?
Cryptocurrencies are regulated at the point of exchange to reduce the money-laundering risk. The same regulatory foundation can be applied to online auction houses for NFTs. Although the larger marketplaces are often linked to cryptocurrency exchanges, a baseline needs to be set for companies that want to focus on the NFT industry. A system of ‘know your customer’ (KYC) policies and ongoing monitoring, similar to those used in the traditional art market and in compliant cryptocurrency exchanges, needs to be implemented to ensure that the risk of money laundering is mitigated.
NFT marketplaces need to ensure that there is an option for two-factor authentication for consumers and confirm that cyber security measures are in place to protect against opportunistic hackers
The risks of NFT forgery and theft can also be mitigated. NFT marketplaces need to ensure that there is an option for two-factor authentication for consumers and confirm that cyber security measures are in place to protect against opportunistic hackers. In addition to the necessity of good cyber security, much can be learnt from how the traditional art market is regulated.
One solution that has been suggested is the development of a registry of stolen or fraudulently purchased NFTs. This would mimic the Art Loss Register, which in the real world lists stolen art and prevents its resale in legitimate auction houses. Some of the larger online auction houses for NFTs have already developed sections within their platform for tokens in which the claimed creator is verified.
With the development of guidance for KYC best practices, strong cyber security measures and a stolen art registry, many of the money-laundering risks of NFTs can be mitigated without restricting the growth of this new market. Implementation of these techniques will ensure that consumers can trade freely within the market without the fear of purchasing a forged NFT or having a token stolen.
The views expressed in this Commentary are the authors’, and do not represent those of RUSI or any other institution.
Have an idea for a Commentary you’d like to write for us? Send a short pitch to commentaries@rusi.org and we’ll get back to you if it fits into our research interests. Full guidelines for contributors can be found here.
WRITTEN BY
Allison Owen
Associate Fellow - Expert in cryptocurrency and counter-proliferation finance
Isabella Chase
Associate Fellow; Former CFCS Senior Research Fellow, RUSI