Sleepminting, the brand new frontier of Non Fungible Tokens fraud

Abstract

Non Fungible Tokens (NFTs) are becoming a standard to represent unique and valuable items, such as a piece of art, a videogame item, or other digital or physical goods, and keep track of their provenance. Thanks to blockchain technology and the power of smart contracts, NFT holders have true ownership over them, because they are the only ones who can transfer them. However, through an attack called sleepminting, an attacker is able to impersonate another person, including an artist, and create NFTs on the artist's behalf, while still maintaining its possession, leveraging bugs in the code of the smart contract that manages the NFTs. Therefore, the attacker can cheat concerning the provenance of an NFT and then sell the fake NFTs to unaware buyers. In this paper, we propose a study that sheds light on this phenomenon. In particular, we collect over 1.3 million events that are connected to sleepminting and analyse the events under multiple aspects. The study uncovers that, by using the sleepminting attack, some users are able to create fake NFTs of popular brands, and are able to mint them to famous personalities in the NFT field, such as well known artists and collectors.