NFT marketplace fraud: drainer mints, impersonation, and tracing sales
Common fraud templates
Lookalike domains: OpenSea clones with one-letter typos in the hostname.
Fake “exclusive” mints: Discord bot compromises posting malicious links.
Stolen art drops: Minters misrepresent provenance; buyers discover resale bans later—not always recoverable funds, but sometimes traceable proceeds.
P2P OTC “escrow” NFT trades: Smart contracts that never release as promised.
Why victims lose both NFTs and residual tokens
Many drainers request setApprovalForAll on collection contracts plus ERC-20 allowances in the same session. A single misleading signature can empty wallets. Afterward, attackers often sweep through automated routers. Speed of first response matters; see preservation.
Platform takedowns and on-chain leads
Marketplaces can delist collections and freeze some metadata hosting, but on-chain ownership remains until transferred. Investigators correlate royalty recipient addresses, deployer EOAs, and funding wallets used for gas. Those correlations feed tracing reports when CEX off-ramps appear.