Beyond the Hype: A Large-Scale Empirical Analysis of On-Chain Transactions in NFT Scams
Wenkai Li, Zongwei Li, Xiaoqi Li, Chunyi Zhang, Xiaoyan Zhang, Yuqing Zhang
TL;DR
This paper conducts a large-scale, on-chain transaction-graph study of NFT phishing, addressing a gap in understanding how phishing events propagate within Ethereum-like networks. It collects and unifies data from security reports and phishing addresses across multiple platforms, constructs an undirected transaction graph with multi-protocol edges, and analyzes distribution, edge features, and interaction patterns. Key findings show phishing actors are a small minority but disproportionately present in transaction activity, often coordinating across ERC standards and targeting specific normal accounts with multi-protocol, multi-party transfers. The results provide concrete behavioral signatures and a foundation for graph-based detection and prevention of NFT phishing in real-world blockchain networks.
Abstract
Non-fungible tokens (NFTs) serve as a representative form of digital asset ownership and have attracted numerous investors, creators, and tech enthusiasts in recent years. However, related fraud activities, especially phishing scams, have caused significant property losses. There are many graph analysis methods to detect malicious scam incidents, but no research on the transaction patterns of the NFT scams. Therefore, to fill this gap, we are the first to systematically explore NFT phishing frauds through graph analysis, aiming to comprehensively investigate the characteristics and patterns of NFT phishing frauds on the transaction graph. During the research process, we collect transaction records, log data, and security reports related to NFT phishing incidents published on multiple platforms. After collecting, sanitizing, and unifying the data, we construct a transaction graph and analyze the distribution, transaction features, and interaction patterns of NFT phishing scams. We find that normal transactions on the blockchain accounted for 96.71% of all transactions. Although phishing-related accounts accounted for only 0.94% of the total accounts, they appeared in 8.36% of the transaction scenarios, and their interaction probability with normal accounts is significantly higher in large-scale transaction networks. Moreover, NFT phishing scammers often carry out fraud in a collective manner, targeting specific accounts, tend to interact with victims through multiple token standards, have shorter transaction cycles than normal transactions, and involve more multi-party transactions. This study reveals the core behavioral features of NFT phishing scams, providing important references for the detection and prevention of NFT phishing scams in the future.