📸 Serial NFT Scammer Caught In 4k 📸 - Nansen's Weekly Alpha Leak

GM explorers!

Welcome to The Map and the Territory, Nansen’s weekly alpha leak newsletter where we try to cut through the noise – the headlines, the tweets, and the mania – with onchain data in an effort to surface actionable signal.

This week we’re taking a look at a serial NFT scammer who has earned hundreds of ETH with shady launches. Let’s dive in!

Scammers Abound

Where is the alpha in the market right now?

There’s a handful of upcoming events that are playing catalyst to healthy sector-based bounces. The “LSD” trade (liquid staking derivative) has pushed governance tokens for decentralized ETH staking projects sharply upwards, with LDO, SWISE, and RPL all wildly outperforming on a monthly basis.

Indeed, Smart Money is a fan of LSD, with SWISE in particular sitting at or near its highs in Smart Money Balance:

Likewise, a few other merge-based plays such as ETC are performing well, and emerging projects like SudoSwap and GMX are still capable of catching narrative tailwinds on soaring TVL and technical innovations. We covered GMX in our last newsletter, and Sudoswap’s XMON (the ticker/name incongruity would take too long to explain) speaks for itself:

Aside from these bright spots, however, traders are sailing in choppy waters. NFTs are largely listless, with buzzy new drops such as Tiffany’s physical and digital hybrid effort dropping below 30 ETH price floor tag just after launch. Smart Money seems content to bunker in stables and major assets as well:

‍Want to track how top-performing Smart Money wallets are playing the bounce? Sign up for a Nansen plan today!

However, as the headlines have shown us, there’s still one guaranteed way to make money in an uncertain market: crime!

First, the week started off with a $190 million hack of the Nomad bridge, and then the industry followed-up with a $6 million exploit of a Solana-based wallet which initially looked to be catastrophic, but was ultimately attributable to remarkably poor private key storage. The moral of the story is that hackers can make bank in any market conditions.

That fun little adage brings us to the topic of our newsletter this week. While the major hacks are the ones that get the most attention, in the background there’s smaller grifts and grafts running nonstop.

Take, for example, 0xce9b3df5a8c29bcac8196350ed3290417e849c07, a wallet spotted by Nansen’s very own Onus_tools.

The address first came to Onus’ attention when tracking a surge in volume for The Saudi Okay Bears, a derivative of a derivative project, The Saudis. Note this “derivative of a derivative” element will turn out to be a pattern.

Onus spotted that The Saudi Okay Bears had over a hundred ETH in volume earlier this month. Turns out, the volume was largely attributable to a single wallet, 0xce9b, moving 10 ETH between wallets to facilitate the high-priced buys. Attracted to the volume, “real” buyers stepped in over the next two days.

Onus then found that the contract deployer for The Saudi Okay Bears was funded by the contract deployer for another collection, The Turkish. THAT address was in turn linked to two other collections, Ryder Ripps MAYC and “citiesto” – a collection for which he changed the mint price halfway through, charging a fee though the website initially said it’s a free mint. Clearly this is a serial offender who makes knock-offs of knock-offs.

In all cases the modus operandi is the same: creating a Twitter, OpenSea, and website (note: rarely includes a Discord so there’s no pesky community to deal with). Twitter comments for these collections often note he’s stolen generative art from Instagram and other sources. Makes money with the mints, but also on secondary sales after propping up volume.

Onus’ real breakthrough in this investigation was looking into the metadata for the individual NFTs in each collection. There, he found that this serial scammer reuses an AWS bucket to store the data on the NFTs. Based on that, this scammer is responsible for at least two dozen collections:

A conservative estimate of their profit from mints and secondary sales is at least 1000 ETH.

NFT mints are one of the few places where you can still wring alpha out of this stingy market, but when you find a serial criminal like this on-chain, it’s a sobering reminder to conduct some due diligence before aping.

Odds And Ends

This week, our Office Hours Youtube show played host to none other than the Token God himself, Nansen CEO Alex Svanevik. Give the show a watch, and check out a summary from our intern Kate below!

That’s all for this week, explorers! As always drop any questions or comments to me at andrew.thurman@nansen.ai