French authorities say they arrested a cyber gang of young people who stole $2.5 million in NFTs


Five suspected crypto scammers were indicted yesterday in Paris for an audacious phishing scam, according to a statement from the France Media Agency (Going through BFM Crypto). In total, the scammers are accused of stealing and reselling blue chip NFTs totaling $2.5 million to at least five victims.

Two are accused of making the phishing site that facilitated the thefts, said Christopher Durand, deputy head of France’s cybercrime authority. Three others are accused of managing the advertising and money laundering aspects of the scam. The five suspects are between 18 and 24 years old and come from Paris, Caen and Tours.

French authorities placed them in pre-trial detention on Monday, along with the parents of a suspect. The parents have since been released without charge.

vigilant detective ZachXBT launched its own investigation into the case in December 2022. It released an independent report on August 8, 2022, naming the suspects and outlining its extensive research. “I had been tracking the accused phishing scammers months before my article,” ZachXBT told Artnet News on Twitter. The French government opened its case on August 23, 2022, in response to ZachXBT’s report.

According to ZachXBT, the shenanigans began on December 13, 2021, when scammers phished Bored Ape #237 from Twitter user Dilly Dilly, who clicked on a link shared in the BAYC Discord by a verified user offering to transform images Static ape in animated GIFs. “Once he approved the transaction, his BAYC was removed from his wallet and into the hands of a scammer,” the report said.

The BAYC community was quick to help Dilly Dilly get it back, but not before scammers could take advantage of it. Shortly after, they also claimed three other kills, snagging two NFTs from the Mutant Ape Yacht Club collection and one NFT from the much-traded Doodles collection.

On January 2, 2022, Twitter user Tumolo lost BAYC #6166 after Twitter user “Exyt” convinced him to deal with “an equally scam BAYC animation website”. Exyt continued to reach out to other BAYC holders, apparently targeting them for phishing attacks.

ZachXBT scoured the public, but anonymous, blockchain ledger and discovered that the scammers had sold the two monkeys on OpenSea immediately after they were stolen, for a total of $358,000 in crypto.

He also saw the scammers launder the loot using Tornado Cash, a crypto-laundering tool recently banned by the SEC. However, they failed to anonymize their withdrawals: a user named “mathys.eth” had withdrawn funds from Tornado Cash for amounts identical to those laundered.

Following another scam in March 2022, ZachXBT scanned the source code behind their phishing site and found it attributed to a Telegram user aptly named “mtscam”.

Further research on social media then led ZachXBT to the ringleader: an 18-year-old named Mathys, whose jewelry matched that shown in the mtscam Telegram profile picture. His accomplice, Camile, boasted on Twitter of possessing stolen NFTs. ZachXBT believes French authorities may uncover other thefts worth $871,000.

Web3 is plagued by crime. An Immunefi report cited by Barrons found that nearly $14 million worth of stolen BAYC NFTs have been traded on OpenSea so far. “BAYC is one of the most valuable collections of NFT profile pictures, so inevitably owners have become huge targets,” ZachXBT told Artnet News.

So far, white hat militiamen like him have proven more effective than the police. “There’s a huge learning curve that comes with it and also little legal precedent,” the web sleuth remarked. As the space matures over time, this will likely change.

While authorities catch up, ZachXBT is accepting donations to fund equipment upgrades, future legal fees, and his work.

Follow Artnet News on Facebook:


Want to stay one step ahead of the art world? Subscribe to our newsletter to receive breaking news, revealing interviews and incisive reviews that move the conversation forward.

Previous Dell launches high-performance computing for its Apex multicloud services
Next How less traffic led to more deaths during the pandemic – WHY