With the popularity of Non-Fungible Tokens (NFTs), NFTs have become a new target of phishing attacks, posing a significant threat to the NFT trading ecosystem. There has been growing anecdotal evidence that new means of NFT phishing attacks have emerged in Ethereum ecosystem. Most of the existing research focus on detecting phishing scam accounts for native cryptocurrency on the blockchain, but there is a lack of research in the area of phishing attacks of emerging NFTs. Although a few studies have recently started to focus on the analysis and detection of NFT phishing attacks, NFT phishing attack means are diverse and little has been done to understand these various types of NFT phishing attacks. To the best of our knowledge, we are the first to conduct case retrospective analysis and measurement study of real-world historical NFT phishing attacks on Ethereum. By manually analyzing the existing scams reported by Chainabuse, we classify NFT phishing attacks into four patterns. For each pattern, we further investigate the tricks and working principles of them. Based on 469 NFT phishing accounts collected up until October 2022 from multiple channels, we perform a measurement study of on-chain transaction data crawled from Etherscan to characterizing NFT phishing scams by analyzing the modus operandi and preferences of NFT phishing scammers, as well as economic impacts and whereabouts of stolen NFTs. We classify NFT phishing transactions into one of the four patterns by log parsing and transaction record parsing. We find these phishing accounts stole 19,514 NFTs for a total profit of 8,858.431 ETH (around 18.57 million dollars). We also observe that scammers remain highly active in the last two years and favor certain categories and series of NFTs, accompanied with signs of gang theft.

翻译：随着非同质化代币（NFT）的普及，NFT已成为钓鱼攻击的新目标，对NFT交易生态系统构成重大威胁。越来越多的轶事证据表明，以太坊生态系统中出现了新的NFT钓鱼攻击手段。现有研究多聚焦于区块链原生加密货币的钓鱼诈骗账户检测，但针对新兴NFT钓鱼攻击的研究仍显匮乏。尽管近期已有少数研究开始关注NFT钓鱼攻击的分析与检测，但NFT钓鱼攻击手段多样，对这些不同类型攻击的认知尚不充分。据我们所知，本研究首次对以太坊上真实历史NFT钓鱼攻击进行案例回溯分析与测量研究。通过人工分析Chainabuse报告中的现有诈骗案例，我们将NFT钓鱼攻击归纳为四种模式，并进一步探究每种模式的具体手法与运作原理。基于截至2022年10月从多渠道收集的469个NFT钓鱼账户，我们对Etherscan抓取的链上交易数据展开测量研究，通过分析NFT钓鱼诈骗者的作案手法与偏好、经济影响及被盗NFT的去向，揭示其诈骗特征。通过日志解析与交易记录解析，我们将NFT钓鱼交易归类至四种模式之一。研究发现，这些钓鱼账户共窃取19,514个NFT，获利8,858.431 ETH（约1,857万美元）。同时观察到，诈骗者在过去两年中始终保持高度活跃，偏好特定类别与系列的NFT，并伴有团伙盗窃迹象。