How Bots are Being Used to Skew NFT Prices for Big Profit

It is hard to ignore the financial impact bot attacks can have, especially when such attacks are aimed directly at financial services organizations and markets. A recent Netacea survey showed that many businesses are aware of the financial damage caused by malicious bots (read the report: What Are Bots Costing Your Business?)

However, it might be surprising to learn that many of the techniques currently being used by malicious bots to skew prices of unregulated financial assets, like cryptocurrencies and non-fungible tokens (NFTs), have been refined in attacks on other industries, like retail and travel.

What is financial spoofing?

A means of exploiting financial markets, spoofing makes it seem like there is high or low demand for something at a particular price or rate by placing orders that have no real intention of being completed. Bots are used to perform this at scale, meaning the price of commodities can be shifted artificially to the financial benefit of the scammers.

Spoofing the purchase of assets on the US and UK stock markets, which are regulated by the Commodity Futures Trading Commission (CFTC) in the US and the Financial Conduct Authority (FCA) in the UK, is illegal. However, the lack of regulation in Blockchain technology makes cryptocurrencies (such as Bitcoin and Ethereum) and NFTs ripe for exploitation.

How are bots manipulating crypto and NFT trades?

To first give some background on what an NFT is and why they are a target for scammers, a non-fungible token is a unique asset accounted for in the blockchain. Unlike fungible assets like cryptocurrency, each NFT is one-of-a-kind. Think of it like a collector’s item such as a trading card. Crucially for scammers, the value of an NFT is decided by what someone else is willing to pay for it.

NFTs are commonly sold via auction on marketplaces like OpenSea and Rarible, and even traditional auctioneers like Sotheby’s and Christies now hold auctions for NFTs. Bots are commonplace at online auctions, typically sniper bots that place a winning bid at the last possible moment of the auction to maximize the chances of winning an item at the cheapest price. However, bots are also being used to manipulate NFT auctions in another way.

How do crypto and NFT market manipulation bots work?

The bots manipulating the price of NFTs in the blockchain work like the scalper bots used famously to buy up popular sneakers, and snatch up PS5s for resale in the last year. The more sophisticated “sneaker bots” or “grinch bots” add an extra layer called “spinning” to their arsenal.

Spinner bots add an item to their shopping cart simply to make that piece of stock unavailable to other customers. This creates denial of inventory, preventing customers from buying the item from that site and forcing them to look to the secondary market instead.

The spinner bot operator simultaneously advertises the item on secondary markets, only completing the initial purchase once the item is already sold to another buyer. If no buyer is found, the shopping carts containing the unsold items are abandoned. It’s a no-lose situation for the spinner bot operators.

Just like scalper and spinner bots, bid spoofing bots are programmed to place a high number of bids across the NFT marketplace, typically below the asking rate for each token. Once a bid is accepted, the bot cancels, which drives the value of the NFT down as it is relisted. The bot operator can then jump in and bid lower than the original asking price for the NFT.

It’s hard to say exactly how much profit is being made via this practice, but as it costs money to cancel bids, the net output is enough to make this type of market manipulation worthwhile.

How to stop bid manipulation by bots

It’s difficult for such marketplaces to identify a canceled bid as a bot without a pattern of repetition from the buyer. This is made worse as bots get better and better at disguising themselves as human, flying under the radar of detection.

At Netacea we approach each bot attack using the stages defined by the BLADE (Business Logic Attack Definition) framework. At the defense bypass stage of their attacks, bots use techniques like human emulation, rotating residential proxies and rate limiting to avoid being caught out or blocked. For example, thousands of requests originating from one source would be easily identified as a bot attack, but using multiple IP addresses sidesteps this defense.

These techniques have been developed and battle-tested in other markets and use cases, such as scalping in retail and credential stuffing in financial services, transferring advanced bot features across the bot threat landscape and adding complexity to tactics like spoofing.

Advanced bot management to stop advanced bots

One thing bots can’t disguise is their behavior in achieving their intended goals. Netacea Bot Management uses a variety of methods to identify not just origins of bot traffic, but also the behaviors associated with them.

Using advanced machine learning algorithms and AI technology, Netacea tracks all requests made to web-based systems and categorizes bot traffic in real time.