Fintech

Anatomy of an NFT art scam: How the Frosties rug pull went down

Crypto plays on values of anonymity and community — and getting rich quick. Those helped the creator of the Frosties digital art project deceive users.

NFT rug pull

Frosties, which had become the latest star of the NFT world as 2022 began, just as quickly became the year’s most notable scam.

Illustration: Christopher T. Fong/Protocol

Joshua Christian had a good feeling about Frosties, a digital collection of colorful ice-cream-scoop characters with quirky outfits and facial expressions. The 20-year-old college student from Huddersfield, England, bought three of them, his first NFT purchases. He was one of millions of new buyers to enter the digital art market, a field that’s exploded in the past year.

But just a few hours after Frosties’ public minting began the evening of Jan. 9, he noticed something odd: The NFT’s Discord server was gone. “That’s not right,” he thought.

In Oklahoma, Melissa Kotter, a Frosties “mod,” or moderator, was also puzzled when the Discord server disappeared. “Everybody was freaking out,” the 26-year-old artist told Protocol.

A few hours later, in Singapore, a sales manager who asked to be identified only as Kerry and who, together with a friend, purchased about 160 Frosties worth about 12 ETH, more than $45,000 at that time, woke up to “many messages telling me a rug was pulled.”

By then, thousands of Frosties realized that they had been scammed, confirmed by a tweet on the Frosties Twitter account before it subsequently disappeared. “I’m sorry,” it read.

Frosties, which had become the latest star of the NFT world as 2022 began, just as quickly became the year’s most notable scam. It was a rug pull, a trick where creators of a cryptocurrency or an NFT artwork or game abruptly shut down the project, make away with the project funds and disappear. Along with the money went the trust and goodwill essential to getting a project merging new forms of art and finance off the ground.

Rug pulls have become a major form of crypto fraud, making up nearly 40% of crypto scams and costing users about $2.8 billion last year, up from just 1% the previous year, according to Chainalysis.

The Frosties scam led to the theft of at least $1.2 million, moved in a series of rapid transfers of funds from Frosties' OpenSea wallet to other accounts, leaving a community, which numbered roughly 40,000 at its peak, stunned.

“My initial thought was like, 'F---, this is awful,'” Christian said. “Honestly, I couldn't believe it at first,” Kotter said. “It was a lot of anxiety — and I can't say I got good sleep.”

Frosties NFTs on OpenSea Frosties NFTs on OpenSea.Screenshot: OpenSea

Kotter’s Frosties journey began on an upbeat note. She started getting into NFTs last year and was drawn to the Frosties project which she said looked “really professionally done.” There were things she found curious about the community, like the fact that, unlike with other NFT projects, the Frosties managers did not disclose their identities to reassure prospective buyers. But, Kotter said, she “went into it anyway.”

So did Christian, who spent about $1,000 on three Frosties which cost about $112 each in ether, including gas fees. “I really like the art style. They looked really cute on the website. Frosties had a feeling that people would buy that, you know.” In the world of NFTs, that means the collection could be worth a lot of money.

Take the Bored Ape Yacht Club, which has attracted celebrity buyers including Justin Bieber, who reportedly bought one for $1.3 million. Corporations are getting in on the action, too. Visa bought a CryptoPunk for $150,000, a bargain considering that an NFT from the same collection sold for nearly $12 million.

NFTs aren’t just about a piece of art for the buyer and others to admire. Christian said he bought Frosties for its staking feature, in which he could earn fees by locking up his NFTs on the Ethereum blockchain, which in turn would help process transactions. Buyers were promised other ways to make money from the investment, too, like “breeding” — essentially creating new Frosties from two existing ones.

Kotter, who was elected as a mod, made it to the whitelist, giving her early access to the first Frosties to be minted, an incentive that helped build interest in the project.

Many members became upset by high gas fees in the early minting. In a surprising move, the anonymous Frosties developer refunded the fees. That should have been an alarm, but unsophisticated buyers took it as a positive sign.

The fee refund “screams out to me like a Ponzi-scheme-type strategizing,”' said Michael Fasanello, an anti-money laundering specialist who has analyzed other scams. Giving early customers their money back for gas fees led to people publicly praising the project, helping recruit more users.

Melissa Kotter and Cruise Ingles Melissa Kotter and Cruise Ingles, Frosties owners.Photos: Melissa Kotter, Cruise Ingles

The Frosties rug pull had the “hallmarks of cyber-enabled financial crime when you get to the use of the mixers, the address hopping, the peel chains and all that stuff,” said Fasanello, director of Training and Regulatory Affairs at the Blockchain Intelligence Group. His firm is conducting an investigation into Frosties, pro bono.

Fasanello used blockchain analytics to track movements from the Frosties page on OpenSea. The funds first moved in “peel chains,” a series of small transfers ranging from $3,500 to $25,000, mostly to un-hosted or stealth wallets. One transfer went to a Coinbase account, though it was quickly moved to another wallet.

Then much bigger transfers followed, including three worth about $300,000 each. This time the scammer used Tornado Cash, an Ethereum-based tool that obfuscates the source of funds by using stealth addresses.

Tracking the funds is challenging, but not impossible, Fasanello said: “At least some of this money, theoretically, could be obtained and returned to the customers, if all of the pieces aligned properly.” Coinbase declined to comment. OpenSea could not immediately be reached for comment.

Some of the victims are taking what happened in stride.

Kerry, the sales manager based in Singapore, said he and his friend “had a good laugh” over what happened, though they now look for “red flags” in considering new crypto projects.

Christian said it was “really annoying” to learn he was involved in a rug pull. He was puzzled by why the developer opted for the quick profit of a scam versus the money they could have made running the project legitimately.

He’s not giving up on NFTs. “I'm 20 and I want to do as much as I can young, so I can live out my 30s and everything stress-free,” he said. The total NFT market is now worth about $16 billion, which is just 1% of the $2 trillion crypto market. But NFTs, Christian predicted, are “going to blow up in the coming years.”

Some of the Frosties victims are trying to rebuild the community through a technical maneuver called wrapping — taking the tokens issued in the scam, which still exist on the blockchain, and placing them under an entirely new smart contract outside the original developer’s control. Christian said he paid $140 to wrap his three Frosties into the new contract.

The “Wrapped Frosties,” as the group is called, set up a new page on OpenSea. The page recently listed a “floor,” or lowest price for the collection, at 0.005 ETH, or about $13.11. Cruise Ingles, a rug pull victim who also decided to join the rebuilding effort, said he would like to see the collection go back to its original .04 ETH, or $116, floor price “to ensure decent royalties” for community members.

Ingles said the group plans to launch a new collection called Cutie Pies to raise funds which they hope to use to sustain and grow the Frosties collection. He said the new Frosties Discord community has about 1,600 members, with 150 active participants.

But rebuilding an NFT community “that lost all of its money” is challenging, Ingles acknowledged. A successful NFT community emerges largely because of FOMO, he said. “The fact that a project has ‘already failed’ makes other buyers want to avoid it, no matter what happens after,” he said.

Joshua Christian Joshua Christian spent about $1,000 on three Frosties which cost about $112 each in ether, including gas fees.Photo: Joshua Christian

Christian also complained about “a lot of clashing” among members, saying: “The whole idea of everyone working together just kind of drifted away.”

Ingles said his experience with Frosties, which was his first experience with a rug pull, has reinforced one of his beliefs: It’s generally not a great idea to jump into a brand-new NFT project — even one with tens of thousands of enthusiastic members.

“Hype is where it gets a lot of people,” he said. “I've seen probably 10 different projects within the past week or so get rugged all because of just the hype. There's a large community rallying about one thing and being super excited. And so they all buy in at once. And that allows the investor to all pull out at once.”

Kotter, who is also part of the rebuilding effort, remains upbeat, calling what happened “eye-opening and, oddly enough, inspiring.”

“I wanted to do something to help,” she said. “There are a lot of scams in the crypto space, and this is something we would like to change. It will not be overnight, but there are big things coming that were born from the chaos of the Frosties rug pull.”

Still, she wondered if the original Frosties developer was “able to sleep at night with all that guilt.”

There was a hint of that guilt in the scammer’s final messages, which sought to clear the name of two other mods, a couple named Andre and Katelyn. “You will likely be getting a lot of heat,” the developer wrote, adding that he was sending them some ether “for your troubles.” Andre and Katelyn have kept a low profile and haven’t been active in the rebuilding effort, according to Kotter.

One legacy of Frosties may be a cultural change around anonymity in crypto. “Doxxing” used to be a dirty word in internet culture, meaning the involuntary unmasking of an anonymous user’s personal information. Reddit explicitly bans doxxing, and a recent article in BuzzFeed News caused an uproar when it revealed the names of two Bored Ape Yacht Club creators who had previously gone by pseudonyms, even as the value of the company behind it, Yuga Labs, soared into the billions.

But doxxing is starting to take on a new meaning: the voluntary self-identification of a project’s developer to engender trust. The Frosties developer wasn’t doxxed, but so-called doxxed projects are on the rise. CryptoDads, for example, advertises itself as “fully doxxed,” and others speak of a “doxxed team.” Magic Eden, an NFT marketplace on the Solana blockchain, relaunched its service this month after some high-profile rug pulls with new identification requirements.

If the industry doesn’t embrace open identities, regulators may force them. NFTs involve financial transactions, sometimes large-scale ones. Increasingly, crypto companies are showing a seriousness about complying with know-your-customer rules that are common in traditional finance. That may mean losing some of the charm of the largely anonymous crypto scene that drew in early NFT buyers. But if it means stopping rug pulls that turn off mainstream customers, it may be a good trade.

Fintech

Election markets are far from a sure bet

Kalshi has big-name backing for its plan to offer futures contracts tied to election results. Will that win over a long-skeptical regulator?

Whether Kalshi’s election contracts could be considered gaming or whether they serve a true risk-hedging purpose is one of the top questions the CFTC is weighing in its review.

Photo illustration: Getty Images; Protocol

Crypto isn’t the only emerging issue on the CFTC’s plate. The futures regulator is also weighing a fintech sector that has similarly tricky political implications: election bets.

The Commodity Futures Trading Commission has set Oct. 28 as a date by which it hopes to decide whether the New York-based startup Kalshi can offer a form of wagering up to $25,000 on which party will control the House of Representatives and Senate after the midterms. PredictIt, another online market for election trading, has also sued the regulator over its decision to cancel a no-action letter.

Keep Reading Show less
Ryan Deffenbaugh
Ryan Deffenbaugh is a reporter at Protocol focused on fintech. Before joining Protocol, he reported on New York's technology industry for Crain's New York Business. He is based in New York and can be reached at rdeffenbaugh@protocol.com.
Sponsored Content

Great products are built on strong patents

Experts say robust intellectual property protection is essential to ensure the long-term R&D required to innovate and maintain America's technology leadership.

Every great tech product that you rely on each day, from the smartphone in your pocket to your music streaming service and navigational system in the car, shares one important thing: part of its innovative design is protected by intellectual property (IP) laws.

From 5G to artificial intelligence, IP protection offers a powerful incentive for researchers to create ground-breaking products, and governmental leaders say its protection is an essential part of maintaining US technology leadership. To quote Secretary of Commerce Gina Raimondo: "intellectual property protection is vital for American innovation and entrepreneurship.”

Keep Reading Show less
James Daly
James Daly has a deep knowledge of creating brand voice identity, including understanding various audiences and targeting messaging accordingly. He enjoys commissioning, editing, writing, and business development, particularly in launching new ventures and building passionate audiences. Daly has led teams large and small to multiple awards and quantifiable success through a strategy built on teamwork, passion, fact-checking, intelligence, analytics, and audience growth while meeting budget goals and production deadlines in fast-paced environments. Daly is the Editorial Director of 2030 Media and a contributor at Wired.
Enterprise

The Uber verdict shows why mandatory disclosure isn't such a bad idea

The conviction of Uber's former chief security officer, Joe Sullivan, seems likely to change some minds in the debate over proposed cyber incident reporting regulations.

Executives and boards will now be "a whole lot less likely to cover things up," said one information security veteran.

Photo: Al Drago/Bloomberg via Getty Images

If nothing else, the guilty verdict delivered Wednesday in a case involving Uber's former security head will have this effect on how breaches are handled in the future: Executives and boards, according to information security veteran Michael Hamilton, will be "a whole lot less likely to cover things up."

Following the conviction of former Uber chief security officer Joe Sullivan, "we likely will get better voluntary reporting" of cyber incidents, said Hamilton, formerly the chief information security officer of the City of Seattle, and currently the founder and CISO at cybersecurity vendor Critical Insight.

Keep Reading Show less
Kyle Alspach

Kyle Alspach ( @KyleAlspach) is a senior reporter at Protocol, focused on cybersecurity. He has covered the tech industry since 2010 for outlets including VentureBeat, CRN and the Boston Globe. He lives in Portland, Oregon, and can be reached at kalspach@protocol.com.

Climate

Delta and MIT are running flight tests to fix contrails

The research team and airline are running flight tests to determine if it’s possible to avoid the climate-warming effects of contrails.

Delta and MIT just announced a partnership to test how to mitigate persistent contrails.

Photo: Gabriela Natiello/Unsplash

Contrails could be responsible for up to 2% of all global warming, and yet how they’re formed and how to mitigate them is barely understood by major airlines.

That may be changing.

Keep Reading Show less
Michelle Ma

Michelle Ma (@himichellema) is a reporter at Protocol covering climate. Previously, she was a news editor of live journalism and special coverage for The Wall Street Journal. Prior to that, she worked as a staff writer at Wirecutter. She can be reached at mma@protocol.com.

Entertainment

Inside Amazon’s free video strategy

Amazon has been doubling down on original content for Freevee, its ad-supported video service, which has seen a lot of growth thanks to a deep integration with other Amazon properties.

Freevee’s investment into original programming like 'Bosch: Legacy' has increased by 70%.

Photo: Tyler Golden/Amazon Freevee

Amazon’s streaming efforts have long been all about Prime Video. So the company caught pundits by surprise when, in early 2019, it launched a stand-alone ad-supported streaming service called IMDb Freedive, with Techcrunch calling the move “a bit odd.”

Nearly four years and two rebrandings later, Amazon’s ad-supported video efforts appear to be flourishing. Viewership of the service grew by 138% from 2020 to 2021, according to Amazon. The company declined to share any updated performance data on the service, which is now called Freevee, but a spokesperson told Protocol the performance of originals in particular “exceeded expectations,” leading Amazon to increase investments into original content by 70% year-over-year.

Keep Reading Show less
Janko Roettgers

Janko Roettgers (@jank0) is a senior reporter at Protocol, reporting on the shifting power dynamics between tech, media, and entertainment, including the impact of new technologies. Previously, Janko was Variety's first-ever technology writer in San Francisco, where he covered big tech and emerging technologies. He has reported for Gigaom, Frankfurter Rundschau, Berliner Zeitung, and ORF, among others. He has written three books on consumer cord-cutting and online music and co-edited an anthology on internet subcultures. He lives with his family in Oakland.

Latest Stories
Bulletins