Fintech

Anatomy of an NFT art scam: How the Frosties rug pull went down

Crypto plays on values of anonymity and community — and getting rich quick. Those helped the creator of the Frosties digital art project deceive users.

NFT rug pull

Frosties, which had become the latest star of the NFT world as 2022 began, just as quickly became the year’s most notable scam.

Illustration: Christopher T. Fong/Protocol

Joshua Christian had a good feeling about Frosties, a digital collection of colorful ice-cream-scoop characters with quirky outfits and facial expressions. The 20-year-old college student from Huddersfield, England, bought three of them, his first NFT purchases. He was one of millions of new buyers to enter the digital art market, a field that’s exploded in the past year.

But just a few hours after Frosties’ public minting began the evening of Jan. 9, he noticed something odd: The NFT’s Discord server was gone. “That’s not right,” he thought.

In Oklahoma, Melissa Kotter, a Frosties “mod,” or moderator, was also puzzled when the Discord server disappeared. “Everybody was freaking out,” the 26-year-old artist told Protocol.

A few hours later, in Singapore, a sales manager who asked to be identified only as Kerry and who, together with a friend, purchased about 160 Frosties worth about 12 ETH, more than $45,000 at that time, woke up to “many messages telling me a rug was pulled.”

By then, thousands of Frosties realized that they had been scammed, confirmed by a tweet on the Frosties Twitter account before it subsequently disappeared. “I’m sorry,” it read.

Frosties, which had become the latest star of the NFT world as 2022 began, just as quickly became the year’s most notable scam. It was a rug pull, a trick where creators of a cryptocurrency or an NFT artwork or game abruptly shut down the project, make away with the project funds and disappear. Along with the money went the trust and goodwill essential to getting a project merging new forms of art and finance off the ground.

Rug pulls have become a major form of crypto fraud, making up nearly 40% of crypto scams and costing users about $2.8 billion last year, up from just 1% the previous year, according to Chainalysis.

The Frosties scam led to the theft of at least $1.2 million, moved in a series of rapid transfers of funds from Frosties' OpenSea wallet to other accounts, leaving a community, which numbered roughly 40,000 at its peak, stunned.

“My initial thought was like, 'F---, this is awful,'” Christian said. “Honestly, I couldn't believe it at first,” Kotter said. “It was a lot of anxiety — and I can't say I got good sleep.”

Frosties NFTs on OpenSea Frosties NFTs on OpenSea.Screenshot: OpenSea

Kotter’s Frosties journey began on an upbeat note. She started getting into NFTs last year and was drawn to the Frosties project which she said looked “really professionally done.” There were things she found curious about the community, like the fact that, unlike with other NFT projects, the Frosties managers did not disclose their identities to reassure prospective buyers. But, Kotter said, she “went into it anyway.”

So did Christian, who spent about $1,000 on three Frosties which cost about $112 each in ether, including gas fees. “I really like the art style. They looked really cute on the website. Frosties had a feeling that people would buy that, you know.” In the world of NFTs, that means the collection could be worth a lot of money.

Take the Bored Ape Yacht Club, which has attracted celebrity buyers including Justin Bieber, who reportedly bought one for $1.3 million. Corporations are getting in on the action, too. Visa bought a CryptoPunk for $150,000, a bargain considering that an NFT from the same collection sold for nearly $12 million.

NFTs aren’t just about a piece of art for the buyer and others to admire. Christian said he bought Frosties for its staking feature, in which he could earn fees by locking up his NFTs on the Ethereum blockchain, which in turn would help process transactions. Buyers were promised other ways to make money from the investment, too, like “breeding” — essentially creating new Frosties from two existing ones.

Kotter, who was elected as a mod, made it to the whitelist, giving her early access to the first Frosties to be minted, an incentive that helped build interest in the project.

Many members became upset by high gas fees in the early minting. In a surprising move, the anonymous Frosties developer refunded the fees. That should have been an alarm, but unsophisticated buyers took it as a positive sign.

The fee refund “screams out to me like a Ponzi-scheme-type strategizing,”' said Michael Fasanello, an anti-money laundering specialist who has analyzed other scams. Giving early customers their money back for gas fees led to people publicly praising the project, helping recruit more users.

Melissa Kotter and Cruise Ingles Melissa Kotter and Cruise Ingles, Frosties owners.Photos: Melissa Kotter, Cruise Ingles

The Frosties rug pull had the “hallmarks of cyber-enabled financial crime when you get to the use of the mixers, the address hopping, the peel chains and all that stuff,” said Fasanello, director of Training and Regulatory Affairs at the Blockchain Intelligence Group. His firm is conducting an investigation into Frosties, pro bono.

Fasanello used blockchain analytics to track movements from the Frosties page on OpenSea. The funds first moved in “peel chains,” a series of small transfers ranging from $3,500 to $25,000, mostly to un-hosted or stealth wallets. One transfer went to a Coinbase account, though it was quickly moved to another wallet.

Then much bigger transfers followed, including three worth about $300,000 each. This time the scammer used Tornado Cash, an Ethereum-based tool that obfuscates the source of funds by using stealth addresses.

Tracking the funds is challenging, but not impossible, Fasanello said: “At least some of this money, theoretically, could be obtained and returned to the customers, if all of the pieces aligned properly.” Coinbase declined to comment. OpenSea could not immediately be reached for comment.

Some of the victims are taking what happened in stride.

Kerry, the sales manager based in Singapore, said he and his friend “had a good laugh” over what happened, though they now look for “red flags” in considering new crypto projects.

Christian said it was “really annoying” to learn he was involved in a rug pull. He was puzzled by why the developer opted for the quick profit of a scam versus the money they could have made running the project legitimately.

He’s not giving up on NFTs. “I'm 20 and I want to do as much as I can young, so I can live out my 30s and everything stress-free,” he said. The total NFT market is now worth about $16 billion, which is just 1% of the $2 trillion crypto market. But NFTs, Christian predicted, are “going to blow up in the coming years.”

Some of the Frosties victims are trying to rebuild the community through a technical maneuver called wrapping — taking the tokens issued in the scam, which still exist on the blockchain, and placing them under an entirely new smart contract outside the original developer’s control. Christian said he paid $140 to wrap his three Frosties into the new contract.

The “Wrapped Frosties,” as the group is called, set up a new page on OpenSea. The page recently listed a “floor,” or lowest price for the collection, at 0.005 ETH, or about $13.11. Cruise Ingles, a rug pull victim who also decided to join the rebuilding effort, said he would like to see the collection go back to its original .04 ETH, or $116, floor price “to ensure decent royalties” for community members.

Ingles said the group plans to launch a new collection called Cutie Pies to raise funds which they hope to use to sustain and grow the Frosties collection. He said the new Frosties Discord community has about 1,600 members, with 150 active participants.

But rebuilding an NFT community “that lost all of its money” is challenging, Ingles acknowledged. A successful NFT community emerges largely because of FOMO, he said. “The fact that a project has ‘already failed’ makes other buyers want to avoid it, no matter what happens after,” he said.

Joshua Christian Joshua Christian spent about $1,000 on three Frosties which cost about $112 each in ether, including gas fees.Photo: Joshua Christian

Christian also complained about “a lot of clashing” among members, saying: “The whole idea of everyone working together just kind of drifted away.”

Ingles said his experience with Frosties, which was his first experience with a rug pull, has reinforced one of his beliefs: It’s generally not a great idea to jump into a brand-new NFT project — even one with tens of thousands of enthusiastic members.

“Hype is where it gets a lot of people,” he said. “I've seen probably 10 different projects within the past week or so get rugged all because of just the hype. There's a large community rallying about one thing and being super excited. And so they all buy in at once. And that allows the investor to all pull out at once.”

Kotter, who is also part of the rebuilding effort, remains upbeat, calling what happened “eye-opening and, oddly enough, inspiring.”

“I wanted to do something to help,” she said. “There are a lot of scams in the crypto space, and this is something we would like to change. It will not be overnight, but there are big things coming that were born from the chaos of the Frosties rug pull.”

Still, she wondered if the original Frosties developer was “able to sleep at night with all that guilt.”

There was a hint of that guilt in the scammer’s final messages, which sought to clear the name of two other mods, a couple named Andre and Katelyn. “You will likely be getting a lot of heat,” the developer wrote, adding that he was sending them some ether “for your troubles.” Andre and Katelyn have kept a low profile and haven’t been active in the rebuilding effort, according to Kotter.

One legacy of Frosties may be a cultural change around anonymity in crypto. “Doxxing” used to be a dirty word in internet culture, meaning the involuntary unmasking of an anonymous user’s personal information. Reddit explicitly bans doxxing, and a recent article in BuzzFeed News caused an uproar when it revealed the names of two Bored Ape Yacht Club creators who had previously gone by pseudonyms, even as the value of the company behind it, Yuga Labs, soared into the billions.

But doxxing is starting to take on a new meaning: the voluntary self-identification of a project’s developer to engender trust. The Frosties developer wasn’t doxxed, but so-called doxxed projects are on the rise. CryptoDads, for example, advertises itself as “fully doxxed,” and others speak of a “doxxed team.” Magic Eden, an NFT marketplace on the Solana blockchain, relaunched its service this month after some high-profile rug pulls with new identification requirements.

If the industry doesn’t embrace open identities, regulators may force them. NFTs involve financial transactions, sometimes large-scale ones. Increasingly, crypto companies are showing a seriousness about complying with know-your-customer rules that are common in traditional finance. That may mean losing some of the charm of the largely anonymous crypto scene that drew in early NFT buyers. But if it means stopping rug pulls that turn off mainstream customers, it may be a good trade.

Workplace

What the economic downturn means for pay packages

The war for talent rages on, but dynamics are shifting back to the employers.

Compensation packages could start to look different as companies reshuffle the balance of cash and equity.

Illustration: Nuthawut Somsuk/Getty Images

The market is turning. Tech stocks are slumping — which is bad news for employees — and even industry powerhouses are slowing hiring and laying people off. Tech talent is still in high demand, but compensation packages could start to look different as companies recruit.

“It’s a little bit like whiplash,” compensation consultant Ashish Raina said of the downturn. Raina, who mainly works with startups that have 200 to 800 employees, previously worked as the director of Talent at Index Ventures and head of Compensation and Talent Analytics at Box. “I do think there’s going to be an interesting reckoning in terms of pay increases going forward, how that pay is delivered.”

Keep Reading Show less
Allison Levitsky
Allison Levitsky is a reporter at Protocol covering workplace issues in tech. She previously covered big tech companies and the tech workforce for the Silicon Valley Business Journal. Allison grew up in the Bay Area and graduated from UC Berkeley.
Sponsored Content

Why the digital transformation of industries is creating a more sustainable future

Qualcomm’s chief sustainability officer Angela Baker on how companies can view going “digital” as a way not only toward growth, as laid out in a recent report, but also toward establishing and meeting environmental, social and governance goals.

Three letters dominate business practice at present: ESG, or environmental, social and governance goals. The number of mentions of the environment in financial earnings has doubled in the last five years, according to GlobalData: 600,000 companies mentioned the term in their annual or quarterly results last year.

But meeting those ESG goals can be a challenge — one that businesses can’t and shouldn’t take lightly. Ahead of an exclusive fireside chat at Davos, Angela Baker, chief sustainability officer at Qualcomm, sat down with Protocol to speak about how best to achieve those targets and how Qualcomm thinks about its own sustainability strategy, net zero commitment, other ESG targets and more.

Keep Reading Show less
Chris Stokel-Walker

Chris Stokel-Walker is a freelance technology and culture journalist and author of "YouTubers: How YouTube Shook Up TV and Created a New Generation of Stars." His work has been published in The New York Times, The Guardian and Wired.

Policy

How 'Zuck Bucks' saved the 2020 election — and fueled the Big Lie

The true story of how Mark Zuckerberg and Priscilla Chan’s $419 million donation became the 2020 election’s most enduring conspiracy theory.

Mark Zuckerberg is smack in the center of one of the 2020 election’s multitudinous conspiracies.

Illustration: Mike McQuade; Photos: Getty Images

If Mark Zuckerberg could have imagined the worst possible outcome of his decision to insert himself into the 2020 election, it might have looked something like the scene that unfolded inside Mar-a-Lago on a steamy evening in early April.

There in a gilded ballroom-turned-theater, MAGA world icons including Kellyanne Conway, Corey Lewandowski, Hope Hicks and former president Donald Trump himself were gathered for the premiere of “Rigged: The Zuckerberg Funded Plot to Defeat Donald Trump.”

Keep Reading Show less
Issie Lapowsky

Issie Lapowsky ( @issielapowsky) is Protocol's chief correspondent, covering the intersection of technology, politics, and national affairs. She also oversees Protocol's fellowship program. Previously, she was a senior writer at Wired, where she covered the 2016 election and the Facebook beat in its aftermath. Prior to that, Issie worked as a staff writer for Inc. magazine, writing about small business and entrepreneurship. She has also worked as an on-air contributor for CBS News and taught a graduate-level course at New York University's Center for Publishing on how tech giants have affected publishing.

Fintech

From frenzy to fear: Trading apps grapple with anxious investors

After riding the stock-trading wave last year, trading apps like Robinhood have disenchanted customers and jittery investors.

Retail stock trading is still an attractive business, as shown by the news that crypto exchange FTX is dipping its toes in the market by letting some U.S. customers trade stocks.

Photo: Lam Yik/Bloomberg via Getty Images

For a brief moment, last year’s GameStop craze made buying and selling stocks cool, even exciting, for a new generation of young investors. Now, that frenzy has turned to fear.

Robinhood CEO Vlad Tenev pointed to “a challenging macro environment” marked by rising prices and interest rates and a slumping market in a call with analysts explaining his company’s lackluster results. The downturn, he said, was something “most of our customers have never experienced in their lifetimes.”

Keep Reading Show less
Benjamin Pimentel

Benjamin Pimentel ( @benpimentel) covers crypto and fintech from San Francisco. He has reported on many of the biggest tech stories over the past 20 years for the San Francisco Chronicle, Dow Jones MarketWatch and Business Insider, from the dot-com crash, the rise of cloud computing, social networking and AI to the impact of the Great Recession and the COVID crisis on Silicon Valley and beyond. He can be reached at bpimentel@protocol.com or via Google Voice at (925) 307-9342.

Enterprise

Broadcom is reportedly in talks to acquire VMware

It hasn't been long since it left the ownership of Dell Technologies.

Photo: Yichuan Cao/NurPhoto via Getty Images

Broadcom is said to be in discussions with VMware to buy the cloud computing company for as much as $50 billion.

Keep Reading Show less
Jamie Condliffe

Jamie Condliffe ( @jme_c) is the executive editor at Protocol, based in London. Prior to joining Protocol in 2019, he worked on the business desk at The New York Times, where he edited the DealBook newsletter and wrote Bits, the weekly tech newsletter. He has previously worked at MIT Technology Review, Gizmodo, and New Scientist, and has held lectureships at the University of Oxford and Imperial College London. He also holds a doctorate in engineering from the University of Oxford.

Latest Stories
Bulletins