Joshua Christian had a good feeling about Frosties, a digital collection of colorful ice-cream-scoop characters with quirky outfits and facial expressions. The 20-year-old college student from Huddersfield, England, bought three of them, his first NFT purchases. He was one of millions of new buyers to enter the digital art market, a field that’s exploded in the past year.
But just a few hours after Frosties’ public minting began the evening of Jan. 9, he noticed something odd: The NFT’s Discord server was gone. “That’s not right,” he thought.
In Oklahoma, Melissa Kotter, a Frosties “mod,” or moderator, was also puzzled when the Discord server disappeared. “Everybody was freaking out,” the 26-year-old artist told Protocol.
A few hours later, in Singapore, a sales manager who asked to be identified only as Kerry and who, together with a friend, purchased about 160 Frosties worth about 12 ETH, more than $45,000 at that time, woke up to “many messages telling me a rug was pulled.”
By then, thousands of Frosties realized that they had been scammed, confirmed by a tweet on the Frosties Twitter account before it subsequently disappeared. “I’m sorry,” it read.
Frosties, which had become the latest star of the NFT world as 2022 began, just as quickly became the year’s most notable scam. It was a rug pull, a trick where creators of a cryptocurrency or an NFT artwork or game abruptly shut down the project, make away with the project funds and disappear. Along with the money went the trust and goodwill essential to getting a project merging new forms of art and finance off the ground.
Rug pulls have become a major form of crypto fraud, making up nearly 40% of crypto scams and costing users about $2.8 billion last year, up from just 1% the previous year, according to Chainalysis.
The Frosties scam led to the theft of at least $1.2 million, moved in a series of rapid transfers of funds from Frosties' OpenSea wallet to other accounts, leaving a community, which numbered roughly 40,000 at its peak, stunned.
“My initial thought was like, 'F---, this is awful,'” Christian said. “Honestly, I couldn't believe it at first,” Kotter said. “It was a lot of anxiety — and I can't say I got good sleep.”
Frosties NFTs on OpenSea.Screenshot: OpenSea
Kotter’s Frosties journey began on an upbeat note. She started getting into NFTs last year and was drawn to the Frosties project which she said looked “really professionally done.” There were things she found curious about the community, like the fact that, unlike with other NFT projects, the Frosties managers did not disclose their identities to reassure prospective buyers. But, Kotter said, she “went into it anyway.”
So did Christian, who spent about $1,000 on three Frosties which cost about $112 each in ether, including gas fees. “I really like the art style. They looked really cute on the website. Frosties had a feeling that people would buy that, you know.” In the world of NFTs, that means the collection could be worth a lot of money.
Take the Bored Ape Yacht Club, which has attracted celebrity buyers including Justin Bieber, who reportedly bought one for $1.3 million. Corporations are getting in on the action, too. Visa bought a CryptoPunk for $150,000, a bargain considering that an NFT from the same collection sold for nearly $12 million.
NFTs aren’t just about a piece of art for the buyer and others to admire. Christian said he bought Frosties for its staking feature, in which he could earn fees by locking up his NFTs on the Ethereum blockchain, which in turn would help process transactions. Buyers were promised other ways to make money from the investment, too, like “breeding” — essentially creating new Frosties from two existing ones.
Kotter, who was elected as a mod, made it to the whitelist, giving her early access to the first Frosties to be minted, an incentive that helped build interest in the project.
Many members became upset by high gas fees in the early minting. In a surprising move, the anonymous Frosties developer refunded the fees. That should have been an alarm, but unsophisticated buyers took it as a positive sign.
The fee refund “screams out to me like a Ponzi-scheme-type strategizing,”' said Michael Fasanello, an anti-money laundering specialist who has analyzed other scams. Giving early customers their money back for gas fees led to people publicly praising the project, helping recruit more users.
Melissa Kotter and Cruise Ingles, Frosties owners.Photos: Melissa Kotter, Cruise Ingles
The Frosties rug pull had the “hallmarks of cyber-enabled financial crime when you get to the use of the mixers, the address hopping, the peel chains and all that stuff,” said Fasanello, director of Training and Regulatory Affairs at the Blockchain Intelligence Group. His firm is conducting an investigation into Frosties, pro bono.
Fasanello used blockchain analytics to track movements from the Frosties page on OpenSea. The funds first moved in “peel chains,” a series of small transfers ranging from $3,500 to $25,000, mostly to un-hosted or stealth wallets. One transfer went to a Coinbase account, though it was quickly moved to another wallet.
Then much bigger transfers followed, including three worth about $300,000 each. This time the scammer used Tornado Cash, an Ethereum-based tool that obfuscates the source of funds by using stealth addresses.
Tracking the funds is challenging, but not impossible, Fasanello said: “At least some of this money, theoretically, could be obtained and returned to the customers, if all of the pieces aligned properly.” Coinbase declined to comment. OpenSea could not immediately be reached for comment.
Some of the victims are taking what happened in stride.
Kerry, the sales manager based in Singapore, said he and his friend “had a good laugh” over what happened, though they now look for “red flags” in considering new crypto projects.
Christian said it was “really annoying” to learn he was involved in a rug pull. He was puzzled by why the developer opted for the quick profit of a scam versus the money they could have made running the project legitimately.
He’s not giving up on NFTs. “I'm 20 and I want to do as much as I can young, so I can live out my 30s and everything stress-free,” he said. The total NFT market is now worth about $16 billion, which is just 1% of the $2 trillion crypto market. But NFTs, Christian predicted, are “going to blow up in the coming years.”
Some of the Frosties victims are trying to rebuild the community through a technical maneuver called wrapping — taking the tokens issued in the scam, which still exist on the blockchain, and placing them under an entirely new smart contract outside the original developer’s control. Christian said he paid $140 to wrap his three Frosties into the new contract.
The “Wrapped Frosties,” as the group is called, set up a new page on OpenSea. The page recently listed a “floor,” or lowest price for the collection, at 0.005 ETH, or about $13.11. Cruise Ingles, a rug pull victim who also decided to join the rebuilding effort, said he would like to see the collection go back to its original .04 ETH, or $116, floor price “to ensure decent royalties” for community members.
Ingles said the group plans to launch a new collection called Cutie Pies to raise funds which they hope to use to sustain and grow the Frosties collection. He said the new Frosties Discord community has about 1,600 members, with 150 active participants.
But rebuilding an NFT community “that lost all of its money” is challenging, Ingles acknowledged. A successful NFT community emerges largely because of FOMO, he said. “The fact that a project has ‘already failed’ makes other buyers want to avoid it, no matter what happens after,” he said.
Joshua Christian spent about $1,000 on three Frosties which cost about $112 each in ether, including gas fees.Photo: Joshua Christian
Christian also complained about “a lot of clashing” among members, saying: “The whole idea of everyone working together just kind of drifted away.”
Ingles said his experience with Frosties, which was his first experience with a rug pull, has reinforced one of his beliefs: It’s generally not a great idea to jump into a brand-new NFT project — even one with tens of thousands of enthusiastic members.
“Hype is where it gets a lot of people,” he said. “I've seen probably 10 different projects within the past week or so get rugged all because of just the hype. There's a large community rallying about one thing and being super excited. And so they all buy in at once. And that allows the investor to all pull out at once.”
Kotter, who is also part of the rebuilding effort, remains upbeat, calling what happened “eye-opening and, oddly enough, inspiring.”
“I wanted to do something to help,” she said. “There are a lot of scams in the crypto space, and this is something we would like to change. It will not be overnight, but there are big things coming that were born from the chaos of the Frosties rug pull.”
Still, she wondered if the original Frosties developer was “able to sleep at night with all that guilt.”
There was a hint of that guilt in the scammer’s final messages, which sought to clear the name of two other mods, a couple named Andre and Katelyn. “You will likely be getting a lot of heat,” the developer wrote, adding that he was sending them some ether “for your troubles.” Andre and Katelyn have kept a low profile and haven’t been active in the rebuilding effort, according to Kotter.
One legacy of Frosties may be a cultural change around anonymity in crypto. “Doxxing” used to be a dirty word in internet culture, meaning the involuntary unmasking of an anonymous user’s personal information. Reddit explicitly bans doxxing, and a recent article in BuzzFeed News caused an uproar when it revealed the names of two Bored Ape Yacht Club creators who had previously gone by pseudonyms, even as the value of the company behind it, Yuga Labs, soared into the billions.
But doxxing is starting to take on a new meaning: the voluntary self-identification of a project’s developer to engender trust. The Frosties developer wasn’t doxxed, but so-called doxxed projects are on the rise. CryptoDads, for example, advertises itself as “fully doxxed,” and others speak of a “doxxed team.” Magic Eden, an NFT marketplace on the Solana blockchain, relaunched its service this month after some high-profile rug pulls with new identification requirements.
If the industry doesn’t embrace open identities, regulators may force them. NFTs involve financial transactions, sometimes large-scale ones. Increasingly, crypto companies are showing a seriousness about complying with know-your-customer rules that are common in traditional finance. That may mean losing some of the charm of the largely anonymous crypto scene that drew in early NFT buyers. But if it means stopping rug pulls that turn off mainstream customers, it may be a good trade.