This week, a link to the renowned banks’ website touted an art piece as the first NFT creator (non-fungible token).
The NFT Auction
A British buyer spent $366,000 at the auction to acquire NFT painting in the limited edition just to find out that it was a fake. In the art industry, an NFT is necessary for the piece to include “tokenized” digital evidence of ownership that can be bought and sold.
Immediately after the sale, a statement from Banksy’s team reads that the NFT advertising website Banksy.co.uk/NFT “Any Banksy NFT auctions are in no way affiliated with an artist.”
The British collector, whose online moniker is @Pranksy, gained a 90% increase in the auction then the second-highest bidder. Pranksy is an admirer of Banksy and an enthusiastic NFT collector.
Pranksy expressed irritation and was “burned” after being scammed in cryptocurrencies for more than $300,000. They were relieved soon when the fraudster gave them most of the money before the end of the day.
Pranksy believed that press attention would enable the public to discover the fraudster which led them to reimburse them. Pransky claims, however, that it is still down $5,000 since the transaction fee was not repaid.
Although fooled, Pranksy showed thanks and said, “I consider myself incredibly fortunate since many individuals would not have gotten the same result in a comparable situation, with less reach.” Banksy’s team subsequently declared, “Banksy artist did not produce NFT artworks.” However, the question of how the site was hacked remained open.
Warnings were not taken into account
A cybersecurity professional told the Banksy crew that the website had faults and might be exploited. Nonetheless, the warning was not taken into account. According to Sam Curry, CEO of security company Palisade and a whitehat hacker, last month’s website vulnerabilities had been detected using the Discord social media platform.
“I was at the time on a security forum and other people had linked to the site. I clicked on one and noticed its weakness quickly,” Curry said. He was allegedly trying to email Banksy’s team but was ignored.
Curry tried to contact Banksy’s team through other channels such as Instagram. His efforts, however, were unsuccessful since he received no reply. Before the disclosure of Curry, the initial report was sent via email on 25 August.
Curry further noted that the flaws of the website were eventually fixed. The vulnerability may be exploited by a remote attacker to create arbitrary files on the website to publish third-party sites and information.
Is this another Banksy stunt?
Some say the incident may have been another Banksy prank. Professor Paul Gough, the director, and vice-chancellor of the Bournemouth University of Arts says time, art, and organization is wrong.
“I don’t think that’s a Banksy fake. The moment is off for me and the setting doesn’t feel appropriate. His ‘Spraycation’ prank was just finished, in which he blew 10 spots in East Anglia and released a social media video about it.”
Gough further said that the fake artwork was not in the distinctive style of Banksy.