Banksy Pranksy Scam
Is this... real?
These were the last words of the NFT collector Pranksy before he bought a fake Banksy art work for 100 ETH (~$344K).
Since rising to fame in the late 90s, Banksy’s “I’m 13 and this is deep” political art style has made him a household name, and now it’s not just souvenir sellers in Camden Market who are trying to cash in.
Many other NFT grifters have tried to capitalise on the artist's reputation by associating themselves with his work, but this story goes one step further.
The Official Banksy website was hacked, and a link added to an NFT titled;
"Great Redistribution of the Climate Change Disaster"
Pranksy’s purchase of this item, and the drama that followed, led to the story being covered by multiple major newspapers, and caused many to suspect that Pranksy organised the event himself.
If this was a publicity stunt, then it was definitely a success, as Pranksy gained thousands of followers in one day.
But if he didn’t organise it himself, then who did, and why would they return the money?
This story was covered by the BBC, the Daily Mail, VICE, and several other international mass media organisations, yet none tried to find out the truth.
We do things differently.
First we went to Pranksy to hear his side of the story:
rekt:
How did you find out about the listing?
Pranksy:
Someone dropped it in my discord chat.
rekt:
If this was a scam, then it required promotion to be successful. Do you think this was targeted at you and other high profile buyers?
Pranksy:
I think I may have been targeted, yes.
rekt:
Do you know of anyone else that was targeted?
Pranksy:
No I do not, it's quite a sophisticated scam though.
rekt:
Do you know how they managed to redirect from Banksy’s website?
Pranksy:
I have no idea, I'm trying to learn how.
rekt:
Have you spoken with Pest Control?
Pranksy:
No not yet.
rekt:
What do you say to those who have accused you of minting the NFT yourself in order to get publicity?
Pranksy:
I have no need for publicity. I'm already the most followed NFT specific account. I would not hack Banksy's website when I hope to work with them in the future.
rekt:
When did you start to think this was a scam rather than genuine?
Pranksy:
As soon as the bid was accepted.
rekt:
How much do you think this piece would have been worth if it were genuine? Would you have raised your offer if you had been outbid?
Pranksy:
Yes I would have gone much higher.
rekt:
What's your process for evaluating the worth of digital art?
Pranksy:
Historical significance, nft token quality, blockchain created on, quality of work.
rekt:
Sure. Thanks.
Any final message for our readers?
Pranksy:
The NFT space is an incredible creative hub of activity.
Sometimes some things are too good to be true, always do your own research.
Pranksy:
The ETH just got returned to me!
rekt:
Congratulations.
It's been a rollercoaster of a day for you.
Even more people believe this to be a publicity stunt now that the money has been returned.
Does that bother you?
Pranksy:
It does so I've left a comment.
Under the refund tweet.
rekt:
That's understandable.
Maybe you would have given a more exciting interview if you were doing this for promotion...
Pranksy:
Oh cheers.
That dull am I? :D
rekt:
We're glad the ETH was returned. Thanks for your time.
This first interview with Pranksy may not have been what we wanted, but it would prove to be useful later in our investigation.
We continued to stop and search users on Twitter until we came across a new lead.
This was not the first time the Banksy website had been hacked.
On August 25th, the index page of banksy.co.uk showed a link to the instagram page of @samwcyo, a well known hacker and full-time bug bounty seeker.
Pranksy had unfollowed samwcyo on the day of the NFT sale.
We needed to find out more, so we went back to our chat with Pranksy.
rekt:
Oh, and just one more thing...
Why did you unfollow @samwcyo today?
Pranksy:
I followed and unfollowed. He was one of my potential suspects.
This was strange behaviour, but it was plausible. We then asked Pranksy if he had ever spoken to Sam, and he said he hadn’t.
So we did.
rekt:
Hi Sam, What are your thoughts on the Pranksy / Banksy NFT incident?
samwcyo:
Seems like a wild situation, I am guessing the Banksy website was hacked. I think it's a fun story about how crypto is always going to be related to some real life point of trust even though it's all (mostly) cryptographically secure. I'm happy the hackers returned the funds and actually really liked the art!
Is there a reason I was contacted for this?
rekt:
We’ve been told that on August 25th; the last time the Banksy website was hacked, it showed a link to your instagram profile.
Why is that?
samwcyo:
I had tried to disclose a vulnerability to them, I don't think it has been fixed yet. I sent a bunch of emails after finding something but wasn't able to get in contact with anyone. Hopefully it's been fixed now, but haven't heard back from anyone.
I wouldn't be surprised if someone else had found the vulnerability. It was really simple and really bad. I guess it makes sense that someone had hacked the website, but I am glad that the people who did hack it didn't do it maliciously and played what looks to be just a massive prank.
rekt:
Have you ever had any communication with Pranksy?
samwcyo:
No, I followed them on Twitter recently trying to get in contact with Banksy.
rekt:
He was following you, until today. Why do you think that is?
samwcyo:
I'm not sure, I didn't know he ever followed me.
rekt:
What did you want to contact Banksy for, and why did you think Pranksy would be able to help?
samwcyo:
I didn't know they weren't the same person or thought they were related, I had trouble disclosing the vulnerability and spend about a week sending messages to every outlet I could (email, Instagram, etc.) but since Banksy is totally anonymous, it was really hard to reach anyone or anyone from his IT team.
rekt:
samwcyo:
Yup -- sent mail here, one sec It's interesting everything turned out the way it did, but I think with all of the interest in everything going on someone will fix the vulnerability.
rekt:
How did you come across the vulnerability on the site?
samwcyo:
Someone had posted the site in a Discord that I'm in, people were testing it
rekt:
Is that a public Discord?
samwcyo:
No, just a group of different people from the hacking community
rekt:
Earlier, you said you followed Pranksy on Twitter because you were trying to contact Banksy, yet you never sent him a message.
Why?
samwcyo:
I saw that they weren't related, I had found the email and sent Instagram DMs to Banksy instead, then posted that photo to the site.
rekt:
Thanks for your time.
And tell your Discord group they're all suspects...
Despite the content of the interviews, it’s hard to believe that there was no collaboration here.
Pranksy has gained a lot of publicity, lost nothing, and is also now the owner of an NFT which currently has a highest bid of 12.5 ETH (~$44K).
Should Pranksy burn this NFT as a sign of good faith? Would that be art, or is this all “performance art”?
If this was for money, why would the hacker cut the auction short at 100 ETH, when we all know it would have attracted much higher bids?
If this was for promotion, why would the hacker accept the job?
Perhaps Pranksy paid them more than 100 ETH?
That seems unlikely.
We invite you, the rekt readers, to join the investigation in our Telegram group and let us know what you find.
REKT serves as a public platform for anonymous authors, we take no responsibility for the views or content hosted on REKT.
donate (ETH / ERC20): 0x3C5c2F4bCeC51a36494682f91Dbc6cA7c63B514C
disclaimer:
REKT is not responsible or liable in any manner for any Content posted on our Website or in connection with our Services, whether posted or caused by ANON Author of our Website, or by REKT. Although we provide rules for Anon Author conduct and postings, we do not control and are not responsible for what Anon Author post, transmit or share on our Website or Services, and are not responsible for any offensive, inappropriate, obscene, unlawful or otherwise objectionable content you may encounter on our Website or Services. REKT is not responsible for the conduct, whether online or offline, of any user of our Website or Services.
you might also like...
Monkey Business
In just one year, Bored Ape Yacht Club has evolved from a niche NFT, into a whole ecosystem, and a mainstream means of flexing wealth. The rise of BAYC has been unstoppable, but the recent Otherdeeds mint was far from perfect. What's next for BAYC?
Treasure DAO - REKT
Swiggity swooty, somebody plundered the Treasure DAO booty. ~$1.4M worth of NFTs has been stolen from the largest NFT marketplace on Arbritrum, leaving the OpenSea competitor stranded in deep water.
JayPegs Automart - REKT
A blue-chip rekt by a front-end attack. Remind us, which part of crypto is supposed to be “trustless”? Misplaced faith (temporarily) cost MISO $3.1 million.