This study addresses the lack of systematic investigation into NFT phishing fraud transaction patterns. For the first time, it conducts a large-scale, graph-analytics-driven empirical study based on on-chain data. By integrating transaction records, smart contract logs, and security reports, the authors construct and rigorously clean an NFT transaction graph, establishing a unified graph model. Key findings reveal that fraudulent accounts constitute only 0.94% of all accounts yet participate in 8.36% of transactions, exhibiting distinctive behavioral traits: high activity, coordinated group behavior, multi-criteria interactions, short-lived lifespans, and frequent multi-party transactions. Moreover, their interactivity probability with legitimate accounts significantly exceeds that of benign users. This work fills a critical gap in systematic, graph-based analysis of NFT fraud behavior patterns and establishes an interpretable, graph-driven paradigm for on-chain anti-fraud detection—providing both foundational insights and actionable structural features for detection systems.

Non-fungible tokens (NFTs) serve as a representative form of digital asset ownership and have attracted numerous investors, creators, and tech enthusiasts in recent years. However, related fraud activities, especially phishing scams, have caused significant property losses. There are many graph analysis methods to detect malicious scam incidents, but no research on the transaction patterns of the NFT scams. Therefore, to fill this gap, we are the first to systematically explore NFT phishing frauds through graph analysis, aiming to comprehensively investigate the characteristics and patterns of NFT phishing frauds on the transaction graph. During the research process, we collect transaction records, log data, and security reports related to NFT phishing incidents published on multiple platforms. After collecting, sanitizing, and unifying the data, we construct a transaction graph and analyze the distribution, transaction features, and interaction patterns of NFT phishing scams. We find that normal transactions on the blockchain accounted for 96.71% of all transactions. Although phishing-related accounts accounted for only 0.94% of the total accounts, they appeared in 8.36% of the transaction scenarios, and their interaction probability with normal accounts is significantly higher in large-scale transaction networks. Moreover, NFT phishing scammers often carry out fraud in a collective manner, targeting specific accounts, tend to interact with victims through multiple token standards, have shorter transaction cycles than normal transactions, and involve more multi-party transactions. This study reveals the core behavioral features of NFT phishing scams, providing important references for the detection and prevention of NFT phishing scams in the future.