Unfortunately, a rise in security incidents has accompanied the popularity of non-fungible tokens (NFTs). For instance, in March 2021, the number of suspicious domain registrations mimicking the names of legitimate NFT marketplaces increased by nearly 300%.
To engage in NFT trading, users must maintain an active cryptocurrency wallet, which introduces additional risks. Cybercriminals often attempt to exploit vulnerabilities in these wallets through compromised marketplace accounts.
In one notable case, malicious actors infiltrated the Discord server of the popular NFT marketplace OpenSea, pretending to be support staff to deceive users into revealing sensitive account information. Others employ traditional phishing techniques to manipulate NFT holders into transferring funds or divulging their credentials.
Given these developments, exploring the evolving threats that pose significant risks to NFT security is essential.
The NFT Boom and its Security Implications
In 2021, the NFT market surged to over $40 billion. By January 2022, OpenSea, the largest NFT marketplace globally, recorded 2.4 million NFT sales, an increase of one million compared to December 2020. The value of these transactions also set new records, with over $4.8 billion worth of NFTs sold on OpenSea in January alone. Even renowned auction houses like Christie’s and Sotheby’s have joined the trend, hosting their NFT auctions. Given this rapid growth and immense financial activity, it was only a matter of time before cybercriminals began to target this burgeoning sector.
However, this increase in value has also attracted the attention of cybercriminals, making NFTs a frequent target for various forms of cyberattacks. Below are some of the primary methods through which NFTs can be compromised:
1. Deployment of Malicious Smart Contracts
Malicious intelligent contracts are often employed in a variety of fraudulent schemes. They are typically used to exploit vulnerabilities in other intelligent contracts or as tools for scams.
An NFT can be stolen if stored in a wallet linked to a malicious contract, as the attacker can potentially execute unauthorized transfers. Additionally, these contracts often deceive NFT holders into purchasing counterfeit tokens, thereby swindling unsuspecting buyers.
2. Phishing Attacks
Phishing is another common tactic used to steal NFTs and other digital assets. These attacks are usually conducted through messages on platforms such as Telegram, Discord, Twitter, email, and more, often containing malicious links. The goal is to trick the recipient into:
Visiting a harmful website
Downloading malware
Investing in a fraudulent scheme
If a user falls victim to any of these actions, the attacker could access sensitive information, such as private keys, enabling them to steal the NFT. In some cases, phishing may also lead to a "rug pull," where a scam project suddenly disappears after receiving investments.
In essence, safeguarding NFTs requires a vigilant approach, with particular attention to the security of wallets, smart contracts, and communication channels.
3. Fake NFT Support on Discord
One notable social engineering scheme took place on OpenSea’s Discord server. Cybercriminals monitored the platform, waiting for users to post support-related questions. Once a query appeared, they would invite the unsuspecting user to join a fake "support" server.
After luring the target to the fake server, the attackers would request them to enable screen sharing, claiming it was necessary to resolve the issue. They then guided the victim through a series of steps to "resynchronize" their MetaMask crypto wallet Chrome extension with their MetaMask app. This process involved navigating to Configuration > Advanced > Sync with Mobile, which generates a QR code. The attackers would capture a screenshot of this QR code and use it to synchronize the victim’s wallet with their own MetaMask app, enabling them to steal funds from the compromised wallet.
4. NFT Theft and Digital Art Scams
What about digital artwork? How is it stolen? When an NFT is minted, it is typically linked to a unique physical or digital object, such as a URL. This means that when you purchase an NFT, you are essentially buying ownership of that URL. If someone creates a counterfeit piece of art, they could attach it to a unique URL and sell it as a fraudulent NFT.
Most NFT marketplaces do not mandate artist verification, making it easy for online art thieves to copy, mint, and sell the artwork as if it were their own. According to a report by the Information Security Newspaper, buyers could unknowingly end up purchasing illegally copied art. The scam can escalate further when the victim receives a blackmail threat, demanding payment to avoid being reported for owning stolen digital assets.
5. Redline Malware Scam
Cybercriminals also pose as art patrons to target digital artists. These fake patrons establish seemingly legitimate social media profiles, portraying themselves as collectors of digital art. They then approach artists, commissioning them to create new works. During the engagement, the attackers send fake contracts or art samples embedded with malware, such as Redline.
Redline malware allows attackers to steal usernames, passwords, and even stored art files on the victim's device. It can also extract cryptocurrency wallet information from browser extensions and access critical wallet data files, thereby compromising the security of the artist’s digital assets.
How to Enhance NFT Security
To safeguard NFTs from theft and scams, consider implementing the following measures:
Enable Multi-Factor Authentication (MFA): Use MFA for all accounts linked to NFT marketplaces and cryptocurrency wallets to add an extra layer of security.
Learn to Identify Phishing Attacks: Always be cautious of unsolicited emails or messages containing suspicious links or downloads.
Be Wary of Art Requests: Before agreeing to any new art commissions, thoroughly research the requester’s background, review their social media profiles, and seek references when possible.
Use a Hardware Wallet: A hardware wallet provides better protection for digital assets than a software wallet.
Leverage DMCA Takedowns: If someone steals your art, you can file a Digital Millennium Copyright Act (DMCA) infringement notice to have the counterfeit content removed.
As the NFT market continues to evolve, so do the associated risks. Staying informed about the latest security threats is crucial for anyone involved in NFT trading or investments.
Final Thoughts
As the NFT market grows and attracts significant financial activity, it has become a prime target for cybercriminals and malicious actors. From phishing attacks and malicious smart contracts to social engineering scams on popular platforms like Discord, the security risks associated with NFTs are diverse and increasingly sophisticated.
The lack of regulation and verification processes on many NFT marketplaces also provides an avenue for art theft and the sale of counterfeit tokens, leaving both artists and investors vulnerable. Consequently, understanding these threats and adopting comprehensive security measures is essential for anyone engaging in the NFT space. Key practices, such as using multi-factor authentication, securing private keys in hardware wallets, and being vigilant against phishing scams, can help protect digital assets.
As the NFT ecosystem evolves, staying informed and proactively addressing these risks will be critical to ensuring the security and integrity of this emerging digital frontier.
Comments