NFTs will enter the mainstream in 2021. The market for non-fungible tokens has expanded dramatically, with trading volumes reaching all-time highs and top-tier pieces fetching millions of dollars. Last year, NFT sales reached $25 billion, and platforms like OpenSea continue to attract both crypto natives and new adopters. The frenzy surrounding tokenized collectibles has prompted celebrities such as Jay-Z and Paris Hilton to invest in projects such as CryptoPunks and Bored Ape Yacht Club, fueling demand even further.
Due to the obvious rising prices of the most desirable NFTs, the space has attracted a large number of scammers and hackers. These opportunists target weak collectors and seek to steal their most valuable artifacts using social media platforms such as Discord and Telegram. As interest in the technology rises, NFT investors must keep current on operational security best practices. In this article, we will go through all of the steps that NFT owners may take to secure their collections.
Keeping Your Wallet Safe
If hackers obtain access to their wallet’s seed phrase, which is a confidential string of words that grants access to a cryptocurrency wallet, NFT collectors may lose their assets.
As a result, NFT owners must take precautions to guarantee that their seed phrase is always safe. Hardware wallets like Ledger and Trezor are widely regarded as one of the most secure methods of storing crypto assets. Hardware wallets like Ledger and Trezor are widely regarded as one of the most secure methods of storing crypto assets. Hardware wallets, as opposed to hot wallets like MetaMask, are a type of cold storage wallet.
Unlike hot wallets, hardware wallets keep the private key on the device itself. A hardware wallet requires the user to have the device in hand to authenticate the transaction, making it far more difficult for hackers to obtain access. Hardware wallets are unquestionably one of the greatest storage alternatives for someone who has a stockpile of expensive NFTs.
It is also critical to ensure that the seed phrase for any wallet that contains NFTs is kept offline and in a secure location. To provide an added degree of protection, some users choose to spread their seed phrase among various sites. Seed words are commonly stored in durable materials such as titanium and steel. It is exceedingly dangerous to keep seed words on digital, Internet-facing devices in case the device becomes hacked.
Verifying NFTs Prior to Minting or Purchasing
Before investing in a collection, NFT collectors should always conduct due diligence to determine whether an NFT is legitimate. This can help reduce the danger of purchasing a counterfeit NFT. Official collections on OpenSea often earn a “confirmed” tick once they have traded for more than 100 ETH.
Collectors should also ensure that they are linked to the right webpage during NFT minting. Scammers routinely clone websites by making minor changes to the original domain name in order to steal crypto assets. When purchasing newer NFT collections on secondary markets like as OpenSea or Rarible, make sure the project’s smart contract originates from the main team.
An unknown hacker famously broke into the CreatureToadz project’s Discord channel in October 2021. Posing as an admin, they announced a bogus NFT mint, which enticed community members to transfer them over $340,000 in Ethereum. While the monies were subsequently refunded to the team, the episode emphasized the need of potential mints authenticating official smart contracts.
Fraudsters have utilized the names of great musicians to deceive investors on multiple occasions. One con artist went so far as to hack Banksy’s website and create a link to a work that sold for $336,000 in Ethereum.
Preventing Honeypot, Malware, and Phishing Attacks
Phishing assaults are one of the most prevalent methods fraudsters target NFT collectors. To entice investors, hackers commonly use “honeypot” schemes. They send bogus airdrops to NFT holders in this form of assault to fool them into claiming tokens. When the victim submits the claim, they are confronted with a fraudulent smart contract that requests authorization to spend their assets. If they accidentally provide consent to the contract, their assets will be depleted.
Todd Kramer, a New York-based NFT collector, lost $2.2 million in NFTs in a phishing attempt in December 2021. He interacted with a phishing contract masquerading as a legitimate application, exposing his money to the attack. It was depleted of multiple NFTs from the collections of the Bored Ape Yacht Club, Mutant Ape Yacht Club, and CloneX.
Malware may also be used by hackers to get backdoor access to equipment. Hackers frequently transmit dangerous links that rapidly install malware and potentially take control of machines. Hackers may then extract the private key and use it to withdraw all of the NFTs and other assets from hot wallets like MetaMask.
Since hackers routinely prey on investors using social networking applications such as Discord, it’s critical to be cautious when communicating with anyone online. NFT collectors should always confirm a person’s identification before interacting with them and avoid clicking on any questionable links.
Personal Privacy Protection
NFT collectors frequently display their non-fungibles in their social media avatars (Twitter has just rolled out a feature that gives users a way to prove that they own their NFT avatar, and Meta is also set to release a similar feature soon). However, employing NFT avatars or human-readable domain names like Ethereum Name Service might let hackers identify which investors to target.
Due to the blockchain’s availability of all transactional and wallet data, malevolent actors may quickly monitor collectors who hold precious NFTs if they disclose any specifics about their addresses on social media. This might result in phishing attempts or actual threats.
NFT investors must also be aware of vulnerabilities that might expose their personal information. A cryptographer has found a MetaMask issue that might allow hackers access to mobile device users’ IP addresses. MetaMask claims to be aware of the problem but has yet to resolve it.
As the popularity of NFTs has increased, so has the desire of fraudsters attempting to steal precious pieces from collectors. Many of these attackers target investors using sophisticated tactics. As a result, everyone involved in the NFT area must constantly take the appropriate steps and due vigilance to preserve their holdings.
Investors should be mindful, as always, that NFTs are a fledgling technology in a dangerous market. As a result, when investing, users should constantly exercise caution and adhere to operational security procedures.