Back in December 2021, the renowned NFT project "Monkey Kingdom" was hacked on the community platform Discord. A hacker impersonating a group administrator uploaded a link to a phishing website. Quite a few users clicked on the page without carefully reading the URL and instantly got their Solana (SOL) coins in their crypto wallets stolen, totaling around 1.3 million US dollars. That’s quite a loss, and not even the biggest cybercrime involving NFTs.
As more and more people jump aboard the crypto and NFT train, topics like data protection and cybersecurity are becoming increasingly important. Whereas one of the benefits of blockchain technology revolves around the transparent but secure way it handles its data, it doesn’t mean your crypto wallet is safe from cyber-attacks. And because crypto and NFTs are generally related to large amounts of money, the financial repercussions of such a hack can be devastating. However, if you follow the rules and regulations regarding the secure use of crypto wallets and NFT marketplaces, the chances of being hacked are close to zero.
In this article, we dive into the cybercrime risks that NFTs and crypto bring along, and potential solutions to keep your crypto wallet safe and secure at all times.
Cybercrimes in Crypto & NFTs
Many of the attributes that make NFTs so appealing as a new and potentially revolutionary type of digital asset also bring along some security challenges. The fact that NFTs represent personal ownership over a digital asset also entails the inclusion of personal information about the owner. Additionally, each NFT is stored in a digital wallet, which is often the same one that stores the cryptocurrency that was used to acquire it and is only accessible by using a private key, similar to a password. If hackers manage to get a hold of this specific key, they gain instant ownership over your stored NFTs, as well as your digital identity on the blockchain. There is no way for the previous owner to prove that he used to be the initial owner.
Generally, we can identify three different security risks in the world of NFTs:
1. Phishing
In the case of phishing, a hacker provides a fake website link over email, text, or through the platform Discord. The phony website looks exactly like the actual crypto wallet site and requests the wallet user's recovery phrase. The hacker obtains the phrase and gains complete control of the bitcoin stored in the encrypted wallet. Other tactics include impersonating technical support professionals to give assistance while actually attempting to trick for the terms.
2. Counterfeit NFT artwork
The fact that NFTs grant you ownership over a digital asset, but not the copyrights, makes it an easy target to steal and reuse on another platform. After all, you can simply screenshot the artwork and pretend it’s yours. Nowadays, the ambiguity of an NFT owner’s rights and the lack of strict regulations regarding the reuse of already owned NFTs is one of the reasons why so many people are still doubting the potential success of NFT trading, especially in the traditional art sector. However, following the right steps and choosing the right NFT marketplace can strongly reduce the risk of theft and other cybercrimes.
3. Vulnerabilities in the NFT marketplace
The issue of faulty security isn’t always in the hands of the NFT vendor. Sometimes, it’s the NFT marketplace that has some gaps in its security framework. Due to some minor security errors during the design and development process of the platform, these gaps can become easy targets for hackers. This way, they can access the backend code of the platform and add malware code, hack into the accounts of the vendors, or trade NFTs at incredibly cheap rates and resell them for much higher prices.
Are you not sure where to start as an NFT vendor? Or do you want to find out more about how you can protect yourself and your art from hackers? Get in touch with the Grypto team and we can help you on the way.
What’s up with Discord?
A lot of the bad stuff seems to happen on the community platform Discord. Discord is a free-to-use audio, video, and text chat platform used by millions of people to communicate and socialize with their communities and friends, mainly about video games. However, Discord has become an increasingly popular platform for the cultivation of communities around NFT collections and projects. After all, the community behind your NFT project is what decides the value of your artworks. And usually, the bigger the community, the higher the value.
NFT initiatives on platforms like Discord usually move fast. Early adopters of the asset are conditioned to respond quickly as hyped initiatives like these frequently sell out within hours, if not minutes. Because most of the initial information on NFT pre-sales and drops is released on Discord, community members grasp any chance they get to obtain an advantage in the race towards obtaining the asset. In response, scammers make use of this “hasty decision-making” by targeting them when they’re least aware of it.
So, why is Discord, in particular, so sensitive to NFT-related cybercrimes? That’s quite a simple answer, as the main reason why Discord faces significant troubles with scammers and frauds is simply that it wasn’t designed for what it’s currently used for. Discord was initially designed and developed as a platform for video game enthusiasts to communicate with like-minded gamers, and not for connecting users to digital transactions where the real money is involved. The messages that are sent in Discord are not encrypted and you can easily access complete public chat histories once you join a channel.
Discord is aware of its reputation regarding the large numbers of scammers on its platform. To make sure that their users can use the platform as safely and soundly as possible, they created a complete list of all the steps you can take to protect yourself against cybercrimes.
How to protect your NFTs?
Apart from following the guidelines of Discord, there are other ways you can protect yourself and your NFTs against scams, theft, and fraud. Because NFTs are stored in the user's crypto wallet, most of the security is in the hands of the wallet owner. If the wallet allows it, you should activate multi-factor authentication. Because the majority of hacks and viruses target so-called 'hot wallets' (connected to the internet), users owning valuable long-term assets can benefit from putting them in a so-called 'cold wallet' (offline wallet) that is not exposed to security threats on the internet.
Next to that, you should consider keeping your devices’ security up to date and invest in a VPN. Visiting and downloading content from unprotected websites exposes users to malware and other viruses that can steal personal and financial information. When using social networks and communication groups, you should always use approved sources of information and avoid downloading programs offered by unknown persons (or bots) on Discord.
It is also critical to evaluate the security of the blockchain on which your NFTs are kept. Before minting or buying an NFT, it’s a good idea to do some background research to determine if the blockchain has been audited and certified by an official cybersecurity organization, such as Hacken, Utrust, or Certik.
All in all, you should keep the following things in mind if you want to shield yourself from ‘non-fungible theft’:
Find and pick a secure wallet.
Use a complex password and opt for two-factor authentication.
Keep your recovery keys & phrases somewhere safe and, preferably, offline.
Back up your wallet on a regular basis.
Regularly update your device’s software.
Make use of a safe internet connection and VPN.
Ensure that the blockchain is audited by a trusted organization.
Buying and selling NFTs doesn’t have to be risky. It’s not more scam-prone than the scams happening in the traditional art world, as long as you know what you’re doing. The world of crypto is a fairly new phenomenon and malicious scammers use the unawareness of new users to their advantage. Make sure you’re always one step ahead by securing your accounts with solid passwords, and always ignore and report suspicious behavior.
Want to know more about how you can protect your NFT artworks against theft and scams? Or do you want to turn your traditional art into digitized versions and become an NFT vendor? Get in touch, and become a featured NFT artist of Crypto.