The non-fungible token art market is primed for an explosion this year – and cyber thieves are on the hunt.
Barely into the year, the OpenSea NFT marketplace processed a record US$2.7 billion worth of sales, while an Indonesian high schooler became a millionaire after selling NFT selfies.
If you’re a content creator thinking of jumping on the NFT bandwagon, now is probably a good time to take that leap of faith. However, remember that hackers and scammers are running amok to try and cash in on this craze, with many NFT buyers and creators already losing assets to malicious schemes.
While blockchain is generally secure, it’s far from a digital utopia. Time and again, scammers have proven to find loopholes and workarounds to wreak havoc on systems and steal funds.
To help you safely navigate the murky waters of NFTs and the wild, wild west that the decentralised finance world is, we’ve gathered a list of common security issues and tips on how you can avoid them.
-
Smart contract vulnerabilities
Smart contracts influence how NFTs operate on a blockchain. If done incorrectly, these contracts can contain vulnerable codes that enable shady characters to exploit and hurt an NFT project in a big way.
In 2017, the iconic CryptoPunks project made headlines after hackers exploited a bug that allowed them to snag those dazzling characters for free. The vulnerable bug had enabled the attackers to freeze fund transfers. As a result, the attackers paid for the NFTs and then triggered a refund to get all their Ether coins back.
How to avoid
Smart contracts can be a nightmare for NFT creators. Hire a reputable auditor to ensure your smart contracts are bulletproof. Get an expert opinion regardless of your knowledge about smart contracts. These experts can help you avoid a disaster.
-
Marketplace vulnerabilities
Developing a marketplace on a blockchain doesn’t make it secure.
For example, cyber attackers recently hit the OpenSea marketplace by abusing a bug on the backend that enabled the purchase of at least US$1.1 million worth of NFTs at older and cheaper prices. While attackers did not directly target OpenSea’s software, the incident highlights the need for tighter security and awareness campaigns.
Last year, hackers stole countless NFT collections from Nifty Gateway users after stealing their accounts. Talk about a painful experience! Most of the victims did not enable two-factor authentication (2FA).
How to avoid
NFT collectors should use as many security features as possible, like 2FA, while also keeping a close eye on your NFT account for suspicious activity so that you can act swiftly to minimise damage. Securing your NFTs in a hardware wallet is highly recommended since the private keys to your account will be encrypted and stored offline, away from the prying eyes of cyber thieves.
-
Compromised community channels
From Twitter to Telegram and Discord, community engagement hotspots are prime targets for attackers.
Imagine waking up to a flurry of messages from hundreds of your beloved fans inquiring about their recent transfer to your wallet. The only problem is that you never posted or offered anything of the sort. This scenario happened to a popular NFT project called Fractal last year.
It turns out a hacker was able to overtake the Discord channel of the Fractal community and make a dubious offer to all members in exchange for SOL transfers. Around ~800 SOL disappeared that day, which had a total value of roughly $150,000 at the time.
How to avoid
As with marketplaces, NFT project owners should set sophisticated passwords and advanced security features like two-factor authorisation for all social channels.
Raising awareness about cybersecurity best practises could also help your audience, like teaching them about strong passwords, phishing attempts and other dubious scam tactics. Your cybersecurity strategy should be two-pronged: one that protects the NFT creator and another that protects the community.
As more embrace the wacky and wonderful world of NFTs, creators should step up on their security measures. While smart contracts and website code are the obvious first steps, don’t forget about the importance of marketplace vulnerabilities and social channel issues.
An ounce of prevention today is worth a pound of cure tomorrow. That’s the motto you should live by as far as the security of your NFTs are concerned.