And what could be the reason that it appears to be so simple?
In May of 2022, the infamous NFT Bored Ape #8398 was taken from the possession of an actor named Seth Green. Green had intended to use the NFT in an upcoming television series. After falling for a phishing scam, Green allowed a hacker using the nickname Mr. Cheese to steal NFT from his wallet and move it elsewhere.
The events in Green’s story have a positive resolution (depending on how you look at it). He was successful in recovering Bored Ape #8398, but only at the exorbitant cost of 165 Ether, which was equivalent to around $297,000 at the time. (Green’s initial purchase price for the NFT was two hundred thousand dollars.)
People are questioning, in light of the widespread publicity surrounding this loss, how frauds of this nature can take place using a system that is meant to be so secure. Why does it feel as though we read about cryptocurrencies and NFT theft on a very consistent basis? In this post, we will discuss the operation of NFTs as well as some of the most typical methods utilized by hackers to acquire them.
The Abbreviated Version:
• Non-fungible tokens, also known as NFTs, are kept in digital wallets that are stored on a blockchain. Those who are in possession of the digital wallet are able to use the NFT.
• Despite the fact that blockchain technology is generally secure, non-fungible tokens (NFTs) are susceptible to fraud as a result of user error, exploitation, and deception.
• In order for investors to protect their NFTs, they must first ensure the safety of their private keys and then refrain from opening or replying to any questionable communications.
NFTs: An Introduction, Including What They Are and How They Are Stored
A non-fungible token, or NFT for short, is a unit of data that both represents a digital asset and tracks ownership of that asset. NFT is an abbreviation for the phrase “non-fungible token.” NFTs are digital assets that are kept on a distributed ledger and can represent a wide variety of things, including but not limited to music, artwork, photos, movies, and more.
NFTs, in contrast to other types of digital assets such as cryptocurrencies, are one-of-a-kind and cannot be duplicated. Consider the following: millions of people can own Bitcoins, which are nearly identical to one another and can be traded for one another, yet only one person can own a specific work of art.
NFTs, which are similar to cryptocurrencies and other types of digital assets, are typically held on the blockchain that underpins Ethereum. The ownership of the NFT as well as any transactions involving the NFT are recorded on the blockchain as the NFT is transferred from one person to another. The blockchain is anonymous for the most part, which means that it does not record the identity of the individual who owns the NFT. Instead, it keeps a record of the wallet that the NFT is associated with, and only the owner of that wallet possesses the private key necessary to access it.
How exactly can people get away with stealing NFTs?
If you’ve done any research on blockchains, you’ve probably heard that they offer an exceptionally high level of security. But if this is the case, then why do we keep hearing news reports about NFTs and bitcoin thefts, like the one that included Seth Green?
A blockchain does not identify a particular person as the owner of a non-fungible token (NFT), as we have stated previously. Instead, it assigns ownership to a digital wallet in the user’s account. The owner of the wallet knows all of the necessary information and possesses the private key to access it. To steal a non-fungible token (NFT), a hacker first has to obtain access to a wallet, which is typically accomplished by acquiring the wallet’s private key.
The question now is how hackers get their hands on the private keys of other users. There are a number distinct scenarios in which this could take place.
• Tricking an NFT holder into transferring their assets to them or providing access to their digital wallet is one of the most common ways that hackers steal NFTs. Deception is one of the most common ways that hackers steal NFTs. This occurs rather frequently in the form of emails or direct messages. Someone who has created a phony profile could perhaps persuade another individual to move their money to a different digital wallet. They may even send a phishing link to the owner of the NFT, which would then prompt the owner to reveal their private key.
• Exploitation: When employing this tactic, the hacker aims their attention not at the person who holds the NFT but rather at the NFT platform itself. The hacker locates a loophole in the platform’s security or contracts and uses it to steal someone else’s NFT or “buy” it off of themself for free.
• Error Committed by the User: Regrettably, user error is a factor in many instances of theft involving NFTs. There is a possibility that the owner of the NFTs did not take appropriate efforts to protect their private key, did not secure their online account with two-factor authentication, or did not take any other precautions necessary to protect their NFTs.
Gone Phishin’: Thefts and Scams in the NFT Market
Even though Green’s case is the most recent to be brought to the public’s attention, it is by no means the only high-profile theft involving NFT. There are many other examples of people falling for these cons, and there is no shortage of them.
For instance, in 2021, Chris Chapman, an investor in cryptocurrencies and NFTs, put his Bored Ape NFT up for sale on OpenSea with an asking price of approximately one million dollars. However, just two months later, a con artist took advantage of a flaw in OpenSea’s system to purchase the asset at a price that was seventy percent below its selling price.
At the beginning of 2022, a well-known heist occurred when an NFT was taken from Eli Shapira, a former executive in the technology industry. Instead of going after the NFT platform, the hacker went after him personally, which is quite similar to what happened to Green. The hacker gave Shapira a link to his digital wallet that, when clicked on, gave Shapira access to his wallet. Shapira was unable to get back the more than $100,000 worth of NFTs that had been hacked away by the criminal.
Last but not least, the proprietor of an art gallery named Todd Kramer had almost $2 million worth of non-fungible tokens (NFTs) taken from his personal collection and lost them all on the platform known as OpenSea. The collection featured some of the most valued non-fantasy trading cards (NFTs) currently available, including Bored Apes and Mutant Apes.
How to Ensure That Your Digital Assets Are Safe and Sound
It may seem that we are always reading about high-profile thefts of NFTs and other digital assets, but this may just be our imagination. The question now is, what steps can you take to protect yourself from becoming a victim of one of these hackers? Here are some pointers to consider:
• Be sure to keep your private key a secret. Ensure that no one else has access to the private key to your digital wallet at any time. This is the single most critical thing you can do to protect your NFT. Avoid discussing it with anyone and do not leave it in a location where it could be discovered by another individual.
• Refrain from responding to communications sent by individuals whom you are not familiar with. Many cybercriminals deceive their targets on social media into believing they are someone else in order to acquire access to their NFTs. Try to avoid replying to communications sent by people you are unfamiliar with. Keep in mind, too, that hackers may try to pose as either a person you know personally or a well-known public figure. Be certain that the individual to whom you are responding is in fact the same person you believe they are before you react.
• Refrain from clicking on links that come from questionable sources. Phishing schemes are a frequent method that hackers use to get access to the information and private keys that are required to steal cryptocurrency from another person. Avoid clicking on any links at all costs; this is a solid general rule of thumb. Instead of clicking on the link in an email that you assume comes from an NFT platform, for instance, you should immediately type the platform’s URL into the browser rather than clicking on the link in the email.
• Make sure you have two-factor authentication enabled. When you use two-factor authentication on your accounts, you ensure that it will be impossible for unauthorized users to access your accounts with just your password alone. Hackers won’t be able to access your account thanks to the additional layer of security, which also has the potential to notify you if someone tries to log in.
• You should use a cold wallet to store your digital assets. Hackers can access “hot wallets,” also known as wallets that are connected to the internet, much more easily than offline wallets because they can do it from any location. But if you store your assets in a cold wallet, the thief would have to physically steal your hardware wallet in order to make off with your non-fungible tokens.
How to Stay Away From Fake or Stolen NFTS Purchases
Doing research on the vendor is one of the most effective ways to confirm that the NFTs you intend to purchase are genuine. Make sure that their marketplace account is validated by checking the account’s status. You might also examine the company’s other listings, social media pages, or online reviews left by previous customers. If someone is selling counterfeit or stolen NFTs, someone else may already be aware of what they are doing; as a result, you may be able to learn about it on social media platforms like Twitter or Reddit.
You can further check the integrity of the NFT you are purchasing by verifying its originality. This is an additional method. Since NFTs are not meant to be duplicated, if you locate an NFT for sale and then find an identical one for sale on another site, there is a significant possibility that the NFT you purchased was not the genuine article.
Keep in mind that blockchains are designed to record and keep track of the history of all transactions related to a digital asset. As a consequence of this, it is possible for you to view recent transactions involving an NFT that you are contemplating purchasing. It is possible that someone is trying to scam you by selling an NFT on the same day that they bought or obtained it, which is a warning flag.
Last but not least, you should make certain that you are constantly using a reliable NFT marketplace. Purchasing a non-fungible token (NFT) from an individual instead of through a marketplace or exchange that acts as a middleman is a more genuine option, despite the fact that these exchanges are not always 100% safe and devoid of scams.
The Crucial Question: Are Anybody’s NFTs Risk-Free?
The more you learn about fraudulent schemes in which cryptocurrencies or NFTs are stolen, the more likely it is that you will be reluctant to make the initial investment in these assets. Indeed, there are some dangers involved with being the owner of these assets (just as there are with any others).
However, you may be astonished to find out that you have significantly more influence over the security of your NFTs than you currently believe you do. You can protect your digital assets and avoid falling victim to the most prevalent NFT theft schemes if you just use some common sense and take the appropriate safeguards.
