It’s exciting to start your NFT collection but before jumping in with both feet, a good introductory step is to understand the security considerations around their ownership. The knowledge has become more significant following the reports that Open Sea users were subjected to an email phishing attack.
Though phishing attacks can strike any email user, this attack was focused on stealing NFTs, a reminder that bad actors are actively striving to take advantage of early NFT adopters’ excitement. If you take any message away from this post, it’s that to protect yourself from cybercrime, always use strong passwords and two-factor authentication.
Basic Cyber Security and Identity Theft Prevention
Security concerns for NFT owners include typical cryptocurrency issues and identity fraud. An example of the former was when a fake MyEtherWallet site was launched on the App store (reaching #3 briefly) that phished users in 2018.
A less sophisticated but more common scam is a fake email or phone call pretending to be from a legitimate company or individual, seeking to extract personal information like passwords and credit card numbers.
One email phishing example would be where the hazardous emails spoof a known good email address. In this scenario, the email indicates that it was being sent by Coinbase regarding suspicious Coinbase account activity. The recipient is asked to open an attachment in the email, provide the password for login, and verify their account.
I cannot stress to you more strongly, DO NOT OPEN EMAIL ATTACHMENTS unless you have confirmed the source and the email is validated. These scams can end up compromising not only your user credentials for the NFT platform, but also allow bad actors to implant malware that grants remote access to your machine.
Smart Contract Risks
Smart contracts are a fundamental aspect in the design of cryptocurrencies and NFTs. As a result, they are the cause for many NFT security issues. A variety of smart contracts are available in open source, meaning they can be copied and re-used.
This is helpful for development teams, reducing the time to market for projects. But that comes with a risk if there are security issues embedded in the logic. There have been a number of cases where hackers have exploited a bug in the smart contract to steal assets.
One of the recent incidents involving an attack on a DeFi protocol, Poly Network, shows the effect of smart contracts risks on NFT security. Hackers were able to steal almost $600 million in the attack due to setbacks in smart contract security. Interestingly, Poly Network is not the only example showcasing NFT vulnerabilities and security concerns clearly.
Another popular NFT project, CryptoPunks, had to face the implications of smart contract vulnerabilities. In 2017, CryptoPunks was affected by a bug that prevented the transfer of ETH into the seller’s wallet.
Attackers could leverage the bug for purchasing CryptoPunks NFTs and retrieve back the money from the contract. Therefore, CryptoPunks had to launch again with a completely different and newly updated smart contract.
With a tight dependency on cryptocurrency, NFT creators and collectors should have a higher sensitivity to security concerns. Should this prevent the general public from getting involved, either in creating or purchasing products?
On the contrary, it is short-sighted to dismiss NFTs due to recognized security concerns and vulnerabilities. As a matter of fact, you should look for solutions that can help you obtain a better impression of NFT smart contract vulnerabilities.
Furthermore, you can also depend on tools for alerts about any suspicious activities on NFT marketplaces and in your accounts. Interested in talking with an expert about NFTs and your security, hit that Contact Me button.
Final thought – though cryptocurrencies and NFTs are decentralized and border-less by design, we stand united with our Ukrainian brethren who have been subjected to an invasion and unimaginable turmoil. Be safe our friends at Amber Labs.