April 08, 2022

Beosin: 10 Ways to Teach You How to Guard the NFT Assets

As the Collins Dictionary’s word of the year for 2021, NFT continues to evolve rapidly in 2022. Recently, the NFT version of the first-ever tweet by Jack Dorsey has been offered for about $48 million on Opensea. Despite the popularity and rapid growth of NFT, the hidden risks such as scams or attacks still cannot be ignored. Our previous blog “Losses Exceeds $1M. Jay Chou’s Bored Ape NFT Got Stolen by a Discord Phishing Attack — Beosin’s Analysis” has also addressed the phishing attack that occurred frequently in the NFT field. In this blog, we will talk about the types of attacks on NFT and give some advice on how to protect your NFT.

Why do NFT security incidents remain frequent?

In mid-January 2022, a user discovered a security vulnerability on OpenSea. Users were able to purchase NFT assets, such as those of Bored Ape Yacht Club (BAYC), for less than a 1% of the price, causing serious damage to the originator.

In February 2022, a hacker posing as the NFT trading platform OpenSea sent phishing emails to trick users into signing faulty smart contracts and sending crypto assets to the hacker’s wallet. As a result, a total of approximately $1.7 million was stolen from affected users.

In addition, at least 35 NFTs have been stolen in the past week, with attackers hijacking NFTs by compromising multiple Twitter accounts and tweeting links to phishing sites. Stolen NFTs include Bored Ape, Mutant Ape, and Bored Ape Kennel Club NFTs, valued at more than $900,000.

With the boom in NFTs and the rise in value, many people will upload their personal works to the NFT platform for investment and auction. With this in mind, malicious individuals will use various means to attack the weaknesses of the ecosystem and steal others’ NFT assets and even cryptocurrencies, which has led to a high number of NFT security incidents of all kinds.

Types of Attacks on NFT and Related Platforms

Most of the attacks are targeted at users and NFT platforms, and they can be divided into the following three categories.

01 — Phishing attack

Hackers send links via email, SMS or Discord to trick users to click the URL of fake websites. The fake website has the same layout as the real crypto wallet website, and the fake platform pops up a transaction message asking the victim to connect to the wallet and sign to confirm the transaction, but actually transfers the assets to the hacker’s account.

02 — Security Vulnerabilities in NFT Platforms

There are many NFT platforms can be a prime target for hackers due to the vulnerabilities caused by inadequate security considerations in the development phase. For example, hackers can upload artwork containing malicious code, compromise accounts without double-authentication, or trade NFTs at low prices and resell them for profit utilizing design flaws.

03 — Fake or Infringing NFT Artwork

The majority of NFT artworks are images, and the popularity of NFTs has attracted plagiarists to “steal” images and sell them on other platforms. The rights of NFT owners are unclear and difficult to enforce, causing emotional distress and monetary loss to those who purchase counterfeit or infringing NFTs.

How to protect your NFT?

Beosin suggest that users or admins can take the following security measures to protect the NFT:

1. Do not click on any links or attachments in emails, text messages or social media from unknown senders.

2. Use the browser’s bookmark to store the URL of NFT platform .

3. Avoid using links sent by others to log in to the platform.

4. Enable multi-factor authentication.

5. Do not disclose your wallet’s private key to a third party.

6. Set up a temporary wallet and store only the right amount of cryptocurrency for transactions.

7. Verify all information carefully before signing any smart contract and understand the terms and potential risks.

8. Review the permissions granted to access your NFT and revoke past approvals for uncertain purposes.

9. Conduct adequate research before purchasing NFT. Verify the identity of the designer and check the completeness of the NFT information (such as user comments, past transactions, whether it is an original work, etc.).

10. If the platform has a mechanism to remove infringing NFTs, users can check with the corresponding system administrator.

If you have need any blockchain security services, please contact us:

Website Email Official Twitter Alert Telegram LinkedIn