Processing Your Payment

Please do not leave this page until complete. This can take a few moments.

October 24, 2022

NFTs: A new target of cybercrime

William Roberts

As non-fungible tokens remain steady in popularity as potential investment opportunities, ongoing concern for their market volatility continues — wild swings in pricing and value are still commonplace, as they have been for the past few years.

That volatility has been the biggest concern to date among those who choose to invest their money in this space.

However, it should come as no surprise that there is now a newer concern being raised about NFTs — vulnerability to cybercrime.

Hackers and those who seek to do harm and cause chaos through data breaches and ransomware are setting their sights on this new, largely unregulated terrain in the hopes of finding an unlawful way in.

Anyone who is dealing in NFTs needs to be aware of this and take steps to ensure that, like so many other parts of their financial life, these investments are properly protected.

There are three critical areas that offer the greatest potential for vulnerability, each of which should be addressed by those who hold NFTs as assets.

Private key security

All NFTs are controlled by a unique private key that allows the owner access to the assets. Any attack on NFTs would likely begin here, with cybercriminals attempting to gain access to whatever system is protecting that private key information.

Hardware programs, such as NFT wallets (there are a number of systems available for purchase), are solid protection means that make it more difficult to breach.

Many of these wallets also have multisignatures, or multisigs, built in, which would require more than one private key in order to initiate a transaction.

Wallets with multisigs are indeed an essential part of the toolkit when it comes to protecting NFTs.

Fraudulent NFTs

Cybercriminals are becoming increasingly skilled at establishing phony NFT stores online, or creating giveaway scams and drawing in people and companies and gaining access to their private information.

This is a particular challenge because the stores appear authentic and legitimate in every way, and it is often difficult to tell the difference with the naked eye.

NFT buyers would be well advised to confirm that the stores are official ones; in most cases, credible sellers will have a blue verification tick next to their usernames.

It is worth running a social media search of the seller in researching their legitimacy. Further, legitimate NFTs are also likely to list their unique properties, whereas fake NFTs may not have any properties listed.

Last, the smart contracts would have the address where the NFT was minted, and a review of the address is likely to reveal the legitimacy of the source of the NFT. Taking some time to research the NFT and its source will save you money, especially if the deal seems too good to be true.

Needless to say, should you come across a fraudulent or suspicious seller account or NFT, as a good netizen you would report such user so that others can avoid the traps.

Marketplace security

NFTs are based in blockchain technology, a multilayered system of security that is very difficult for outsiders to hack.

However, while blockchain works best within a decentralized platform because it eliminates one central point of potential vulnerability, many choose a centralized platform because it is easier to personally access, as a centralized marketplace usually stores all the private keys of digital assets on its own platform.

However, this is where the danger comes — while the platform makes it easier for you to interact with and manage your NFT assets, that same feature unwittingly makes it easier for hackers to steal many tokens in a very short time and cause harm.

Although establishing a decentralized system may be a bit more difficult and time-consuming, it is well worth it for the protection it provides from cybercriminals.

It would also behoove users to implement additional security measures such as setting up strong passwords, enabling two-factor authentication and not clicking on questionable links.

William Roberts is a cybersecurity and data protection partner with Day Pitney LLP. He works in the law firm’s Hartford office.

Sign up for Enews

0 Comments

Order a PDF