The last two years saw tremendous growth in the crypto market. Retail and institutional interest and adoption in crypto is at an all-time high. On November 7, 2021, the crypto market reached a record market capitalization of $3 billion. The COVID-19 pandemic saw investors of all levels invest in digital assets. The potential for a high return on investment has attracted novices and market professionals to bet on the ever-expanding crypto market.
On the flip side, this massive rise of capital flowing to exchanges also caught the attention of financial crooks, scammers, thieves, and hackers. According to a Chainalysis crypto crime report, illicit crypto addresses received $14 billion in 2021. Compared to 2020, criminals nearly doubled their 2020 figure of $7.8 billion. Unfortunately, rapid growth in the crypto markets comes with more incentive to cheat, steal, and defraud people from their money.
As crypto fraud, scams, hacks, and other illicit activities continue to rise, crypto security measures must be expanded worldwide to help protect crypto users.
To provide users with the best tips and practices to keep their crypto assets safe, today’s focus will be on NFTs. There are many vulnerabilities on NFT marketplaces.
Source: Chainalysis
What are NFTs, and what is the size of the market?
A non-fungible token (NFT) is a form of crypto asset, which ownership status is recorded on digital files such as photos, audio, or audio on the blockchain. It is a unique asset and cannot be replaced with another one of its kind.
In 2021, the NFT marketplace exceeded $40 billion. The success of NFTs has to do with the application of the blockchain in the art, music, and creator industry.
To explain it as simply as possible: NFT royalties have taken a slice out of the traditional music and art industries with smart contracts. Each time an artist’s work is sold on an NFT marketplace, the artist is paid in NFT royalties.
With a nascent, booming industry comes numerous possibilities for those who transact in the market. The space is certainly not without risks.
Is NFTs a secure marketplace?
Considering the hacks of exchanges and thefts of private keys to wallets, one wonders whether the NFTs market is secure. Well, not really if you do not take appropriate precautions. NFTs are not entirely safe, as crypto criminals take advantage of any possibility to profit from anything of value in the crypto space. While the NFT market is still developing, it is somewhat vulnerable to hacker attacks, scams, and NFT thefts.
In the first quarter of 2021, hackers hacked into several Nifty Gateway NFT user accounts and managed to transfer earlier bought NFTs, then acquired new NFTs for transferring with the payment details that were available on those stolen files. Then, they sold the stolen NFTs to unsuspecting users on another platform. Unfortunately, Nifty Gateway had the private keys for those stolen NFTs placed on the platform, and the owners of the NFTs never got back their NFTs. The issues pinpoint the underlying security problems in the NFT marketplace and call for an adequate solution for the entire ecosystem.
NFT security issues and vulnerabilities
As the popularity of the NFT market is rising, so do vulnerabilities, hacking events, and thefts. As the challenges in the security area are only going to increase, let’s identify some of the critical vulnerabilities and security issues in NFTs to protect ourselves.
Asset ownership targeted
With the introduction of the NFTs, the idea of ownership of assets has been transformed. And that’s where one of the vulnerabilities of the NFTs lie. When the NFTs appeared, there was a shortage of space to store images on the blockchain. Therefore, the blockchain would store only an identifier of the image, and the identifier could be the hash of the image or a web address on the blockchain.
If you wanted to see an NFT on some outside platform, you would need to use the identifier of the given NFT. So, when the actual purchase of the NFT is made, it is not the NFT that is bought but the identifier of the NFT. The identifier would also take to a URM on the internet or to the Interplanetary File System (IPFS).
We should remember that a company from which you acquired an NFT would also run the IPFS node. And that conveys one of the vulnerabilities of NFT. If the company that mints NFTs goes bankrupt, you would most likely be deprived of your access to ownership to the given NFT, or the given NFT’s value would decrease significantly.
Vulnerability of the NFT marketplace
NFTs are a product of highly secure blockchain technology. OpenSea and Nifty Gateway are popular centralized platforms used to purchase or sell NFTs. Because they run on centralized systems, any vulnerabilities in NFT platforms rest on the owners.
These centralized platforms store users’ private keys attributed to the assets on their platforms. As you may know, a central point failure that these platforms are vulnerable to can lead to a theft or a loss of the NFTs you own. The issue with Nifty Gateway that we already discussed caused users to lose their NFTs, despite getting their money back.
Furthermore, we can also mention that apart from the vulnerabilities that centralized marketplaces present, there are also security issues that the users of those platforms open themselves to. These include but are not limited to: weak passwords, 2FA not enabled, or simply poor web security hygiene, such as downloading suspicious apps or clicking on links leading to fake websites, etc.
Identity theft and compromised cybersecurity
Cybersecurity issues and identity theft or fraud are significant vulnerabilities we must mention. Various cryptocurrency scams fall into this category. The scams often come in the form of emails supposedly sent from a reliable source such as your exchange.
You are asked to log in to your exchange with your credentials in the email. Unfortunately, malicious actors would use a fake website, similar to the legitimate one, for you to log in. And if you do, the scammers steal your passwords and can also steal your NFTs. Needless to say, the actors can infect your computer with malware to further abuse your sensitive data.
Smart contract issues
The entire structure of NFTs is built on smart contracts, leading to security issues. The most recent attack on the well-known DeFi protocol Poly Network proved that the vulnerabilities in smart contracts could cause severe problems. During the attack, the hackers managed to steal $600 million as they exploited vulnerabilities present in the smart contracts.
Unfortunately, the incident is not the only one of its kind. A famous NFT project CryptoPunks fell victim to the hackers’ attack due to the issues they had in their smart contracts back in 2017. In that case, there was a bug that did not allow to transfer of ETH into the seller’s wallet. CryptoPunks were able to solve this problem by updating a smart contract.
The tips
While you can use the tips to stay secure while participating in the NFTs marketplace, the tips are good for staying safe in the crypto market as a whole too. At the end of the article, we will provide additional links that will help you to upgrade your crypto security to the maximum.
Guard your passwords
First and foremost, make sure you leave no chance for crypto criminals to gain access to your account by stealing your password. To ensure that, do not store your passwords (or seed phrases) online, like some folder on your computer or inside your email. Do not keep them in the form of photos on your telephone either.
That’s unsafe as nosy hackers can access your phone and steal your passwords. Your password should also be complex and consist of at least 12 characters, preferably 16, to be extremely difficult to hack.
Avoid participating in fake fundraising projects
ICOs, IEOs, IDOs, and similar crypto fundraising projects are a goldmine for financial crooks that collect the money for fake projects that never come to fruition. Check the identities of those leading the projects. Is the team real, and can you verify their identities? Do the owners have a credible history in business? If not, do not commit your money to the projects.
Beware of fake websites
It is easy to fall prey to a phishing attack if you are not careful. Crypto scammers use fake websites that will look like legitimate ones. However, their sole purpose is to steal your credentials and, later, your funds. So, be sure to examine the website address and only then log in to your account. Even if you log in to the website from the company’s legitimate Telegram channel or email, check the web address. There are ample examples of scammers impersonating actual companies on the above-mentioned channels. Do not forget that it also applies to mobile applications. Those can also be fake.
Be aware of fake admins
Be aware that group admins from legitimate companies will not send you direct messages asking you for private information or asking you to transfer your funds. So, if you get a direct message from what you consider a real admin, be sure to check if they are who they claim to be. And do not follow up on their recommendations if the suggested actions seem suspicious to you.
Beware of get-rich-quick crypto schemes
- Do not believe the companies that try to convince you to participate in get-rich-quick schemes and earn a lot of money fast or become financially independent in no time.
- Beware of the scamming schemes that ask you to transfer cryptocurrency to get others involved in some network marketing program. The promises are that the more crypto you give to them, the more you will get in return. Unfortunately, these are just empty promises with unreliable guarantees.
- Beware of the offers from allegedly authoritative investment gurus. They promise to increase your cryptocurrency manifold if you invest with them. However, in most cases, when you transfer the money to their suggested investment account, you will discover that you cannot withdraw your own money unless you pay the scammers.
- There are various schemes where scammers supposedly offer you a job, involving recruiting other people, trading cryptocurrency, or helping them convert services from fiat to crypto and vice versa. Some scammers send unsolicited job offers to help recruit cryptocurrency investors, sell cryptocurrency, mine cryptocurrency, or help with converting cash to bitcoin. Simply stay away from all of these.
- Some crypto fraudsters can put up ostensible jobs on legitimate job websites. People are promised great jobs, but they need to pay a fee first. The result is no job, money lost, and personal data stolen.
A rule of thumb for these offers is that if it sounds too good to be true, it probably is. So, better safe than sorry.
Final thoughts
Thank you for reading the article and participating in our effort to decrease fraud, scams, thefts and other financial crimes in the crypto space. Stay tuned for more updates on crypto security and be safe.
We have posted additional tips and helpful articles on our social media platforms like Facebook, Twitter, and Telegram. We invite you to connect there.
Read more on crypto security tips and best practices from our previous blog posts:
- Security of Clients’ Funds at CEX.IO
- Fraud protection
- 7 most common crypto scams: what they are and how to avoid them
- How to Identify a Scam and Not Fall Victim
- 8 non-trivial crypto security tips