NFTs & Cybercrime

The world today is undeniably digital, owing to the growing number of technologies that have made the internet larger than life.

This rapid shift has increased accessibility, however, it has also increased cyber risk.

The growth in blockchain, cryptocurrency, non-fungible tokens, and the metaverse has fueled security concerns that need to be addressed.

In this blog post, we’ll talk about how NFTs can lead to cyber risk and how these risks can be mitigated.

Let’s get started!

What are NFTs and How Do They Work?

Non-fungible tokens (NFTs) are real-world objects consisting of photos, videos, or documents present in a blockchain.

They are unique and irreplaceable. NFTs can be traded, and guarantee the authenticity of the file they’re associated with.

These tokens are minted from digital objects and typically exist on the Ethereum blockchain.

Businesses have started using NFTs to sell physical goods by associating a tangible item with its token.

Here are two use-cases that sum up this concept:

1. In 2019, Nike successfully got the patent for their blockchain-based sneakers, ‘CryptoKicks’. As a result, every time you purchase a pair of shoes, you can get a non-fungible token (NFT) in return. The interest shown by athletes and artists has helped Nike raise funding of over US$ 3.1 million^[i].

2. Another popular NFT in recent times is NBA Top Shot. It is a partnership between Dapper Labs (creators of the blockchain game, CryptoKitties) and the National Basketball Association (NBA).

Dapper Labs digitizes video reels featuring a player’s basketball dunk. These reels are licensed by the NBA, which are then sold to customers.

Thr NFT has generated $230 million^[ii]. Dapper Labs also received $305 million^[iii] in funding from a group that includes Michael Jordan and Kevin Durant.

NFTs, therefore, are physical items traded in digital files.

Their unique data can verify that ownership rights have been allotted to a single entity, making it easy to transfer tokens between owners.

What Are the Challenges and Risks Associated With NFTs?

Smart Contract Risks

Smart contracts and maintenance are major challenges prevailing in NFT design. A minute flaw in these contracts can compromise security.

There have been instances when hackers plotted attacks on the Decentralized Finance (DeFi) network and stole cryptocurrency.

PolyNetwork, a global cross-chain protocol used for swapping tokens on various blockchain networks, recently came under attack.

Their smart contract security wasn’t adequate and they lost $600 million^[iv] to hackers.

Another NFT project, CryptoPunks, also had to face the implications of vulnerabilities in smart contracts.

In 2017, they were attacked by a bug that blocked the transfer of Ethereum (ETH) into seller’s wallets.

Hackers could buy CryptoPunks and retrieve money from the contract. CryptoPunks had to re-launch later with an updated smart contract.

Price Evaluation and Legal Challenges

Price determination in the NFT market is challenging and uncertain. It usually depends on the uniqueness, creativity, and scarcity of buyers and owners.

There are no fixed standards to determine the price of a particular NFT. Therefore, there is constant fluctuation, making evaluation difficult.

In addition to this, there are legal challenges since there is no international body to legalize NFTs.

While the UK, Japan, and EU are looking for ways to classify them, market growth demands rules and regulations.

Marketplace Security Risks

People interacting with digital assets use centralized platforms such as Nifty Gateway and OpenSea.

Although NFTs thrive on these platforms, vulnerabilities and security concerns arise due to their usage.

Nifty Gateway and OpenSea store the private keys of all assets available on their platform. If the security of these platforms gets compromised, hackers can steal NFTs.

In 2021, attackers were able to exploit this vulnerability. As a result, several accounts were compromised on Nifty Gateway.

The attackers accessed and exchanged NFTs and sold them for profit. While the stolen money was returned, the NFTs were unrecovered.

Therefore, even when marketplaces enforce strong measures, they may not be adequate to address security issues on centralized platforms.

Weak passwords, the absence of two-factor authentication, and email scams can still enable attackers to access and exploit digital assets.

Key Takeaway

Non-fungible tokens are an emerging digital asset that need to be used in a secure manner.

Here are simple rules to help you protect them:

a. Store NFTs on a hardware Bitcoin wallet
b. Stay cautious of phishing sites
c. Cross-check when dealing with NFTs
d. Recognize unsolicited emails and messages

Stay ahead of smart contract vulnerabilities and suspicious activities on NFTs to improve your bottom line.

Learn More About the Vulnerabilities Associated With NFTs. Contact Us!

References

^[i] Nike’s CryptoKicks
^[ii] & ^[iii] CryptoKitties
^[iv] PolyNetwork