New and useful content will be added to our network, and may even end up on the Learn Crypto feed.
Twitter internal research in the final quarter of 2022 – shortly before Elon Musk took over the reins – saw an increase of crypto interest from its users. All this despite the seemingly waning fascination with crypto relative to a year ago when markets were experiencing all-time highs.
Much of that can be attributed to the non-fungible token (NFT) space, whose communities of creators, collectors and investors are active Crypto Twitter users.
However, with the sheer amount of money flowing through NFT markets and new revenue streams being created for all types of creators and investors, digital criminals have also been working hard to take advantage of what is, as yet, an immature technology not fully understood by its participants.
In this article, we look at:
NFTs are simply digital representations of indivisible and unique things, both physical and digital. NFT stands for Non-Fungible Token, meaning that it cannot be interchanged or replaced because of its unique characteristics. It is a signature demonstrating ownership of, for example, an artwork or song, pointing to where the item exists such as on the Internet.
Non-fungible tokens are different from cryptocurrencies such as Bitcoin because digital currencies are fungible. There is no unique crypto coin because their nature implies that they are mutually interchangeable and equal. You can’t have a unique crypto coin. On the other hand, non-fungible tokens are unique digital assets that represent digital collectibles such as digital art, music and games with an authentic certificate created by blockchain technology. Hence, NFTs are one of a kind digital assets with unique identifying codes that create digital scarcity.
There are various use cases of NFTs such as digital art, gaming, domain names, trading cards, financial products, event tickets, content and many others. If you are a frequent Learn Crypto reader, you may remember that we talked about the importance of non-fungible tokens in the music industry.
Some NFTs have ended up to be very expensive because they have managed to introduce the concept of scarcity into digital collectibles. Remember, an NFT isn't just an expensive method of buying an image (that’s one way to look at it) but a new way to own it. When you’re buying an artwork, you’re not just buying the NFT art, you’re also buying what you might say is a certificate that not only proves the art’s authenticity, even signed by the artist, but also that proves you are the owner. This proof is public because anyone can look it up on the public blockchain.
Famed painters already command eye-watering prices for art that is not only the only paintings of its kind in existence, but also because of the brilliant minds behind it. And this idea of scarcity translates well into famous NFT art, such as the Bored Apes Yacht Club, which is a series of NFT apes, each existing as one-of-a-kind ape that will never be reproduced in the same form again.
Currently, the “floor price” for a Bored Ape is just over 66 ETH (some $80,000). That makes NFT art such an attractive target for theft, doesn’t it? NFT theft is a lot safer than physical theft too – no more skulking around security and running off with a painting.
With the value of NFTs established, there has been an increase in the number of scams that give perpetrators access to users’ accounts and crypto assets. For example, in May 2022 the actor Seth Green was scammed out of four NFTs worth over approximately $300,000 after connecting his crypto wallet to a scam website pretending to be a valid NFT-related project.
NFTs are being stolen on a daily basis through a variety of scams. Similar to anything else on the internet, they are hackable, but there are many ways to prevent your assets from getting stolen.
The online community should be aware of the dark side of NFTs and constantly look for red flags. Currently, the most common ways to steal NFTs are exploits, plagiarism, deception or user-error.
Exploits commonly relates to NFT platforms, namely weak points of the platform itself and contracts that perpetrators use to their advantage to commit NFT theft. Even though credible NFT marketplaces do their best to keep a high level of security to safeguard users and their digital assets, there have been some exploit examples. Specifically, cyber criminals managed to modify the platform’s contract to create an order resulting in digital assets being sold for a very small amount or money or even given away for free. Marketplaces such as OpenSea and Treasure experienced such exploits. Hence, the online community should keep in mind that nobody is totally immune to cyber crime.
Plagiarism is another issue connected to these kinds of digital assets. Many creators have seen their works plagiarized, minted as NFTs, and sold. Present-day copies exist all over NFT marketplaces and in most cases, it is very difficult to distinguish original artwork from plagiarised ones. Another problem arises when a trusting purchaser unknowingly obtains an NFT that is actually a copy of a copyrighted artwork since it opens the door to being liable for damages to the actual owner.
While computer security has been centered around finding new ways to defend users from cyber criminals, it can only do so much. For example, a security hacker is someone who examines methods for breaching defenses and exploiting weaknesses in a computer system in order to suppress possible cyber attacks. However, hackers have always been associated with the term social engineering that is often described as a manipulation technique of exploiting human error to obtain access, private information or valuable digital items.
In the light of cyber crime, social engineering specifically relates to scams that lure trusting and unsuspecting users into giving access, exposing data and valuables and spreading malware. When it comes to NFTs, customers have frequently been tricked into providing access to their crypto wallet or transferring their digital assets because they have been approached by a scammer with a deal too good to be true or a fake profile impersonating a particular influencer or company.
One of the most popular types of scam regarding NFT theft is phishing. Phishing can be defined as a type of social engineering where the perpetrator sends a fake and fraudulent message designed to lure a person into giving them something they want. Phishing attacks have become very sophisticated and a very popular way to conduct NFT theft. Most common NFT theft strategies are linked to phishing such as:
Users are usually familiar with phishing attacks via e-mail. Such criminal activity refers to creating an email designed to look like it's coming from someone trusted such as a bank or familiar service provider to an unsuspecting user. The e-mail commonly encompasses an urgent request to click a link, reset a password or go through with payment. For example, the trusting person clicks the link and opens a site that transparently mirrors a familiar site to lure that person into giving away his or her username or password.
In the context of NFT theft, NFT phishing activities have ranged from classic password update examples to exclusive offers of free tokens also known as airdrops. The fake site the user gets rerouted to looks identical to the real marketplace, frequently including the typosquatting technique or in other words, the technique of making the URL close to the marketplace’s URL. Even if the user opens the email and clicks on the link, keeping an eye on subtle typos is still very useful.
NFT thieves have moved from classic phishing to manners of communication used more extensively in the NFT space such as social media. For example, hackers targeted Discord bots to rob NFT users. Specifically, perpetrators managed to take control of the Discord channel bots and used them to trick customers into clicking links that promised them minting of NFTs that never existed. By spreading malicious links from a credible channel, they managed to target a broad number of NFT holders.
Similar, yet less spectacular thefts, have been conducted on Twitter where cyber criminals managed to pose as support staff for wallet software. Instagram is another popular medium scammers have been using for their criminal activities. Since many NFT artists use Instagram frequently to promote new artwork and connect with fans, scammers managed to create impersonator accounts and swindle fans via such phishing scams, such as informing the user he or she won a giveaway.
One of the most sophisticated manners to commit NFT thefts relates to the novel activity of ice phishing. Instead of sending e-mails or luring trusting users in other ways to give away their usernames and passwords, hackers are now using smart contracts to trick the online community. From a technical point of view, ice phishing is interesting since it doesn’t include stealing someone’s private key yet it is about tricking a user into signing a transaction that delegates approval of the user’s NFT to the cyber criminal.
Specifically, a perpetrator sets up a smart contract interface and makes it look like it came from a familiar and credible marketplace. This could refer to an automated liquidity protocol such as the one running on SushiSwap and Uniswap. The users sign these smart contracts and allow marketplaces to execute trades. Red flags can be found in smart contracts’ altered addresses, yet such a notion requires a high degree of caution on the side of the user since ice phishing is known as a very sophisticated method that the online community is not yet entirely aware of.
The hacker simply needs to modify the user’s address to the hacker’s address and this turns out to be quite effective since the user interface usually doesn’t show all information that can indicate a tampered transaction. The criminal usually has the opportunity to accumulate approvals over a longer period of time and drain the crypto wallet quickly, such as in the 2021 Badger DAO attack.
There are many ways to protect your NFTs from theft. Here are six practical steps you can take to prevent NFT theft.
Storing NFTs in a hardware non-custodial wallet provides you with private keys that offer a stronger layer of protection. A hardware wallet is a physical device that connects to a computer by USB. Since such wallets are offline by default, your digital assets are safe from online scams, especially phishing attacks. Just don’t give away your seed phrase to anyone, and everything should be alright. Most popular brands in this area are Ledger and Trezor that require you to come up with seed phrases that can be up to 24 words long.
The logic behind cold storage hardware wallets is simple. When crypto is online, it is vulnerable. On the other hand, if digital assets are offline, the only way someone can steal your NFTs is by physically holding it. If you would like to know more about hard wallets and cold storage. have a look at this Learn Crypto article.
Even though popular established marketplaces such as OpenSea have demonstrated that they are not immune to cyber crime, such platforms are still the safest options in the crypto digital environment. Namely, such marketplaces include strict vetting processes for sellers on the platform and provide buyer protection in cases of fraudulent occurrences. The NFT market generally is still in its infancy, but it is filled with criminals that try to deceive users and steal your NFTs.
If your NFTs are stored online, you should learn as much as possible about phishing. Phishing has been a successful and sophisticated type of scam since hackers prey on naivety and trust. Even experienced users have been victims of phishing because of taking one wrong step.
If the deal offered via email or social media seems too good to be true, it probably isn’t true. You can avoid scams by keeping in mind that attractive offers have to be double checked, along with the identity verification of the buyer or seller in question. Additionally, keep your wits about you when offered to take part in airdrops since sometimes they are simply rug pull scams.
Further, it is useful to verify the URL of the NFT marketplace before trying to log in. Perform the needed due diligence to ensure that the website is legit. The same goes for notorious wallet recovery sites that served many times as a common way to commit NFT thefts. People that lose their login credentials are likely to panic and act quickly in order to recover their crypto wallets, and that is exactly the situation that attracts hackers. Panic leads to users’ missteps. Hence, always do your due diligence and check that the provider in question is indeed your wallet provider.
This simple step is to protect NFT art creators. Watermark your digital assets with a logo, website address or your name. You can watermark a part of the art piece itself. If someone manages to steal your NFT, your chances of tracking it down with an added watermark are bigger.
Furthermore, the technology of attaching invisible watermarking exists as well so if someone tried to resell the artwork, a plain watermark detection procedure could prevent it and add up to the general deterrence of NFT theft and scams.
While using the services of established marketplaces is a wise idea due to fraud protection mechanisms, internet security measures and hands-on customer support, it is always better to personally take some extra steps. Every NFT holder should be responsible enough to ensure a maximum level of security. Creating robust passwords and choosing two-factor authentication for all linked accounts can broadly amount to one’s personal level of internet security.
If someone does end up stealig your work, you might have more luck in tracking it down and/or taking legal action against the wrongdoer if you chase it down from a copyright angle. Even though there is no clear consensus in the debate whether NFT artwork is automatically copyrighted or not, there are some good news from the legal sphere.
For example, copyright regulations in North America ensure that anything one creates is protected from the moment of creation. Hence, there is no need to additionally register artwork in the United States or Canada. European countries have taken a step further and introduced the Digital Single Market Copyright Directive to provide novel protected licenses, also known as ‘NFT Copyright’ for artists, authors and publishers.
NFTs present broad upside potential for all sorts of digital creators and innovators. However, when there is a new market filled with high-revenue streams and investments, such a new digital space presents a fertile ground for criminals as well. NFTs on their own are not riskier or more prone to scams. The truth is that crime has been keeping up with innovative technologies, and all types of scammers are trying to take advantage of weak points within NFT markets and customers.
If anything, NFTs are even becoming safer to own thanks to the tamper-free trait of blockchain technology. On the other hand, ignorance marks you as a potential victim of digital scams, even if you’re an experienced user dealing with reputable NFT marketplaces like OpenSea. Taking appropriate measures to ensure NFT protection and always being on the lookout for possible scams can help you secure your digital artwork from NFT theft.
Next step: What is an NFT Marketplace?Go to next step
New and useful content will be added to our network, and may even end up on the Learn Crypto feed.
Well done! You help us make the awesome product. You help us make the awesome product
The application request form has been successfully sent. Our team will review your application as soon as possible and contact you.
Meanwhile you can join our Discord server .