MARKET CAP : $5,607,185,562,796.5
NFT Volume(7D) : $66,947,433.8
ETHGas : 9.070124326Gwei
( #IDO #GAMEFI #BLOCKCHAIN GAMES #NFT COLLECTION )
Launchpad
Games
NFT
Feeds
Mission
Forums
search
en
search
Share

11 Cybersecurity Risks for NFT Buyers

Zac Amos

 

 

 

 

While securing a non-fungible token (NFT) might sound like a good idea, doing so comes with cybersecurity risks for buyers. Anyone getting into this alternative investment type should understand the cyberthreats they’re up against.

 

 

 

1. Reentrancy Attack

 

A reentrancy attack exploits a vulnerability to force smart contracts into infinite loops. Since these self-executing agreements execute imperatively — meaning each line of code must finish executing before moving on to the next one — they effectively unquestioningly hand over control when making external calls.

 

 

If the called contract is malicious, it can make recursive callbacks. Since the caller must pause its code execution until its call returns, it’s forced to execute the original line of code repeatedly without updating its balance. Bad actors can exploit this function to steal NFTs within moments, potentially allowing their attack to go unnoticed initially.

 

 

2. Technical Support Scam

 

Since NFTs are unregulated and decentralized, owners must rely on others in the community for help. Many who experience technical issues they can’t figure out go to Discord, Reddit, or Telegram for assistance. Unfortunately, some individuals on those platforms are there for the wrong reasons. They take advantage of people’s trust and lack of knowledge to steal their assets.

 

 

3. Marketplace Hack

 

Centralized platforms can be hacked like any other third-party marketplace, making them significant cybersecurity risks for NFT buyers. Although up to 95% of today’s NFTs are worthless, the ones that have retained their value are worth a lot — meaning those looking to buy one will inevitably become targets for bad actors.

 

 

Marketplace hacks have happened before and will likely happen again. For instance, a hacker stole thousands of dollars in NFTs from Nifty Gateway in 2021. Even popular sites like OpenSea have admitted to experiencing security breaches. People interested in owning NFTs must understand the risks of operating on such platforms.

 

 

4. Denial of Service

 

A denial of service attack is among the most significant cybersecurity risks for NFT buyers. It involves an attacker using recursive callbacks to block smart contracts from returning to the state they were in before the transaction began to execute. This results in unlimited resource usage and permanently blocks the function.

 

 

5. Rug-Pull Scam

 

In a rug-pull scam, a bad actor convinces others they’ll get a great return on investment if they buy into a certain stock, cryptocurrency, or NFT project. Once they get enough people to fund their idea, they disappear. This type of con has happened multiple times in this community because it’s unregulated.

 

 

In 2022, Ethan Nguyen and Andre Llacuna created Frosties, an ice-cream-themed NFT collection. Reportedly, they made roughly $1.1 million after their 8,888 items sold within one hour of their public launch. Shortly afterward, they transferred their funds into various digital wallets and disappeared.

 

 

Although the two men were later arrested for fraud and money laundering, the people who had bought into Frosties were still out their hard-earned money — and their NFTs were virtually worthless. Rug-pull scams are common, even if most aren’t as lucrative. If an investment sounds too good to be true, it probably is.

 

 

6. Oracle Manipulation

 

When smart contracts access or receive data from an outside source via an oracle — a third-party service that connects the blockchain to external systems — they become vulnerable to hacks. An attacker can forcibly trigger transactions to steal an NFT before the owner realizes something is wrong.

 

 

7. Counterfeit NFTs

 

Scammers can easily plagiarize or steal artwork. Their item’s URL and wallet address won’t align with the original, but it may still be convincing enough. People who think they’ll never fall for such a thing are mistaken — even the most widely used platforms are full of fakes. In 2022, OpenSea announced over 80% of the NFTs created with its free toolset were counterfeits.

 

 

8. Phishing Attack

 

In a two-part phishing attack, an attacker takes over a social media account by tricking a well-known figure in the industry to click on a malicious link or attachment. When they gain control, they post about a limited-time deal or a live drop alongside a second malicious link. A large percentage of followers will likely believe it’s legitimate.

 

 

As soon as they click on the link, the attacker can view their credit card information as they type it in, take over their social media account, or empty every NFT from their digital wallet. In the worst-case scenario, all three possibilities occur — meaning no one can comment on the post warning others that it’s a phishing attack.

 

 

9. Fraudulent Marketplace

 

Fraudulent marketplaces are either fake and made to look real or are convincing copies of legitimate platforms. Since there are zero regulations for NFT buyers or sellers, anyone with enough technical knowledge can set one up. They’re usually designed to inject malware into unsuspecting devices or trick visitors into giving up their credentials.

 

 

10. Pump-and-Dump Scam

 

A pump-and-dump scam is one of the biggest cybersecurity risks for NFT buyers. It involves a bad actor artificially inflating their collection’s value. They make it look like a great investment, prompting real people to buy into it. From there, the value increases exponentially — but only temporarily. Once it peaks, they suddenly sell everything, rendering the rest valueless.

 

 

11. Digital Wallet Vulnerabilities

 

Since NFT digital wallets are supposed to store assets, any vulnerabilities can put an owner’s entire collection at risk. Unfortunately, they’re not as secure as many people think. For instance, web-based versions connected to the internet are vulnerable to man-in-the-middle attacks. Those on mobile devices can also be hacked.

 

 

Whether a digital wallet stores tokens or holds a private key that gives the owner access to their items on the blockchain, it serves as their last line of defense. Unless they keep their app updated, stay off public Wi-Fi, and keep their device in their possession, hackers can exploit vulnerabilities and steal their collection.

 

 

NFT Buyers Must Remain Vigilant for Cyberthreats

 

There are tons of cybersecurity risks for NFT buyers — especially those who are new to the community and don’t know the common cyberthreats. They must remain vigilant and wary of anything they’ve never encountered to protect their digital wallet and personal data.

Translate & Edit: P2E Game

Welcome to P2E GAME

Hearing the echoes from Metaverse.

Blockchain Games list | NFT Games lists | Crypto Games list | Play to Earn Games List
Bookmark 0
Bookmark
Not-liked 0
Like
Related articles
Nazara acquires 16% stake in web3 esports platform Stan
Indian game company Nazara has announced it’s acquired a 15.86% stake in esports and fandom community platform Stan. A quickly growing player in the Indian game industry, Stan is a mobile-first games platform dedicated to the esports and fandom community.
Not-liked 0
Sky Mavis marks Axie’s 2nd birthday with exclusive rewards campaign
In the still early days of blockchain games, only a dozen titles can celebrate their second birthday. Now it’s time for Sky Mavis to mark the occasion since the reboot of Axie Infinity.
Not-liked 0
Best performing altcoins to watch this week
Not-liked 0
Protocol Village: Flight-Tracking DePIN Protocol Wingbits Raises $3.5M
The latest in blockchain tech upgrades, funding announcements and deals. For the period of Sept. 12-18.
Not-liked 0
Bitcoin Jumps Over $58K Amid Tech Stock Rally, SUI Outperforms
SUI outperformed the market, rising over 16%, possibly due to Grayscale's new Sui Trust announcement.
Not-liked 0
Trader’s acquisition of $1.5M CryptoPunk for $23K raises eyebrows
A trader acquires a rare Ape-themed CryptoPunk valued at $1.5M for just 10 ETH using a smart contract mechanism that allows a shotgun buyout.
Not-liked 0
New UK Bill Brings Legal Clarity to Crypto and NFTs as Personal Property
UK Parliament’s new bill recognizes crypto, NFTs, and carbon credits as personal property under British law.
Not-liked 0
Top NFT Projects to Invest in 2024
In 2024, the world of NFTs is evolving rapidly, with new collections offering more than just digital art. TG.
Not-liked 0
Leading Trends in the Metaverse: What's Next for the Digital World?
He reckons people will become increasingly annoyed by airdrops just as they are with SPAM in their email boxes today.
Not-liked 0
MetaverseME Set to Transform Web3 Gaming via the Hedera EVM, partnering with thirdweb and the HBAR Foundation
Not-liked 0
Reviews
Reply
Latest
No More
Discover what matters to you
  • NFT
  • GameFi
  • Industry News
  • Launchpad
  • Airdrops
  • Insight
  • Region News
  • Weekly Overview
  • Editors' Picks
  • Partnership
No corresponding news is found