Seth Green, the actor and creator of Robot Chicken, revealed earlier this month that his crypto wallet had been hacked, resulting in the loss of a large amount of highly expensive NFTs.
Hackers stealing NFTs is obviously not something unheard of. This year alone, they have stolen millions of dollars worth of NFTs.
Green, on the other hand, is an exception. His upcoming animated series has been placed on hold due to the theft of his NFT. Seth Green may no longer hold the rights to the Bored Ape NFT, according to Sarah Emerson of Buzzfeed News, which means he doesn’t have authorization to use the character in the animated series in which it was slated to appear.
Some NFTs are worth a few dollars, while others are comparable to a high-end automobile or condominium. When it comes to security, however, pricing has no bearing; all tokens must be carefully protected.
What is NFT?
“I know that I don’t know anything” – this saying of Socrates is great for NFTs, especially if you have not been into blockchain and cryptocurrencies before. Therefore, before we move on to NFT security issues, it does not hurt to learn more about the technology itself.
Contrary to common assumption, the NFT (or non-fungible token) is not a work of art by itself, but rather proof of ownership of a cryptographically signed version of one. Each token is unique.
In the actual world, for example, you can exchange a dollar for another $1 because they both have the same worth. However, you will not swap houses without first inspecting them: each property is distinctive in terms of size, interior, decoration, and location.
When you purchase an NFT, you are purchasing a token that confirms you own the digital artwork file. An image, a video, a sound, or even a GIF can be used as this file. NFTs can be purchased with Ethereum, the world’s second most valued cryptocurrency. There are other token collections, with CryptoPunks, Bored Ape Yacht Club, and World of Women being the most popular.
Since the NFT is an encrypted token, it can be stored on the blockchain, just like cryptocurrency transactions. The blockchain is very well secured. It uses distributed ledger technology to prevent attackers from forging tokens. After purchasing NFT, you receive a private key that can be stored in a digital wallet (if this wallet supports NFT). The private key is required to access the NFT, so it must be kept secret. Remember, if you lose your private key, you lose access to your NFT, and therefore the money spent on the token.
What dangers can you face when buying NFTs?
Cybercriminals are now actively exploiting the rapidly growing NFT industry, as potential victims are simply unaware of the possible dangers.
Attackers will need two pieces of information to steal your NFTs: a private key and a seed phrase. A hacker can impersonate you and make any transactions with the token after obtaining a private key. In addition, if an attacker discovers the seed phrase, he will be able to access your NFT wallet.
Hackers use phishing sites and bogus emails to gain access to the information they need. Scammers, for example, can pose as genuine marketplace customers who are having difficulty purchasing your NFT. Attackers can provide a phony link to the marketplace to remedy these “issues.” Then you’ll be prompted to log into your account. Cybercriminals will steal your information and take complete control of your account once you enter it.
Another example is when an attacker may pose as an NFT artist and play his work to unsuspecting users. This tactic is widespread on Discord, Twitter, and Instagram, so be careful if you receive a private message with a link to a prize drawing. A link from one of these messages usually takes you to a website where you must enter a private key or seed phrase to be eligible for a prize. Remember that you don’t need a private key or seed phrase to transmit NFTs; all you need is the recipient’s NFT wallet address.
To limit the risk of NFTs being stolen, simply follow standard security procedures. Connect two-factor authentication to your NFT and marketplace accounts, and use special services to check suspicious links. Also, keep an eye on the accounts of people that send you NFT giveaway messages. If an account’s owner claims to be a well-known NFT artist but only has a few subscribers, that account should not be trusted.
Ensure the security of your private keys and seed phrases. You can store NFTs in digital wallets, but many of them are connected to the Internet, putting your digital assets at risk.
Therefore, we recommend using either a cold wallet (not connected to the Internet) or a seed capsule to store sensitive data. In the end, you can just write down all the information you need on paper or store it on a hard drive, but before doing that, make sure that your piece of paper or drive is in a safe place.
Best security practices
Here are some other strategies to protect your assets:
Before clicking on any links, make sure they’ve been verified—never click on random or broken links sent from unknown sources.
Never, ever, ever share your screen.
Check the contract address, which should show where the NFT was minted, before minting anything.
It should be genuine if it has been validated on OpenSea.
If something appears to be too good to be true, it most likely is.
Never give out your recovery phrase to anyone.
Store your seed phrase offline (“cold storage”), with numerous copies in safe places, away from your phone and computer.
Always double-check that you’re minting on a trusted website.
Due to bots and scammers abusing Discord DMs, many people find it easier and safer to switch them off completely.
It’s a good idea to bookmark trusted websites like OpenSea so you don’t end up on a phony page.
You will never be sent a DM first if you need help; instead, go to official sites for help, not social media.
Ask trusted friends questions, seek answers from official teams, and don’t be reluctant to raise concerns about your safety and security.
Add an extra degree of security by using two-factor authentication.
Use strong and unusual passwords—best it’s to start a new account with a different password each time.
Use a hardware wallet like a Ledger or Trezor—these cold wallets remain offline, so only you and your private key have access to them.
Make sure you investigate the collection, the seller, the contract, the connection, and other factors before you do anything in the NFT world.