Home » Top NFT-Related Cybersecurity, Phishing, Hacking and Other Risks in 2022

Top NFT-Related Cybersecurity, Phishing, Hacking and Other Risks in 2022

by admin

The continued growth of the market for non-fungible tokens (NFTs) in 2022 has helped shape the zeitgeist of what has been verbally referred to as the “Fourth Industrial Revolution.”[1] Defined primarily by network effects (e.g. virality). rapid innovation; social, creative and civic engagement; Also, an evolved perspective on how rights and obligations between and between the parties to automated contracts are defined and enforced.

Commonly used to identify fungible digital media files and attach identifiable rights to them, NFTs, along with other crypto assets and blockchain technology, can be used anonymously or without the involvement of third-party intermediaries. Configure the necessary infrastructure to facilitate transactions between pseudonymous counterparties. as a bank. As a result, the non-fungible (unique) nature of NFTs is an extension of the notion of ownership of digital assets by demonstrating that digital assets not only exist, but have intrinsic value similar to real estate. brought about a revolution.

Consumers will spend up to $44 billion on NFTs in 2021[2] And in 2022, we plan to spend at least as much, if not twice as much.[3] However, as the demand for NFTs continues to grow, unsuspecting consumers are at risk of being exposed to a variety of new security risks associated with the burgeoning digital asset technology and ecosystem.For example, between 2021 and 2022, such risks are manifested in his theft of over $100 million in NFTs through fraud, and in July 2022 alone, he had 4,600 of his NFTs stolen. was[4] – Shows that security and other risks associated with NFTs are still prevalent, even in the wake of the recent digital asset market downturn. This alert explores more common security incident typologies and other illegal activities related to NFTs and suggests strategies to mitigate these risks.

phishing and hacking

Phishing of unsuspecting NFT enthusiasts and newcomers continues to be a popular fraud scheme deployed by online hackers and scammers. They have successfully robbed thousands of consumers by mimicking or hacking his famous NFT project digital forums, websites, and social media accounts to lure unsuspecting victims. increase. Purchasing counterfeit NFTs.[5] In one instance, hackers compromised the official social media pages of the hugely popular NFT collection and shared links to fake airdrops. Followers who clicked on the fraudulent link were lured into connecting to and granting access to the digital wallet, unknowingly allowing the hackers to siphon all the funds in it.[6] By using fake websites and usernames on popular social messaging platforms to fraudulently communicate with unsuspecting enthusiasts and trick them into buying counterfeit NFTs, scammers are very Targeted the highly anticipated launch of another NFT.[7] Confused buyers by making them believe they are communicating with a brand is a dangerously simple and effective way to deceive victims. Such transactions, once executed, cannot be undone. Buyers of NFTs should be vigilant and take precautions, such as double-checking marketplace URLs and other branded social media channels for relevant updates before confirming a purchase. there is. Similarly, brands and digital asset markets can publish notices and disclosures that warn consumers of such risks and prepare them on how to respond.

insider trading

NFT marketplaces are also vulnerable to insider trading, where employees use insider information to buy proprietary NFTs before they are released to the public and sell them for profit when the price spikes.[8] The U.S. Department of Justice (DOJ) recently indicted former NFT Marketplace employees and their associates for wire fraud and money laundering “in connection with their plans to engage in insider trading.”[9] DOJ will allow former employees to use confidential information about certain NFTs selected for promotion by the NFT Marketplace to pre-purchase them and benefit from the corresponding increase in value of the NFTs after the promotion. claimed.[10]

To prevent insider trading, the NFT Marketplace implements formal policies that clarify prohibited conduct, provides employee training, monitors purchases and sales, requires regular reporting, and enforces employee You can set blackout periods for employee transactions, provide anonymous reporting hotlines, and create firewalls.[11] Such policies should be developed in advance to educate employees about the legal risks associated with insider trading activities and to prevent insider trading from occurring.

Money laundering and fundraising illegal activities

“The NFT market is a prime target for financial crimes such as money laundering, terrorist financing and fraud.”[12] According to blockchain analytics firm Elliptic, it was recently reported that more than $8 million in illicit funds have been laundered through NFT marketplaces since 2017.[13] One method of laundering, “self-laundering,” is particularly common, where an individual purchases an NFT with illegal funds and then confiscates it to themselves or others via a large number of unique public keys. It generates repeated transactions in between and obfuscates the transaction flow to “clean” the funds. Therefore, by the end of the cycle, it becomes more associated with criminal activity.

NFTs can also be associated with illicit fundraising activities due to the inherent properties of NFTs that can be used to facilitate crime. Such features include the varying levels of anonymity available to blockchain traders and the ability to instantly settle transactions around the world.[14] For example, blockchain analysts and intelligence officials have noticed that the Islamic State of Iraq and Syria (ISIS) is using NFTs for recruitment and funding.[15] ISIS-themed NFTs were displayed on at least one NFT trading website.[16] This recent finding shows the viability of using NFTs to fund illegal activities. This is not only because of NFTs’ ability to raise funds, but also because, unlike other online recruiting and messaging tools, NFTs are nearly impossible to remove or censor.[17]

Exchanges and NFT Marketplaces will prevent money laundering, including by implementing appropriate customer verification and anti-money laundering procedures, monitoring transactions between users and internet protocol activity, and banning and removing content related to illegal activity. can take steps to However, because NFTs are recorded on an immutable blockchain, it is difficult (if not impossible) to completely eliminate them.[18]

market manipulation

Bad actors have found ways to manipulate the NFT market, similar to self-laundering. This includes artificially increasing the value of certain his NFTs through “wash trading” (the practice of creating large volumes of trades to manipulate market prices in their favor). Wash trading creates the illusion that NFTs are in high demand, but in reality the transactions all originate from his one individual or between related individuals and use different wallets to make such It obscures the fact that the transactions are related. This type of fabricated claim can trick unsuspecting buyers into believing that the NFT is worth more than it actually is, which can be very lucrative for those who engage in such illegal activities. there is. For example, one report found that dozens of traders made about $8.9 million in total profits from wash trading.[19]

Such practices can be difficult to verify, but consumers should be aware before purchasing NFTs. NFT buyers should pay close attention to social media activity and engage in other diligent activities to determine if a particular her NFT is truly appreciated. Marketplaces and brands should take steps to protect consumers by utilizing blockchain analytics tools to monitor NFT transaction activity to identify and block malicious attempts to engage in wash trading. You can also

platform exploit

Platform vulnerabilities and exploits can result in significant financial losses to platform users. A recent example of this is how large global NFT platforms unknowingly frequently transfer quality NFTs to other wallets they control rather than delisting sophisticated NFT holders. It happened when I promoted the sale of “inactive” NFT listings to knowledgeable buyers who noticed. Manual cancellation is required for a fee). By transferring her NFT between wallets, the NFT holder was able to remove the public listing and avoid the fees associated with cancellation.

However, this process only updated the list from “active” to “inactive”, allowing knowledgeable buyers to purchase inactive NFTs via smart contracts rather than the user interface of the exchange platform. One popular NFT platform has reportedly had to refund up to $1.8 million to users who unknowingly sold his NFTs at far below market prices due to problems with the platform’s user interface. I did.[20]

Security flaws can also be found within the backend architecture of NFT marketplaces and, if left unaddressed, can result in significant losses for marketplace users. For example, one popular NFT marketplace was recently asked to update its backend coding to fix a security flaw identified by a third-party security firm.[21] If a malicious attacker observes and exploits a backend vulnerability, they can send a malicious link to the owner of the NFT that, when clicked, will reveal the user’s wallet and the NFT or Full access to other digital assets may be granted.[22]

While these specific exploits were addressed after the fact in one case and before the exploit occurred in another case, NFT Marketplace has a product that prevents consumers from being inadvertently exposed to risk. and the need to plan and design the user interface.


Billions of dollars worth of fungible and non-fungible digital assets are traded daily.[23] As such, users and platforms must remain vigilant to protect themselves from fraud, hacking, and other illegal activity and take measures to minimize these risks. BakerHostetler’s blockchain technology and digital asset and data security incident response team is made up of dozens of experienced individuals, including former DOJ lawyers and many others, to investigate, respond to, We have extensive experience across all sectors of the chain and cryptocurrency markets. Media and technology design for cybersecurity, bank secrecy/anti-money laundering compliance, tax, privacy, trade, intellectual property, and federal law, congressional oversight, investigation, and public policy. If you have any questions about this alert, feel free to contact our experienced professionals.

Related Posts

Leave a Comment