As the NFT community continues to grow, so too does the number of bad-faith actors hoping for a piece of this multi-million-dollar pie.
If you’re looking to get started building an NFT collection of your own, the first thing you’ll need to be wary of is rug pulls and scams within the community. Still, theft can happen – even to the most diligent users. Let’s take a look at some of the costliest losses and thefts that have occurred in the NFT space.
Goodbye to an Ape
Chelsea art gallery owner Todd Kramer had an unpleasant start to the new year, to say the least. Right at the start of 2022, Kramer discovered that several NFTs from his personal collection on OpenSea, the world’s largest NFT marketplace, had been stolen.
Most of the NFTs were Bored Apes and Mutant Apes, some of the most valuable NFTs currently on the market. This meant that Kramer potentially faced up to $2.2 million in losses from the theft.
Kramer quickly called for intervention on OpenSea’s part, who promptly froze all transactions on the platform until Kramer could reclaim his lost apes. This drew the ire of many users in the community, who chided him for not storing such valuable pieces on a hardware wallet.
Thankfully, Kramer was eventually reunited with most of his stolen collection – hopefully, he’ll keep them in a safer place this time around.
More trouble on OpenSea
Sadly, OpenSea witnessed another high-profile heist barely a month after Kramer’s apes were stolen. In February, users on the platform uncovered the trail of a million-dollar heist. The hacker responsible used one of the oldest tricks in the book to pull this off: a phishing attack.
This happened just a day after OpenSea upgraded its smart contract infrastructure to protect users from a bug that enabled attackers to purchase NFTs at far below their market values.
With this successful attack, the hacker was able to lure at least 32 users into transferring some of their high-value NFTs into the hacker’s OpenSea account. Among the stolen NFTs were four Azukis, two Coolmans, two Doodles, two KaijuKings, and one Mutant Ape Yacht Club. They then quickly sold off these NFTs, running off with over $1.7 million in profits.
Nifty Gateway compromised
March saw yet another costly NFT theft take place – but this time it was on a different platform. Several Nifty Gateway users went to social media to report that their accounts had been compromised.
Hackers used these stolen accounts to sell, purchase, and ultimately steal hundreds of thousands of dollars worth of NFTs. The worst part? Users whose accounts had been broken into were left holding the bag, as these fraudulent transactions were charged to the affected users’ credit cards. This is thanks to one of Nifty Gateway’s USPs as a platform: users are free to charge purchases to their credit cards, along with their crypto wallets.
Although Nifty Gateway formally acknowledged the attack, they placed the blame on the users themselves instead of any potential vulnerabilities on the platform. In a statement to Motherboard, a Nifty Gateway spokesperson reported that “none of the impacted users had 2FA (two-factor authentication) enabled.” This implies that hackers used simple phishing tools in order to commandeer these accounts, and were able to gain access just by figuring out the affected users’ passwords.
Preventing theft
It’s not always possible to avoid NFT theft, but there are steps holders can take toward keeping themselves safe. First, only click links on websites you know and trust. Even if a link looks like it may have come from someone you know, don’t assume. Always verify before proceeding.
Next, be sure to enable multi-factor authentication on all your accounts and hardware. This only takes a few minutes and is key. It’s also important to create a strong password and never reuse it. If one account is compromised, you don’t want all your accounts to be compromised. Finally, keep your Secret Recovery Phrase (also known as a seed phrase or mnemonic) safe. Never give it to anyone.
Stay safe out there.
