Phishing targets your money, your security, and your property. But is your property safer if it’s digitalized, ascribed to you through a decentralized network? Blockchain aims to move your cash out of the banks and into an impenetrable online ledger. Now, it’s even considered a safe haven for your artwork—your paintings, music, and books. Safe, that is, until you provide someone with a key by clicking on a phishing link.
A Fungible Token, like Bitcoin (‘fungible’=exchangeable, meaning that one bitcoin can be exchanged for another—all of them are equal and identical, just like dollars and cents, grams of gold, gallons of oil, etc.), records the fact that you have been issued value worth whatever Bitcoin is worth at this specific moment. You can then spend it, and that transaction will be recorded in the blockchain—a ledger that is maintained in a decentralized ledger (i.e. one that is maintained by several unconnected computers). A Non-Fungible Token records your ownership of an asset that is unique, like a song you wrote or a drawing you created on MS Paint or iOS Paintbrush. And the market in NFTs is growing livelier by the minute. Like Bitcoin to banks, it bypasses the traditional network of galleries and music publishers.
NFT transactions pulled in about $22 billion in 2021, up from just $100 million over a one-year period! Paris Hilton, Snoop Dog, Reese Witherspoon, Jimmy Fallon, Timbaland, and Heidi Klum have all bought NFTs. And because NFTs are considered an art world disrupter, they are also gaining the attention of scammers. The stories keep pouring in and the scams seem to hit a different sector each day. Just the stories below speak of a 10% scammer intake!
OpenSea Phishing Scam
Three hours. That’s all it took for hackers to steal NFTs worth millions from OpenSea users.
In the evening hours of February 19, OpenSeas users were contacted by phishing scammers asking them to sign an updated version of their smart contracts. The victims were aware that OpenSea was asking them to migrate listings, so the request seemed normal. Here, the story gets clouded. Some of the victims claim they weren’t phished, that it was OpenSea that had been hacked into. This idea was shot down by OpenSeas and seemed improbable, as the contracts had valid signatures.
Internet sleuths surmise that a phishing email, identical to one that OpenSeas had sent out days before notifying users of updates to their contracting system, had been copied. The reply URL had been changed and the emails were sent out. What we do know for sure is that, within hours, 254 tokens at a value of $1.7 million had been stolen. In a strange twist, the hacker returned some assets and sent 50 Ethers to one victim.
Axie Infinity—the Largest NFT Hack to Date
The OpenSea phishing attack was big news, but since then things have only gotten worse. Axie Infinity is a major success story in the NFT gaming world, with $4 billion in sales and over 1.8 million daily active users. The game, based on cute fuzzy critters people collect called Axies, simply became so popular that the developers couldn’t handle all the transactional requests made by players. They used the gaming-focused Ronin Network blockchain to handle transactions. A hacker was able to use a weakness in this system to gain access and steal roughly $625 million in cryptocurrency in March.
Transactions were frozen when Sky Mavis, the operator of Axie Infinity, discovered the breach a week later. After working with law enforcement, Sky Mavis said it could recover “some” of the funds and that this would take years. The FBI released a statement that a North Korean, state-sponsored hacker group was responsible for the theft. The punishment for the largest breach to date in the cryptocurrency sector in terms of dollars was the Treasury Department sanctioning the cryptocurrency address of the hackers.
Twitter, Beeple, and Louis Vuitton
In another newsworthy item, Beeple, the digital artist and NFT creator, had his Twitter account hacked in May 2022 as part of a phishing scam. Tweets were sent from his account publicizing a raffle for a Louis Vuitton NFT. The Tweets seemed legitimate because Beeple had already collaborated with the fashion house, creating 30 NFTs for a mobile game called Louis The Game. Victims clicked on a link in the Tweets, which drained their crypto wallets. $438K was stolen from fans via links in Beeple’s Twitter account before Beeple regained control.
Beeple is famous in the NFT world, having sold three of the top ten most expensive NFTs to date. His fame makes him a target for hackers. Last year a similar scam was run on the Discord platform before a Beeple sale at Christie’s.
We’ve come to trust banks to safeguard our equity (even though they have again and again misplaced that trust) and hope that in the near future, Blockchain will be able to replicate and even usurp that trust. When we buy a painting, we try (if we can afford it) to either buy directly from the artist or at least through a reputable gallery, which will guarantee the provenance of the work. And musicians still entrust their copyrights to the established recording-slash-performance network of producers and other agents of the industry. Failing all else, we hope that the infrastructure serves us well courtside.
At present, due to the lack of binding international legislation, and due to the piracy, which attacks any new industry until it becomes regulated, the digital infrastructure of the blockchain is far from perfect—not because of its technological merits but because it has not yet proven itself to be unassailable.
Until it is, caution is in our hands, and just like in any other form of cyberattack, the onus of security is upon the holder. He or she must think twice (at least) before clicking on a link or entrusting his or her valuables to a scam site owner. And because nobody is entirely immune to lies, we need all the help we can get.
Head over to the App store now and see what novoShield can do for you.