Select Page

NFTs and Security — Are We Paying Enough Attention?

NFTs and Security — Are We Paying Enough Attention?
Loading...
This article is added for educational purpose only. All credit goes to the respected author of this article. All In One Crypto App do not hold any liabilities of this article. You can get the source link at the end of the article content.

Lucrative items of value that end up trending, such as non-fungible tokens (NFTs), all too often attract cybercriminals who seek to cut corners to make ill-gotten fast cash.

However, the hype around new, emerging tech often obscures some of its safety issues. When it comes to NFTs, users have already started seeing some fallout from inadequate protection or missed vulbrabilities.

A quick refresher for the uninitiated 

NFTs are cryptographic tokens which bear a unique kind of watermark of ownership.

The NFT represents something unique and exclusive that is non-replaceable. Blockchain technology verifies the NFT.

On a larger scale, NFTs exist in many different forms and can allow artists to earn royalties in future sales continuously and can also exist as part of the work itself. This helps to eliminate the possibility of plagiarism. In turn, it allows the value of the art to endure. However, anything thought to hold value can be an NFT.

A basis in value

While pirates may still duplicate the art, the endeavor would be fruitless since it would exist without any value. While only the original digitally signed artwork retains its value. 

NFTs are essentially used to create a scarcity that is verifiable on the blockchain. The blockchain is an encrypted security ledger that is designed to prevent the possibility of fabrication, not theft or fraud.

If somebody manages to steal NFT and sells it on the NFT market, the blockchain carries out its purpose faithfully, which simply is to record the transaction in its public ledger. 

How threat actors are heisting NFTs

Imagine that you are a prolific digital artist that has created an abundance of highly anticipated newly minted digital cyberpunk posters in jpeg format, which you are for sale on a trusted NFT website.

Your pieces are worth a lot of money. After all, you are a popular artist with a unique style. Selling just one of your posters will pay ultimately pay your bills off for months to come, even years. 

Then one day, you stumble upon your own work on some other NFT auction platform you don’t even feature your artwork on. 

Digital files are replicable without diminishing their quality. This is the counterfeiting stage. After a copy is made, what’s to stop a scammer from posing as the owner?

The scammer then forges the NFT created by crypto artists. This allows them to gain ownership of the stolen item. A tactic that is known as sleep minting.

The next phase of the heist involves the scammer minting the NFT’s in the artists’ wallets. This essentially transfers ownership of the item from the original author to the scammer, unbeknownst to the artist. 

This NFT counterfeiting tactic is possible because of an anatomical defect in smart contracts. These can cause transactions to appear genuine on the blockchain as though the artist had made them. Albeit without the artists’ knowledge. 

A simulation proves the vulnrability

This attack vector was simulated in a real-life scenario by an individual who operates under the pseudonym Monsieur Personne, “Mr. Nobody.” They also go by the moniker The Banksy of NFTs.

They made it their mission to demonstrate the security flaws in the architecture of NFT’s. To drive the point home, earlier this year, Monsieur Personne purportedly made the second edition of the famed Beeple piece.

Having no ill intent toward the artist himself or the NFT market, Monsieur Personne says they gave the counterfeit NFT to a user.

The user offered it for sale on Rarible and Opensea, which are two of the biggest NFT markets. The platforms then proceeded to block the illicit transaction. This illuminated possible security holes and how to avoid them.

A spokesperson from and CXIP Labs, an NFT certification platfrom, told BeInCrypto that NFT vulnerabilities are predominantly created during minting. 

“Many marketplaces are minting improperly and without any standards or safeguards. Loopholes are created, causing smart contracts to become exploited in various ways. If the theft is anonymous, it can be difficult [to recover it], and most marketplaces have been reluctant to intervene because they are afraid of backlash for behaving too ‘centralized,’” they say.

Loading...

Speaking about whether stolen NFTs could be recovered by law enforcement, they add:

“This is likely being discussed, but marketplaces and participants would probably have to cooperate with authorities in order for it to work. We might see these investigations happen in the future.”

Is there a glitch in the NFT matrix?

According to Malwarebytes Labs the flaws in the system are three-fold.

It is possible to make copies of more than one NFT from the same art piece in the same way, any jpeg file can be duplicated. This, however, establishes abstracted chains of ownership for the same art piece.

Furthermore, if an NFT hasn’t been established for the art piece, creating one for it does not necessitate the original owner to be the actual owner of the piece. This is how abstract chains of ownership are made.

Lastly, the references defining the initial art piece are hinged on the dependency of URL addresses susceptible to vulnerabilities. Realistically, the host for the URL could change, or discontinue their hosting, or be susceptible to cyberattacks, causing the item to disappear.  

In essence, the only sure way a ledger can be reliable to give a factual record of true ownership is by establishing one fundamental record that analyzes the transaction made directly between the original owner of the art and the creator. Thus, confirming whether the first owner actual purchased the artwork from the artist.

Creating a new ledger should also check for duplicate registrations for the same NFT artwork to ensure a duplicate isn’t being created.  There needs to be a more prudent definition of digital files.

Therefore, considering the circumstances that may unfold from merely hosting them on the internet. The URLs themselves should be recorded in the blockchain to help protect them and not only the digital file they are directing to.

Another attack vector — hacking NFTs

Users in possession of NFTs have become an additional attack option. Already threat actors have broken directly into accounts on Nifty Gateway and made off with their NFT’s artwork worth thousands of dollars. Afterwards, selling them on Discord and Twitter.

Users of these accounts weren’t utilizing two-factor authentication (2FA). However, Nifty Gateway said the platform itself had no breach. 

CXIP Labs says that both creators and collectors should pay careful attention to how their NFTs are being minted. This way the can to protect them from theft.

While NFTs may be struggling with some safety issues, like many new technological innovations these will only improve with time.

The post NFTs and Security — Are We Paying Enough Attention? appeared first on BeInCrypto.

 

Source: BeInCrypto

 


All In One Crypto App presents a unique dynamic crypto course that allows you to become a profitable and successful trader. Download Now

Don't forget to share your review/suggestions for android app.

All In One Crypto App is an execution-only service provider. The material provided on this website is for information purposes only and should not be understood as an investment advice. Any opinion that may be provided on this page does not constitute a recommendation by All In One Crypto App or its agents. We do not make any representations or warranty on the accuracy or completeness of the information that is provided on this page. If you rely on the information on this page then you do so entirely on your own risk.es here

Loading...

Categories

Select Sub Category
category
61495e4729c40
1
1
Loading....

Reviews

All In One Crypto App

Made $234 profit with Free Signals from $50

This is the best useful app on my phone. Started trading with $50 and in 5 weeks I was up to $234 just with the free signals. I will recommend it to any new person that wants to try trading crypto. Link to Review

Asoluka Chimdindu

Free User
All In One Crypto App

Good Support

This app is one of the best for crypto currency trading signal for experts and beginal with free and premier with auto follow trading bot all the signal is excellent with accurate technical analysis and fundamental I really like the way they guide and support. Link to Review

olaplus olaplus

Premium User
All In One Crypto App

Accurate Trading Signals

I was premium member of this channel back in 2018 when there was no app. Thr signals were too good, more than 90% accuracy. Now with this app and newly introduced auto trading bot, it will be awesome. Too the moon. Link to Review

Yogesh Patil

Premium member
All In One Crypto App

Awesome and Accurate Signals

Very glad to use this app. The crypto signals was awesome and accurate with detailed explanation and visual information. The admin also helpful and nice. Link to Review

soon cheong

Free User
All In One Crypto App

User Friendly App

Signals are great. I love it. App also friendly to use… Nice job guys Link to Review

Olawunmi Dilureni

Premium Subscriber

Recent Comments