Non-fungible Tokens (NFTs) started to take a significant place in the cryptocurrency ecosystem, especially after 2020. NFT markets in which game companies, celebrities, and many investment firms showed interest started to grow day by day and reached a transaction volume of millions of dollars. There are dozens of films about the theft of famous works of art, and maybe we’ll watch movies about how NFTs were stolen years later.
This article looks at our pick of the top five most popular methods hackers use to steal NFTs from their owners, getting away with millions.
Phishing is one of the most common methods used by hackers and is based on duplicating a legitimately operating website/marketplace. Unfortunately, users who overlook a small change or addition to the URL of a website may experience significant losses.
Check the URL of a service/marketplace/website before allowing any website to connect your Web3 wallet like MetaMask, Phantom, Terra Station Wallet, etc.
As a secondary security measure, the authenticity of the NFT and the seller’s transaction history should be questioned. If an NFT is well below the market price, it should be a red flag and raise your suspicions.
2. Discord Scams
Discord is a platform that many NFT and crypto-related teams use heavily. It is used for many purposes, such as important information, audio meetings, and verification processes. But the more extensive a community, the more scammers it attracts.
The mint addresses of NFT projects are generally shared on discord channels. Scamming is done by directly hacking the channel or sending fake messages to users via DMs.
Do not click on links posted by outsiders. On the main pages, it is necessary to check the messages sent by the admins before clicking. Admins of real projects do not send private messages to anyone out of the blue. Always exercise caution when dealing with any users on Discord due to the anonymous nature of the platform and the internet.
3. Copycat NFTs
Some scammers examine the wallets of influencers and celebrities in detail; they mint similar NFTs to what’s in the influencers’ bags.
Because people want to follow these wallets and make similar investments, therefore, the originality of NFTs should be strictly checked before making a purchase.
Copycat NFTs became such a problem that services and Metaverse crypto projects like Verasity even decided to implement a Proof-of-View protocol that can authenticate NFT collections to prevent victims from falling into this type of scam.
4. Fake Social Media Accounts
It is a prevalent fraud method to misspell popular influencers’ social media handles by adding a letter, symbol, or number to the end of actual project profiles and usernames.
These fake accounts usually get in touch via private message and make an offer. To avoid falling into this trap, the account’s followers, posting history, and account content should be checked.
Twitter is the most popular social media utilized for the attack since most NFT promotions and influencers reside on the platform. When dealing with any Twitter users, even if they are verified with hundreds of thousands of followers, investors should tread with caution.
You may also be interested in the article below:
Do You Use MetaMask on Apple Devices? Turn Off Your Backup
5. Stolen Social Media Accounts
Like the Discord scam, stealing social media accounts from popular influencers by social engineering is a popular tactic used by fraudsters to mislead followers into connecting their wallets to malicious websites and is an entryway into several phishing attacks.
Hackers who steal the official account of the project or a famous NFT artist send a link to potential victims to click. They usually try to cheat with free mint, airdrop, or gifts.
One of the most popular NFT thefts recently utilizing the above method was the Bored Ape Yacht Club. Hackers managed to gain access to the project’s official Instagram account and created a phishing Airdrop which netted roughly $1 million in stolen NFTs.
Remember The Following Rules To Protect Your NFTs
- Prefer hardware wallets over software wallets.
- Treat every private message sent to you as a potential scam and review the account.
- Do not share your Private Key, seed phrase, and/or passwords with anyone.
- Use strong passwords and consider alternative authentication options.
- Don’t Forget: The only free cheese is in the mousetrap.
Disclosure: This is not trading or investment advice. Always do your research before buying any cryptocurrency or investing in any service.
Follow us on Twitter @themerklehash to stay updated with the latest Metaverse news!
Image Source: grandeduc/123RF