NFT traders were rocked by an earthquake on Sunday. Opensea, the vast NFT trading ocean, was the center of a new storm – in the form of a heist.
Valuable NFTs were stolen, including Bored Ape Yacht Club and Mutant Ape Yacht Club assets.
The truth is, despite the transparency and inherent security that comes with blockchain technology, there are still ways for malicious activity to thrive.
What happened on Sunday and what can we learn from this mess?
First of all, last weekend’s debacle involved 32 Opensea users, whose NFTs were targeted by a sophisticated, ruthless hacker. This was apparently a phishing attack, according to Opensea co-founder and CEO Devin Finzer.
He said: “As far as we can tell, this is a phishing attack. We don’t believe it’s connected to the OpenSea website.”
“We’re actively working with users whose items were stolen to narrow down a set of common websites that they interacted with that might have been responsible for the malicious signatures.”
What is phishing?
Phishing is essentially a trick, performed by cybercriminals, to rob their victims by gaining their sensitive information. In a phishing attack, the victim receives a fraudulent message in the form of a pop-up, link, or perhaps an email. In turn, this message directs the victim into the realms of the cybercriminal, where they can complete their cyber theft.
What makes phishing so successful for cybercriminals is that those who “take the bait” will enter a site that may look identical to the site they were looking for originally.
While the victim navigates the fake site and enters sensitive information, the attacker is able to see everything and execute the theft. Malicious phishing pop-ups operate on popular public forums like Discord and Telegram, so be aware.
How can I avoid phishing scams?
The key to avoiding this one is to go directly through the official website and never follow a link, pop-up or email to enter your information. Keep your sensitive information very close to your chest. Any codes required to unlock NFT transactions should only be known by you.
What other scams do I need to know about?
Phishing is by far the most common attack used by cybercriminals, however, there are other scams we need to be aware of such as…
Fake or fraudulent NFTs
At the moment, it’s quite easy to mint a piece of artwork, like an image, and turn it into an NFT without the artist’s consent or approval. What is more, this fake artwork could be auctioned as an original piece. To avoid falling for this, do your research before you buy an NFT. Find out if the project is known in the community. Check if the artist has a Discord channel and contact the artist to verify authenticity. There will be a blue check on the border of the profile image, which denotes a “verified account”.
This trick happens in the secondary market when you’ve already purchased your NFT and want to resell the asset to the highest bidder. The sneaky bidder may switch up the currency under your nose, so watch out for this one. Your NFT may be priced at 1 ETH ($2700) and you get a bid for $1 instead. Double-check the currency, always. Also, never accept a lower bid than what you want.
All in all, these are just a few examples of scams that are out there, but all scams can be defeated with knowledge, community and due diligence.
Gain as much knowledge as possible before making an NFT purchase. Find out about the collection you’re interested in and study the project closely. For an NFT to have lasting value, the project you’re buying from should be very visible online and have a strong social media presence.
Be an active member of the NFT community yourself and find trustworthy people to discuss information with and exchange knowledge with. Above all – stay diligent with your private information, trusting only the official blockchain website for your transactions and purchases.