Cybersecurity in NFTs

Day by day we see how the adoption and use of NFT’s grows; as well as the commercialization of them, through a large list of marketplaces that are enabled and functional throughout the world.

At the same time, the market for non fungible tokens (NFT) continues to grow, with new artists becoming millionaires and household names such as Snoop Dogg, Martha Stewart and Grimes cashing in on the trend.

But no less important is a long list of concerns that arise alongside these innovations, starting with cybersecurity and identity fraud, market security risks, key and data management, and privacy.

Both NFTs and cryptocurrencies suffer from security threats and concerns, which both human beings and legal entities or companies cannot look aside and give them vital importance.

With the emergence of new projects every day, and with the mass adoption, new ways and means arise to deceive the person on the other side, and thus enter their funds to appropriate them (among other types of cybercrime).

Some measures to take into account to protect yourself from being a victim of these scams:

1) Scammers are very aware of new releases of NFT projects, and usually have many sites pretending to be the official one for the “mining” of those projects, to promote them together with the official site,

2) A recommendation when mining an NFT, or investing in a project with a limited collection of NFT’s, among others, is to analyze its source code. To be a serious project, one of the essential requirements is that its official site must contain a link to its Github repository, to access its code and perform various analyses (if it is open source, if the code has recent activity or not, analyze the language and tools used, etc.). It should be clarified that reviewing the code is necessary but not sufficient, and the fact that a company has done an audit does not guarantee that it is free of problems.

3) Be informed about the wallets that support NFT’s with their respective protocols of each network. A few months ago, it happened with the Phantom wallet to host NFT’s from the Solana network. At the beginning it worked only for PC, but there were cases of fake wallets found in Play Store or Apple Store, which were Scam and appropriated your NFT’s by linking your data, or transferring them to that wallet.

4) Be alert for phishing emails or text messages, strange links, etc. Check the sender of each message, and avoid clicking on links from unknown senders or unofficial accounts.

5) Set a different password for each account, and make them different from your email password. It is advisable that they contain a combination of upper and lower case alphanumeric characters, and at least one special character.

6) Be very careful with NFT’s Scam Airdrops. We all like Airdrops, but there are some that consist in taking other people’s funds. If you received one in which you did not perform the procedure to obtain it, DO NOT manipulate them, do not transfer them.

7) Whenever possible, activate the second authentication factor (2FA) and the Anti-Phishing Code contained in the respective platforms.

8) Avoid saving passwords in google, as well as in notes on your device, email, or drive.

9) “At its core, cryptocurrencies are just private key management,” says Schwenk. Key management is something fundamental when it comes to safeguarding your cryptoassets. On the one hand, it is recommended to safeguard funds, cryptocurrencies, NFT’s, in non-custodial wallets or hot wallets such as Metamask, Trust Wallet; and as a greater security in cold wallets (if these funds are not used for daily operations, trading, etc.), such as Trezor, Ledger, etc.

10) Regardless of the origin, always be careful before clicking on any URL. Always verify that you are facing an official domain of the respective platform.

11) Always check the addresses of the wallets of origin and destination, before making any operation. Some wallets such as Metamask, Phantom, among others, have suffered several hacks, where by copy-pasting an address, the fraudster’s address is pasted, and the NFT’s are deposited in your account, being such operation irreversible.

12) Periodically supervise the activities of the accounts where funds are held,

This is not a definitive list, as every day different types of scams, hacks and crimes emerge; but if you are attentive and read our news, we will surely be able to alert you.

Written by Luciano Garriga (TW:@luchogarriga) for NFT Express.