Over the last year, there has been a large number of incidents involving the theft of NFTs for both artists and collectors alike.Social engineering is the biggest cause of NFT theft, and this is because of human error. You can have the most impenetrable system in the world, but if you can hack the mind of your target through social engineering it doesn’t matter your impenetrable system is as weak as the employee who maintains it. Social engineering methods performed by NFT theft is primarily through these scammers crafting and sending malicious links to their target known as a “phishing attack” or just simply “phishing”.
An example of a phishing attack is when an attacker gains access to an HTTP push API (called a Web hook) to allow them to send out announcement messages to all members of a Discord, detailing steps that a user must follow if they want to claim a limited time NFT. The user then acts fast to secure their limited NFT by clicking on the link and connecting their “hot”wallet to claim their free NFT, and as a result, giving the scammer the ability to steal their cryptocurrency out of their hot wallet. If the user only had a cold wallet where their valuable NFTs were stored, then this would have never happened.
Tod Kramer who was recently a victim of a phishing attack that resulted in the loss of his NFTs (valued in the millions) said he learned a valuable lesson from using a hot wallet to store his own NFTs, and now advises others to only use a cold wallet when storing their NFTs to so they also don’t fall victim to a phishing attack. A hot wallet is a crypto currency wallet that is always connected to the internet and the cryptocurrency network like the popular crypto wallet called MetaMask. A cold wallet is pretty much the opposite, there is no online access, it is stored offline typically on aUSB device.
January 17, 2022