Here’s how to prevent NFT theft, according to industry professionals

Published at: Jan. 31, 2023

As nonfungible tokens (NFTs) attract more users, they also capture the eyes of scammers. Bad actors in Web3 have set their sights on digital collectibles, with millions being lost through scams and various attacks. 

However, according to professionals working in the Web3 space, there are multiple ways and tools to prevent being a victim of NFT theft. In addition, users can also take various actions after losing their digital collectibles to hacks.

Ronghui Gu, the co-founder and CEO of blockchain security firm CertiK, told Cointelegraph that the first and most important step is always due diligence. “Avoid clicking on suspicious links and be very careful when signing token approvals,” Gu shared.

Taking it a step further, the executive shared other best practices like periodically checking and revoking unneeded permissions and segregating NFTs into different wallets according to their purpose. He also explained that:

“Long-term holds should be kept in a secure wallet that interacts minimally, if at all, with applications. Hardware wallets have a somewhat steep learning curve, but the time investment is worth it.”

When asked about what can be done once the assets get lost, Gu shared that it’s unfortunate, but there’s “not a lot” that users can do to recover the assets. However, NFT marketplaces can blacklist the NFTs so that they cannot be traded anymore. “Raising awareness of common scams is an ongoing effort. Educating users about the safest ways to transact and how they can minimize their risk is the first step,” he added.

While hardware wallets may be a great solution, Michael Pierce, the CEO of Web3 security firm NotCommon, said there are still risks involved. He explained that:

“People should buy the hardware directly from the manufacturer to minimize any chance the wallet has been tampered with before the person receives it.”

Meanwhile, if the scam or attack had already occurred, Pierce recommended that victims report it to databases like NotCommon “to help keep others safe and identify the scammer.” If the potential losses are significant, the executive urged victims to take legal action if possible.

Mohamed Issa, a senior strategist at data firm Chainalysis, also shared some insights on the topic. According to Issa, as NFTs become one of the fastest-growing areas in crypto, it’s becoming a “go-to target for hackers.” He explained that:

“NFT transactions are creating a new challenge for cryptocurrency investigation as decentralized protocols are more complex and very difficult to trace compared to traditional centralized services.”

Issa also told Cointelegraph about the importance of being proactive when falling victim to theft. While it’s very important to report scams and hacks to law enforcement, he believes NFT holders can protect their investment with tools like Storyline, an analysis software created by their firm.

Issa believes that the tool can enable users to assist investigators after getting hacked and help them concentrate on the transactions and funds that matter most.

Related: New NFT private auction scam threatens OpenSea users

BNB Chain growth operations director Alvin Kan also shared that users can use tools like revoke.cash — a way to check wallet status and revoke approvals — and browser extensions that provide risk warnings before signing contracts.

Within the BNB Chain ecosystem, Kan told Cointelegraph that there are efforts from the community to provide more NFT-specific security tools. The executive talked about an NFT tool that detects NFT authenticity called GoPlus and other chain-wide initiatives like DappBay’s Red Alarm and AvengerDAO, which Kan believes helps users stay one step ahead of scammers. He explained that:

“These tools, with the contribution of the ecosystem projects, assess project risk levels in real-time and alerts users of potentially risky DApps so that users do not interact with malicious DApps and contracts.”

After becoming a victim of a hack or scam, Kan highlighted that it’s important to reach out to NFT marketplaces. When all else fails, the executive said that burning the token may be the last resort. Reaching out to the NFT project and asking them to burn the affected or stolen token may be the final solution.

Tags
Nft
Related Posts
Rare Bears Discord phishing attack nabs $800K in NFTs
Recently launched NFT project, Rare Bears, was hit with an attack, after a hacker posted a phishing link in the project's Discord channel, stealing nearly $800,000 in NFTs. Analysis from blockchain security firm Peckshield detailed that the attacker was able to steal 179 NFTs, including Rare Bears and other NFTs from various collections, including CloneX, Azuki, a “mfer” from artist sartoshi, and 6 LAND tokens used for The Sandbox metaverse. According to on-chain analysis, most of the NFTs were sold, netting the hacker 286 ETH, worth over $795,500, most of which was promptly put through Tornado Cash, a crypto mixer …
Nft / March 18, 2022
5 sneaky tricks crypto phishing scammers used last year: SlowMist
Blockchain security firm SlowMist has highlighted five common phishing techniques crypto scammers used on victims in 2022, including malicious browser bookmarks, phony sales orders and trojan malware spread on messaging app Discord. It comes after the security firm recorded a total of 303 blockchain security incidents in the year, with 31.6% of these incidents caused by phishing, rug pull or other scams, according to a Jan. 9 SlowMist blockchain security report. Malicious browser bookmarks One of the phishing strategies makes use of bookmark managers, a feature in most modern browsers. SlowMist said scammers have been exploiting these to ultimately gain …
Blockchain / Jan. 10, 2023
Developers seek solutions for Web3-related scams from internet browsers
A big concern for users in decentralized finance (DeFi) involves the industry’s susceptibility to exploits. A report from Privacy Affairs revealed hackers stole $4.3 billion worth of cryptocurrency in the time period from January to November 2022 — a 37% increase from the previous year. Such exploits harm the integrity of companies and fuel skeptics from outside of the space in their case against cryptocurrencies. However, in a Feb. 2 announcement from Web3 Builders Inc., the company revealed a suite of tools to combat this issue. The initial browser extension TrustCheck was created to flag Web3-related scams before users continue …
Adoption / Feb. 2, 2023
DeFi sees exploits and exit scam drama in the last week of 2022: Finance Redefined
Welcome to Finance Redefined, your weekly dose of essential decentralized finance (DeFi) insights — a newsletter crafted to bring you significant developments over the last week. For DeFi, the last week of 2022 saw another slew of exploits, insider job accusations and exit scam drama. It all started on Christmas, when Defrost Finance, a decentralized leveraged trading platform on the Avalanche blockchain, was exploited by a DeFi flash loan attack causing $12 million in losses. However, the hacker behind the attacks reportedly returned a portion of the funds the next day. Security analytic firm Certik looked into the chain of …
Nft / Dec. 30, 2022
Top 7 cybersecurity jobs in high demand
In today’s digital age, cybersecurity has become a critical aspect of almost every business. Cyber threats are increasing daily, and businesses must take proactive measures to protect their networks and data. As a result, the demand for cybersecurity professionals has skyrocketed. Little Friday humour #meme #cybersecurity @hackurityio pic.twitter.com/MArEpCh03k — Harold De Vries (@devries_harold) February 17, 2023 In this article, we will discuss the top seven cybersecurity jobs that are in high demand. Cybersecurity analyst A cybersecurity analyst is responsible for identifying and mitigating cyber threats to an organization’s network and data. They examine system logs and network traffic to find …
Technology / Feb. 26, 2023