Connect with us

NFT

Gone Ape? How to Protect NFTs from Theft – Security Boulevard

Published

on

The Home of the Security Bloggers Network
Home » Cybersecurity » Application Security » Gone Ape? How to Protect NFTs from Theft
Non-fungible tokens (NFTs) are unique and irreplaceable digital assets that, by their nature, have an intrinsic value. These could be digital art, photography, GIFs, avatars, memes, 3D objects, domain names, trading cards, virtual land, music, or other digitally tradable tokens. Each contains a distinctive identifier that allows them to be sold or traded via blockchain.
If you ask a cyber extortionist what’s hotter than NFTs right now, they’ll probably say NFT theft. There’s a trend sweeping the blockchain community, and it’s a worrying one. NFTs are stolen by account takeover fraud and account hacking regularly – and blue-chip NFT collections, like Bored Ape Yacht Club, CryptoPunks, Decentraland, or NBA Top Shots, can easily sell for tens of thousands of USD per token.
Using account takeover (ATO) fraud, bad actors take ownership of online accounts using stolen usernames and passwords. These can be acquired through the purchases of lists of credentials on the dark web – typically from data breaches, social engineering, or from phishing attacks – then used to bulk submit these (known as ‘credential stuffing’) to website login forms to fraudulently gain access to user accounts. Despite decades of advice from IT security experts, users still reuse passwords across multiple sites and don’t always change them when they are notified of breaches. This is a recipe for disaster.
NFTs are stored on the blockchain, but NFTs are purchased and managed in a digital wallet and through marketplaces used for trading. These are sites such as Rarible, which is partnered with Adobe and uses the Ethereum (ETH) currency, charging a flat 2.5% fee on every transaction plus any gas fees (the amount of ETH needed for an ETH blockchain network user to perform a trade on the network). A digital wallet or cryptocurrency exchange is only as safe as the passwords and credentials protecting it. As NFTs allow for verifiable ownership, and with the anonymity that digital currency provides, once an account takeover has happened and an NFT has been transferred to another blockchain account, the new owners are virtually untraceable. One of the primary tenets of cryptocurrency is the elimination of possible centralized intervention – making this doubly hard to fix any ownership issues. Bear in mind that many individual NFTs have sold for over USD 1M each, with one single NFF reselling for nearly USD 70 million.
Being an ‘invisible’ and digital interaction, NFT theft is far more prevalent than one may believe. This is a clear call for better digital protection. After a phishing attack in June 2022, Robot Chicken co-creator and Family Guy/Austin Powers trilogy star Seth Green had four NFTs stolen from his crypto wallet. One of these NFTs, a unique Bored Ape token, was to be the star in his upcoming series which was already in production. He was forced to appeal via Twitter to the new owner, who appeared to have bought it in good faith, costing him 165 ETH (around USD 297,000 at the time) to recover it. In another case, Todd Kramer, a Chelsea art gallery owner, had around USD 2.3 million worth of NFTs stolen by scammers in December 2021, and listed on the peer-to-peer NFT marketplace OpenSea. The OpenSea platform had further issues in February 2022, when an attacker used a phishing attack to steal two hundred and fifty-four tokens in under three hours, totaling over USD 1.7 million in profits. In March 2022, bad actors used cracked accounts in the Nifty Gateway platform to buy and sell hundreds of thousands of dollars worth of NFTs, charging the affected users’ credit cards for gas and trading fees.
Attacks are more prevalent as NFTs become more popular, easier to trade, and enter the digital zeitgeist. So what can we do about it?
The cryptocurrency exchanges say that they are doing their best but that they are the middle man and can only do so much. OpenSea, for example, can’t return stolen NFTs as they are stored on the Ethereum blockchain. They can only stop them from being traded within OpenSea.
“OpenSea is a blockchain explorer, meaning our goal is to provide the most comprehensive view into NFTs across different blockchains. We do not have the power to freeze or delist NFTs that exist on these blockchains, however, we do disable the ability to use OpenSea to buy or sell stolen items. Since this issue emerged, we’ve built security tools and processes to combat theft on OpenSea. We are actively expanding our efforts across customer support, trust and safety, and site integrity so we can move faster to protect and empower our users.”
Cryptocurrency exchanges can, however, make use of professional account takeover protection without any loss from legitimate transactions or reduction in site performance. Preventing account takeover fraud requires multi-layered, intent-based detection to identify malicious access attempts – with low false positives and clear and actionable insights. Context is critical for effective mitigation, and it’s critical to be able to clearly see which user accounts and sites are under attack, what techniques were used, and whether the credentials are publicly available. Users are demanding more protection in the marketplace and these exchanges need to put their users’ minds at ease when conducting transactions. As such, it’s important to inform customers when an attempt to take over their account is detected and blocked, even if this is done so automatically, and to utilize this opportunity to recommend further ways the customer can avoid the risk and foster best practices.
It’s 2022. I don’t know who needs to hear this, but stop reusing passwords!
For as little as a couple of USD a month you can get an excellent password management tool where you can store software licenses, all your passwords, and any other sensitive information you might need at your fingertips – on your desktop, laptop, or on the move. All of this is sealed behind a single master password and complex password generator, meaning everything can be different and there’s only one localized key you need to know. Set up is easy, and they work across multiple platforms and devices. Asking around our team we personally use 1Password, Zoho, RoboForm, LastPass, LogMeOnce, Bitwarden, and Keeper.
When we do have to create a password we should avoid all the usual 7-letter clichés, and consider using a password system to avoid creating logins you can’t remember. You should also change them frequently. Many of the password management tools have random password generators, which is obviously the preferable approach.
In order to grow the NFT market, and any platform or exchange, transactions have to be safe and reliable. While investment in exchanges and platforms appears to be forthcoming the art world, and the investment world, have mixed feelings about NFTs. Wallets and platforms need to be secure and worry-free.
Users need to take responsibility for their digital assets, but any service allowing users to buy, sell, auction, or create NFTs on the blockchain where millions of US dollars could be changing hands must demonstrate they are doing their best to protect their users from account takeover and fraud. They must promote best practices and be seen as a reliable repository if they are to succeed – regardless of their other responsibilities. Good account takeover security is good PR, and NFT portfolio platforms will need that in the years to come if the medium is to be trusted beyond early adopters and further normalize investment in the crypto community.
The post Gone Ape? How to Protect NFTs from Theft appeared first on Blog.
*** This is a Security Bloggers Network syndicated blog from Blog authored by Nik Hewitt. Read the original post at: https://www.imperva.com/blog/gone-ape-how-to-protect-nfts-from-theft/
document.getElementById( “ak_js_1” ).setAttribute( “value”, ( new Date() ).getTime() );
More Webinars
Security Boulevard Logo White
DMCA

source

NFT

This Week's NFT Sales Slide, Bored Ape Market Cap Drops 21%, Floor Prices Sink Lower – Markets and Prices Bitcoin News – Bitcoin News

Published

on

by Jamie Redman
Non-fungible token (NFT) sales this week dropped 10.88% lower than the week prior. Roughly $118.02 million worth of NFTs were sold this week compared to last week’s $132.43 million. Further, the top two NFT collections with the largest market capitalizations shed significant value during the past seven days. While Bored Ape Yacht Club’s market valuation lost 21.29%, Cryptopunks’ market cap slid by 19.18%.
NFTs had a lackluster week as sales and prices have followed in sync with falling crypto asset prices. Statistics show that a large number of NFT collections have lost considerable market value during the past week. For instance, metrics show that Bored Ape Yacht Club’s (BAYC) floor value on September 13, 2022, was $114,388 and today, the floor value is around $90,026. BAYC’s market valuation on September 13 was $1.14 billion and today it’s down 21.29% to $900.25 million.
Data shows that the second most expensive NFT floor value belonged to Cryptopunks on September 13, and that’s still the case today. However, the cheapest Cryptopunk last week was around $98,941, but today you can get one for $79,960. Cryptopunks’ market cap has nosedived 19.18% lower during the past week. The same can be said for a majority of blue chip NFT collections like PROOF Collective, Mutant Ape Yacht Club (MAYC), Castaways, and Doodles.
Seven-day statistics show that the BAYC NFT collection is the compilation with this week’s top sales, as $8,603,290 in trades were recorded. BAYC sales have increased by 17.33% and the second largest NFT collection in terms of weekly sales is RENGA. The RENGA NFT collection has managed to print $5,822,323 in seven-day sales, up 121.08% since last week. Overall, however, NFT sales across 17 blockchains monitored by cryptoslam.io are down 10.88% lower than last week.
This Week’s NFT Sales Slide, Bored Ape Market Cap Drops 21%, Floor Prices Sink Lower
Ethereum (ETH) captured the top NFT sales and Solana (SOL) recorded the second largest number of digital collectible sales this week. Although, ETH-based NFT sales slipped 1.66% lower than last week with $79.05 million in seven-day sales. SOL-based NFT sales are down this week 42.11% lower than last week with $23.71 million. Both Flow and Immutable X saw an uptick in NFT sales. Flow NFT sales jumped 59.42% higher, and Immutable X NFT sales saw a significant 790.96% increase.
The top five most expensive NFTs sold this week all stemmed from the BAYC collection and include Bored Ape #441, Bored Ape #2897, Bored Ape #5733, Bored Ape #4179, and Bored Ape #1846. Bored Ape #441 sold for 351,000 DAI and Bored Ape #2897 sold for 215.38 ether or $296,404. Bored Ape #5733 was sold three days ago for 120 ether or $176,458, and Bored Ape #4179 sold for 123 ether or $176,307. Lastly, the fifth most expensive, Bored Ape #1846, was sold for 106 ether or $151,939 four days ago.
What do you think about this week’s NFT sales dropping more than 10% lower than last week’s sales? Let us know what you think about this subject in the comments section below.
Jamie Redman is the News Lead at Bitcoin.com News and a financial tech journalist living in Florida. Redman has been an active member of the cryptocurrency community since 2011. He has a passion for Bitcoin, open-source code, and decentralized applications. Since September 2015, Redman has written more than 6,000 articles for Bitcoin.com News about the disruptive protocols emerging today.

Image Credits: Shutterstock, Pixabay, Wiki Commons
Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.
Tony Hawk’s Latest NFTs to Come With Signed Physical Skateboards
Last December, the renowned professional skateboarder Tony Hawk released his “Last Trick” non-fungible token (NFT) collection via the NFT marketplace Autograph. Next week, Hawk will be auctioning the skateboards he used during his last tricks, and each of the NFTs … read more.
Central Bank of Brazil Confirms It Will Run a Pilot Test for Its CBDC This Year
The Central Bank of Brazil has confirmed that the institution will run a pilot test regarding the implementation of its proposed central bank digital currency (CBDC), the digital real. Roberto Campos Neto, president of the bank, also stated that this … read more.
Check all the news here

source

Continue Reading

NFT

FASB Excludes NFTs, Some Stablecoins From Crypto Accounting Project – The Wall Street Journal

Published

on

source

Continue Reading

NFT

Michael Saylor can't stop: MicroStrategy now holds 130,000 Bitcoin – Cointelegraph

Published

on

MicroStrategy bought an additional 301 BTC for $6 million at an average price of $19,851, the company’s executive chairman announced on Twitter.
MicroStrategy now owns 0.62% of all the Bitcoin (BTC) that will ever be mined. The company’s executive chairman, Michael Saylor, announced that the company bought another 301 BTC for roughly $6 million at an average price of $19,851 per BTC. 
In sum, the company is one of the planet’s largest holders of the asset, owning 130,000 BTC. Apparently, Saylor likes round numbers, buying 301 BTC to reach the 130,000 milestone. 
MicroStrategy has purchased an additional 301 bitcoins for ~$6.0 million at an average price of ~$19,851 per #bitcoin. As of 9/19/22 @MicroStrategy holds ~130,000 bitcoins acquired for ~$3.98 billion at an average price of ~$30,639 per bitcoin.https://t.co/5kYW98ij4I
Due to plunging price action, the company’s investment is down substantially in U.S. dollar terms. MicroStrategy’s entry price is roughly $30,639 per BTC, and the Securities and Exchange Commission filing states that the firm has bought 130,000 BTC at an aggregate purchase price of approximately $3.98 billion.
If MicroStrategy started stacking sats (buying Bitcoin) at today’s prices, it would have spent $2.48 billion on 130,000 BTC. Saylor is currently at a paper loss of over a billion dollars.
According to the SEC filing, the company made the purchase with “excess cash.” Saylor recently stepped down as CEO of the company to focus on buying more Bitcoin, while Washington, DC has taken aim at the billionaire in a tax evasion lawsuit.
Bitcoin enthusiasts were quick to commend Saylor’s buy. Referred to as the “Chad” or “Gigachad,” Saylor’s conviction and commitment to buying Bitcoin despite the investment being underwater has garnered both a devout following and numerous critics.
Related: Bitcoin better than physical property for regular folks, says Michael Saylor
Other large wallet addresses include that of crypto exchange Bitfinex, which holds 170,000 BTC, and a Binance reserve wallet that holds 125,000 BTC. Binance is the world’s largest crypto exchange and has several wallets holding six figures of Bitcoin. Regarding individuals, Saylor has stated that he holds Bitcoin, and FTX CEO Sam Bankman-Fried and Binance CEO Changpeng Zhao are also “hodlers” — a meme that became popular jargon for holding crypto.

source

Continue Reading

Trending

Copyright © Diaily Meta News