Hacking newest threat nft

hacking newest threat nft

In this case, the NFTs thieves had targeted a feature known as a webhook. Webhooks are used by many web applications (Discord included) to listen for a message sent to a particular URL and trigger an event in response, like posting content to a certain channel. You can think of a webhook like a secret phone number, a unique identifier that can be “called” (or, in a closer approximation, “texted”) to connect to an application on the other end.

By gaining access to webhooks belonging to the Fractal and Monkey Kingdom Discord servers, the hackers were able to send messages that were broadcast to all members of certain channels: a feature meant to be used only for official communications from the project teams. This was where the fake “announcement” had come from and why it had pointed to a scam address.

There was a report of an NFT hack as well. Third City Advisory founder Michael J. Miraflor claimed on Twitter that his NFTs were stolen from the Gemini-owned trading platform Nifty Gateway, transferred them to another account, sold some on a Discord channel, and purchased more than USD 10,000 worth of NFTs from a drop with the stored credit information.

Credit card charges, Miraflor said, have been “since recovered.”

Per his March 14 Twitter thread, the marketplace alerted him that ‘he’ sold something, but upon checking to confirm the transaction, Miraflor saw his entire collection had been emptied.

Though Nifty restored the victims’ money, it could not get back the NFTs.

Such platforms are always open to attacks from people looking to make some quick money through trading. As hundreds of thousands of people are using the system, an error from their end could leave the gates wide open for malicious hacking attacks.
Following the recent attacks, both Nifty and OpenSea tightened their cybersecurity protocols and added multiple authentication layers.

NFT Vulnerability and Security Concerns

Although the popularity of NFTs is increasing day by day, hacking incidents make it essential to understand the NFT security issues.

All told, more than $4 million was spent on gas fees for unsuccessful transactions.

There’s no indication yet that the NFT craze will slow in 2022, which means there’ll be no shortage of new projects looking to scale by using off-the-shelf solutions to build their infrastructure. There are signs that Discord, the beating social pulse of the NFT community, is also a goldmine for unscrupulous individuals looking to separate marks from their hard-earned coins — but perhaps as techniques of moderation and server administration in the community improve, more rigorous management of problem areas (like webhooks and third-party plugins) will reduce risk.

The good news is that, for the two projects affected by this particular hack, there may be sunnier days ahead.

Fractal, the game asset marketplace, went live on the penultimate day of 2021.

GitHub commits. But it’s easy to lose track of those bots amid the various third-party service integrations, and crucially, there’s no way to switch off all of them at once if you’ve been hacked. The result is a major opportunity for attackers and a liability for any Discord communities who aren’t paying attention to their integrations.

A Discord spokesperson said the company cautioned people to be careful when giving others access to their devices and personal information and pointed to guidance made available through its Moderator Academy resource center.

“Discord takes the safety of all users and communities very seriously, including social engineering attacks like these,” said Peter Day, senior manager of corporate communications at Discord.

NFT Hackers Attack: Influencer Zeneca and Platform PREMINT are the Latest Targets

Non-fungible token (NFT) influencer Zeneca and NFT registration platform PREMINT are the latest targets of hacking attempts against the NFT community.

Zeneca’s social media accounts were compromised on late Tuesday and linked to a fake airdrop for the influencer’s “Zen Academy Founders Pass,” tricking users into connecting their wallets.

“Hey everyone wanted to do something special for the community so here I go!” Zeneca’s compromised Twitter account had posted. “I would like to announce the official release of the Zen Academy Founders Pass airdrop. There will be 333 of these passes to start off.

If these companies go out of business or an attacker breaks into these websites, any NFT value could suddenly disappear.

There’s also another track for token trouble. What exactly is being sold? As noted by Coindesk, an attacker recently tried to sell a zero-day exploit as part of an NFT collection, possibly making a pretty penny in the process and exposing enterprise networks to risk.
Even more worrisome is that this risk will only increase as markets diversify and NFT prices stabilize. This area lacks strong regulation. That means it may be almost impossible for companies to ensure exploit-based data isn’t sold to the highest bidder and then used to compromise their networks.

NFT Defense

NFTs emerged as both a valuable asset and possible attack vector.
Now, enterprises must account for these tokens in evolving security strategies.

“Our analysis is ongoing, but our initial assessment indicates that the impact was limited, none of the impacted accounts had 2FA enabled, and access was obtained via valid account credentials,” they said, encouraging their users to enable 2FA and never reuse passwords.

___Learn more: – Crypto Security in 2021: More Threats Against DeFi and Individual Users – Justin Sun: Christie’s Tech Glitch Stopped Me Paying USD 70M for Beeple NFT – Second-Hand NFT Market for NBA Top Shot Packs Appears on eBay – Consider These Legal Questions Before Spending Millions on NFTs – NFT Overtakes Litecoin, Bitcoin Cash, and XRP on Google – Grimes and Paris Hilton Go Full NFT – But Some Warn of Trouble Ahead – Check These 4 Make-Your-Own-NFT Platforms – Non-Fungible 2021: Prepare Your NFTs For DeFi, Staking, and Sharing

(Updated at 14:22 UTC: Michael J.

Given the one-way nature of secure blockchain transactions, getting these assets back, even with proof of wrongdoing, may be difficult or impossible.

Improved zero trust architecture is an ideal way to help solve this problem before it starts. By using advanced zero trust frameworks that focus on confirming rather than assuming identity, it’s possible to limit the number of privileged users who have access to NFTs and reduce the risk of asset loss.

Enhanced Network Monitoring

Along with zero trust security, enterprises must also deploy active network monitoring tools capable of pinpointing possible exfiltration issues before blockchain access occurs.

Please be vigilant and stay safe,” the official Twitter account of Yuga Labs said.

Meanwhile, in a separate incident, NFT registration platform PREMINT suffered a hack on July 17, leading to total losses of around USD 430,000 for users who clicked on a malicious link.

PREMINT confirmed the hack in a Twitter thread, detailing that the “issue only affected users who connected a wallet via this dialog after midnight Pacific time.”

According to a security analysis report from Certik, the hacker compromised PREMINT’s website by uploading a malicious JS file to the site.

In practice, defense against NFTs requires a three-pronged approach:

Increased Asset Vigilance

The nonfungible aspect of NFTs coupled with their blockchain-based nature makes them a solid long-term investment for many companies. However, NFT marketplaces are often subject to attacks such as phishing, distributed denial of service and ransomware, meaning IT teams must keep a close eye on assets in response to emerging threats.

There’s also a need to proactively monitor unique intellectual property stored on corporate networks. That way, you can ensure attackers don’t exfiltrate it and convert it into an NFT without corporate knowledge.

Improved Zero-Trust Frameworks

If attacks can compromise corporate accounts and gain access to blockchain credentials, they could transfer ownership of NFTs.

The purchase would leave the original owner out in the cold.

There’s an even bigger problem with nonfungible tokens, as noted by Anil Dash, one of the minds behind the NFT concept back in 2014: digital shortcuts. When Dash and artist Kevin McCoy first developed the idea of NFTs, they ran into a technological limitation. Most blockchain records weren’t big enough to hold an entire image file. So they used a workaround — blockchain-encrypted web addresses that acted as links to NFT assets.

Today, that workaround is still in use. In practice, this means that NFT buyers aren’t really getting blockchain-based tokens that represent the asset they’re buying. They’re getting access to links that exist on live websites and which companies manage to verify the token.

Leave a Reply

Your email address will not be published.