As the NFT community expands, so does the number of bad-faith actors hoping for a piece of the multi-million-dollar pie. As a result, NFT thefts are becoming increasingly expensive. People have lost millions of dollars in some cases.
If you want to start building your own NFT collection, the first thing you should be wary of is rug pulls and scams in the community. However, once you've avoided the NFT scams and successfully secured the digital items you're after, you'll need to be even more cautious. Remember that in Web3, third parties will not be able to manage everything for you. You must rely on your own judgment and research. As a result, constant vigilance is required, as theft can occur – even among the most diligent users.
Keeping this in mind, let's look at some of the most costly NFT losses and thefts. These stories will help you understand what went wrong and how you can protect yourself from costly NFT theft.
Todd Kramer, the owner of a Chelsea art gallery, had a less-than-pleasant end to the year. Kramer owns Ross + Kramer Gallery, and he had some issues with some of his personal art at the end of 2021. On December 30, Kramer discovered that several NFTs from his personal collection had been stolen from OpenSea. Which is the world's largest NFT marketplace.
He went into detail about what happened in tweets that have since been deleted. The majority of the NFTs were Bored Apes and Mutant Apes, two of the market's most valuable NFTs. Kramer eventually faced a $2.2 million loss as a result of the theft.
Kramer quickly requested intervention from OpenSea. It promptly froze all platform transactions until Kramer could reclaim his lost apes. Many users in the community chastised him for not storing such expensive NFTs on a hardware wallet. Hardware wallets (also known as "cold wallets") are useful tools for preventing costly NFT thefts. Because they are not connected to the internet unless they are plugged in. As a result, they are more difficult to hack.
Kramer was, unfortunately, using a hot wallet, which is always connected to the internet. As a result, it is more prone to attack.
Users also chastised OpenSea for their involvement. It was claiming that if one company can freeze transactions in this way, NFTs aren't truly decentralized. OpenSea issued a statement in response to the criticism. "As a blockchain explorer, our goal is to provide the most comprehensive view into NFTs across multiple blockchains." We do not have the authority to freeze or delist NFTs on these blockchains, but we do restrict the ability to use OpenSea to buy or sell stolen items. Since the emergence of this issue, we've developed security tools and processes to combat theft on OpenSea."We are actively expanding our efforts across customer support, trust, safety and site integrity. So that we can protect and empower our users faster," they said.
Fortunately, Kramer was eventually reunited with the majority of his stolen collection. Hopefully, he'll keep them in a more secure location this time.
Only a month after Kramer's apes were stolen, OpenSea witnessed another high-profile heist. Users on the platform uncovered the trail of a million-dollar heist in February. To pull this off, the hacker used one of the oldest tricks in the book: a phishing attack.
This event occurred just one day after OpenSea upgraded its smart contract infrastructure. The aim of this upgrade was protect users from a bug that allowed attackers to buy NFTs at far below market value. This was possible due to a system error that allowed old contracts to remain on the blockchain but not appear in OpenSea. Many of the contracts were over a decade old. Attackers could take advantage of the excessively low, out-of-date prices by making offers against those contracts.
As a result, all OpenSea users were required to move their NFT listings to a new smart contract. To take advantage of the migration, the hacker used a phishing attack.
The hacker was successful in luring 17 users into transferring some of their high-value NFTs into the hacker's OpenSea account. Four Azukis, two Coolmans, two Doodles, two KaijuKings, and one Mutant Ape Yacht Club were among the stolen NFTs. They then quickly sold these NFTs, making over $1.7 million in profit.
Another expensive NFT theft occurred in March, but this time on a different platform. Several Nifty Gateway users reported that their accounts had been compromised on social media.
Hackers used these stolen accounts to buy and sell NFTs worth hundreds of thousands of dollars. Worst of all? Users whose accounts had been compromised were left holding the bag because the fraudulent transactions were charged to their credit cards. This is due to one of the unique features of Nifty Gateway's platform. Users can charge purchases to their credit cards as well as their crypto wallets.
Although Nifty Gateway formally acknowledged the attack. They blamed it on the users rather than any potential platform vulnerabilities. A Nifty Gateway spokesperson told that "none of the impacted users had 2FA (two-factor authentication) enabled." This implies that hackers used simple phishing tools to hijack these accounts. They were able to gain access simply by determining the affected users' passwords.
Although it is not always possible to avoid NFT theft, holders can take precautions to keep themselves safe. To begin, only click links on websites that you know and trust. Don't assume anything just because a link appears to have come from someone you know. Always double-check before proceeding.
Next, make sure that multi-factor authentication is enabled on all of your accounts and hardware. This is critical and only takes a few minutes. It's also critical to create a strong password and never use it again. You don't want all of your accounts to be compromised if one is compromised. Finally, keep your Secret Recovery Phrase (also known as a seed phrase or mnemonic) in a secure location. It should never be given to anyone.
Keep yourself safe out there.
.png){kind=small}
Need to give up on NFT drops and buy in the secondary market? Don't miss out on future NFT drops by checking out our free NFT minting event calendar. The NFT Mint Radar is an independent NFT database that has nothing to do with NFT projects or companies.
.jpg)
