The cyber fraud industry has its own “trends” and is experiencing “fashion trends”. A few years ago, everyone was afraid of blocking programs, then the time came for hidden programs for mining cryptocurrencies, and today, NFT theft is at the peak of interest. Those same non-fungible tokens, a reliable cryptographic tool that turned out to be easy to steal using social engineering methods.
The bad news came from the Nifty Gateway, which is positioned as a convenient marketplace for NFT trading for the benefit of the creative digital intelligentsia. As freelancer Michael Miraflor tweeted, someone hacked his account, sold NFT for more than $ 10,000, and transferred the money and other certificates to another account. Michael discovered this by accident, since he did not receive any notification, and therefore urges his colleagues to urgently check their accounts.
A source in the Nifty Gateway administration told Motherboard that there have been more than a few break-ins, and the company is in dire straits. The fact is that all the victims did not have two-factor authentication connected, and the verification revealed that real and reliable information was used when logging into the accounts (this indicates an ineffective approach to security issues on the part of the account owners themselves – ed. By Techcult). Where the hackers got it is a rhetorical question, and the catch was found only by indirect traces. For example, some transactions with other people’s NFTs were discussed via Discord or Twitter, which is expressly prohibited by the rules of the site.
It is difficult to resist the irony that creative individuals and the concept of “systemic cybersecurity” are poorly compatible things. It’s not about NFT, as such, it’s just another type of assets that are in great demand right now, and therefore are interesting for scammers. The technology itself is not compromised – problems arise from human negligence and carelessness with their digital data.