Cybersecurity in Web3 – How to Protect Yourself and Your NFTs
Although many Web3 advocates constantly tout the blockchain’s native security features, the amount of money poured into the industry has attracted many scammers and hackers.
When bad actors manage to breach Web3 cybersecurity, it is usually because of users’ ignorance and fear of missing out (FOMO) rather than shortcomings in the technology.
Big Money in Scams
A Federal Trade Commission report released last June shows crypto users have collectively lost over $4 billion since 2021. The report says the victims were targeted through messages on social media platforms and advertisements.
Attackers Targeting NFTs
Besides crypto, non-fungible tokens (NFTs) have also been targeted by scammers. Web3 cybersecurity company TRM Labs reports that the NFT fans lost over $25 million to phishing attacks and scams between June and August 2022.
NFT collections like Bored Ape Yacht Club (BAYC), which are considered ‘blue chip,’ are the most targeted. Last April, hackers accessed BAYC’s Instagram account and directed the followers to a website that left their Ethereum wallets completely drained. The scammers stole over 90 NFTs worth $2.9 million. A few months later, the NFT project encountered another attack on its Discord server that saw users lose NFTs estimated to be worth 210 ETH.
Scammers have also targeted prominent BAYC holders. In May 2022, actor Seth Green revealed on Twitter that he fell victim to a phishing scam, losing his Bored Ape NFT in the process. In June last year, Green tweeted that he had paid 160 ETH, or about $200,000, to recover the stolen digital art from someone who had purchased it from the scammer.
Security engineer at web3 cybersecurity company Halborn, Luis Lubeck, says Phishing attacks have become rampant in recent months, warning users to be aware of scam sites that request wallet credentials.
Lubeck also explains that a phishing scam may begin with social engineering, promoting a project to users with promises of guaranteed returns. In addition, the security engineer reveals that the scammer can send a message informing a user that their account has been attacked and therefore needs the password to be changed. These messages typically offer users a limited time to act, causing them to be victims of FOMO.
Types of Cyber Attacks
Malware: This represents any code or program that puts systems in danger. Malware can access systems via phishing messages and emails.
Compromised Websites: Cybercriminals can hack a genuine site and then use it to send phishing messages to unsuspecting users.
URL Spoofing: These a clones of genuine websites that can collect credits, passwords, usernames, and other personal data.
What Can You Do to Protect Yourself
The best way to avoid falling victim to phishing attacks is by never replying to any messages or emails from an unknown person or company. Lubeck adds that you should never enter your personal information if you didn’t initiate the communication.
Keep Your Crypto and NFTs Safe
If possible, get a hardware wallet to store your digital assets offline. However, if you choose to use a desktop, mobile, or browser wallet, ensure you download them from verified websites and official platforms such as Apple’s App Store and Google’s Play Store. Do not download wallets from links sent through email or text. However, it is worth noting that some fake apps may find their way into these official stores. Nonetheless, they are safer than using unverified websites or links.
Also, disconnect your wallet from websites after completing transactions.
Your private keys, passwords, and seed phrases must be kept confidential. Anyone asking you to share this data in order to participate in a particular project they are probably a scammer.
Additionally, beware of tight deadlines and high-pressure tactics that scammers use to cause FOMO, pushing victims to invest without doing proper research.
Finally, only inject your funds into projects that you fully understand. In case it is hard to figure out how the scheme works, then you should avoid such a project.
