NFTs worth Over $100 Million Stolen within a Year

[TL; DR]

Within the period July 2021 and July 2022, NFTs with a total value of over $100 million were stolen.

In July 2022 fraudsters and hackers stole a total of 4 600 NFTs.

Social media based NFT thefts account for about 23% of the total figure.

The CryptoPunk #4324 was the most expensive stolen NFT, with a value of $490 000 at the time of the theft.

Introduction

The greatest challenge blockchains encounter are cyber thefts of digital assets such as NFTs and cryptocurrencies. Although many people are familiar with thefts of cryptocurrencies there are several instances involving hacking and stealing of non-fungible tokens (NFTs). Elliptic, a crypto risk management firm, reports that Non-fungible tokens worth more than $100 million were stolen within a year, from July 2021 to July 2022.

How the non-fungible tokens were stolen

The thefts of NFTs started way back around 2017 and have increased over the years. Elliptic reports that NFTs worth over $8 million were stolen from NFT based platforms in 2017. That figure represents 0.02% of trading activities from established NFT platforms. NFTs worth $328.6 million, about 0.81% of the trading activities, were stolen through protocols that offer crypto mixing services such as Tornado cash.

As previously mentioned, over $100 million worth of NFTs were stolen through scamming activities in one year. This gives us an average of $300 000 per single scamming activity.

Thefts of NFTs are on the rise as figures indicate. For example, in July 2022, a total of 4 600 NFTs were stolen through scams. Incidentally, the same month, July 2022, has the highest number of stolen NFTs. Specifically, malicious actors stole non-fungible tokens worth around $24 000 during that month. It is important to note that these figures relate to reported stolen NFTs. There are many individuals and NFT platforms that provide such information. However, there are other people and NFT platforms that did not report the thefts they experienced.

Thefts of NFTs from social media platforms have been high as well. About 23% of the recorded NFT thefts occurred on social media platforms, especially Instagram. Elliptic reports that close to 5 000 NFTs, worth approximately $20 million were stolen. In most cases, the attackers used malware that bypass two factor authentications.

Source: Entrepreneur

According to Elliptic, CryptoPunk #4324 was the single NFT with the highest value scammers have ever stolen. By that time, 13 November 2021, it was worth $490,000. On the other hand, the largest collection of stolen NFTs, belonging to an individual, was the 16 blue-chip NFTs with a total value of $2.1 million. This took place in the period which the Elliptic report covers, in December 2021.

The North Korean linked Lazarus Group is one of the leading hacking syndicates that wreaks havoc in the cryptocurrency sector through thefts of digital assets, including NFTs. Also, Tornado Cash facilitates the laundering of both NFTs and cryptocurrency through its crypto mixing service.

Methods the malicious actors use

One of the commonest methods used in stealing the NFTs is phishing. This involves a fraudster that uses clandestine means of obtaining the wallet details of a certain person. Usually, with this method, unsuspecting individuals give the attackers their important details such as private keys

Another common means attackers use to steal NFTs is hacking. In simple terms, hacking refers to a situation where an unauthorized individual exploits a private network, a mobile device or computer system and accesses its contents. For example, a collection of Yuga Labs’ Bored Ape NFTs were stolen from Instagram through hacking. Once the hackers successfully attack a computer, a mobile phone or a blockchain they drain the digital assets.

Furthermore, some attackers use phishing links which appear as ads in many sites. The unsuspecting NFTs holders who click these links lose their wallet details in the process. As a result, the malicious actors use the details to access their digital assets which may include NFTs and cryptocurrencies.

Some bad actors use trojan NFTs which they send to digital asset holders. If anyone accepts such NFTs, they lose theirs in the process.

Lastly, some attackers use NFT swap scams. Such scammers lure NFTs holders to swap their NFTs. In the end, someone swaps a real NFT with a fake one.

How to prevent NFT thefts

With these rampant cases of NFT thefts, both blockchains and NFT holders have a part to play in stopping such malicious activities.

Source: blockchainx

What can blockchain do to prevent NFT theft

Blockchains should use advanced measures such as integrated security features. For instance, a blockchain can use encryption of messages as well as data storage platforms. In addition, a system requiring secure signatures and reliable authentication when making transactions helps to reduce incidences of digital asset thefts.

How can individuals protect their NFTs from theft?

Generally, blockchains have security measures as part of the system. However, NFT holders have a greater role in preventing thefts of their assets. We use the same measures applicable to protecting our cryptocurrencies such as having secure digital wallets.

The user should secure his/her wallet data such as private key and seed phrases. This is because once the bad actor gets hold of them he/she will access your NFTs, thereby stealing them. In this case, the attacker transfers these assets the way the owner does.