NFT: an eldorado for cybercriminals

Non-fungible tokens (NFTs) offer huge revenue potential for brands, but also represent ideal opportunities for cybercriminals to exploit if the security issue is not investigated early.

Today, bots are the secret weapon of cybercriminals and are increasingly being used to manipulate prices, defraud customers and erode the NFT ecosystem. This means that NFT marketplaces must do everything in their power to provide effective security defenses against bots and other cyber-attacks to protect their NFT investments, market reputation and customer experience.

But why do hackers focus their bots on NFT sales? The reason is simple, that’s where the money is. The NFT market reached $41 billion by the end of 2021, according to Chainalysis. NFT market ecosystems are relatively new and the technology and processes behind them are not always understood – making them a perfect target.

The e-commerce industry has been hit hard by bots, particularly with releases of limited-edition products like sneakers being targeted by stock-hopping bots. While blockchain, cryptocurrencies and decentralized finance are recent innovations, they are emerging in a mature and already proven cybercriminal environment.

Bots to see

Malicious bots can manipulate the prices and availability of NFT products or offer fake products for sale. Bots can also be part of larger projects that involve taking down entire websites, as well as stealing identities and other personal financial information.

Here are some types of bots to protect yourself from: Buying bots. These are designed to buy goods or services online in bulk when they are marketed and immediately pay for the order. The goal is to take massive control of a valuable stock that is usually resold in the secondary markets at a large margin. They prevent real buyers from acquiring the goods or services, leading to consumer frustration and denial of inventory when NFTs are no longer available.

Auction bots. These bots make fake offers that aim to manipulate NFT prices. By placing a large number of low bids on NFTs well below the asking price, price drop bots drive down the value of an NFT without actually buying it. Price gouging bots buy NFTs at low prices, artificially creating scarcity and increasing popularity to force buyers to pay more for remaining shares, often in secondary markets. And bidding bots can artificially drive up the price of NFTs through automated bidding wars.

Counterfeit NFT bots. This type of bots can be used to sell fake NFT projects that do not match the real identity of the buyer who was supposed to make the purchase. When a consumer mistakenly buys a fake NFT, they are unlikely to get a refund, and without proper authentication, they have no chance of reselling it legally.

Fake promotion bots. These bots can act as phishing schemes that trick users into clicking on links to take advantage of very limited offers, such as a fake YouTube Genesis Mint Pass.

Bot activity in NFT marketplaces sows doubt and suspicion, affecting potential buyers, legitimate sellers, artists, athletes, and creators whose products are sold on online marketplaces.

Malicious bots have the potential to hamper the growth of blockchain-based markets, and if NFT exchanges are known to be hotbeds of bots, this could threaten one of the most dynamic facets of the new digital economy.

Protection of the marketplace from bots

We have learned a lot from our work with large NFT marketplaces and exchanges, helping them implement sophisticated security and protection measures. These include protection against bot attacks that target login credentials, prevention of fake account creation, and prevention of stock-grabbing bots that buy stocks and drive up NFT prices. Here are some important points to consider: Understand fraudulent new account opening and validation patterns.

Evaluate your bot defense strategy to prevent sophisticated, human-like automation and retooling. Prevent account takeover by monitoring transactions for signs of fraud or risky behavior and hardening systems to log in against credentials. Leverage smart authentication to improve the customer experience.

Manage users to determine if they are customers or bots. Empower your security and fraud teams with new tools and intelligence support. Prepare for what criminals continue to rearrange their attacks – and be able to quickly rearrange your defenses.

Helping buyers protect themselves from cybercriminals

Protecting and earning customer trust is important, and it starts with awareness. Here are some savvy tips: Consider hardware wallets. If you use cryptocurrencies to buy NFTs, you should consider using a hardware wallet to make the purchase. Hardware wallets, which are external physical devices with specialized firmware to prevent access to private keys, can significantly improve the security of cryptocurrency and NFT purchases by protecting them from bots and other cyber attacks.

Always review contracts. Buying an NFT almost always involves entering into a “smart contract” with the seller. Carefully review these blockchain-issued contracts before approving them, as they detail the unique information associated with your NFT, including ownership and transaction details. One should always know what one is signing, as smart contracts can specify rules regarding the exchange of NFTs and other property rights.

Beware of fake markets. NFTs should only be purchased from reputable organizations that take security seriously and ensure that transactions are free of bots.

Understand how your NFT market communicates and what your options are if your NFTs are stolen. Knowing in advance how your market will contact you and what you can do if your NFTs are stolen can help you prevent phishing attacks, identity theft and other fraud.

With the proliferation of NFT thefts, the question arises whether hackers manage to sell them on at a good price once the hacking is revealed… The risk is in any case present. This is why Web3 companies need to defend their customers against malicious bots.

Leave a Comment