Nonfungible Tokens (NFTs) – Safety and Security Still Needed (Part III of IV)
Last week, the founder of a crypto startup revealed that $1.7 million worth of nonfungible tokens (NFTs) were stolen from his digital wallet. He was forthright, stating “[f]ound out the likely root cause for the exploit, it’s a targeted social engineering attack.” The victim is not alone; there have been many similar instances over the past few months.
Social engineering is “the psychological manipulation of people into performing actions or divulging confidential information.” In the world of crypto and digital assets, it has been a successful exploit to fraudulently obtain NFTs especially as various trading platforms have emerged, unregulated, to earn exorbitant profits through transaction fees.
Last year, the NFT market exploded to over $40 billion and has turned into the next gold rush as consumers flood the market and platforms expand offerings. As of the date of this article, the most expensive NFT ever sold fetched an astounding $91.8 million. Crypto crimes have exploded too, accounting for $14 billion worth of blockchain transactions.
It is unclear at this point if NFTs are a short-term “fad” or a strong long-term investment, but whenever there is money being traded at such a large scale, cyber criminals are sure to get involved. As previously noted, laws, regulations and industry standards are likely coming to this decentralized space known as Web3.
The value of an NFT stems from its unique code and its inherent “smart contracts.” Each NFT is unique and noninterchangeable. This means that no two NFTs are ever the same. Another way to conceptualize this idea is to consider the Mona Lisa. Just because a picture of the Mona Lisa is taken, printed and hung does not make it as valuable as the original.
The Mona Lisa has value because it was created by a well-known artist and is unique. There will only ever be one Mona Lisa, just as there will only ever be one of each individual NFT. Put another way, NFT creators can derive value from their NFTs through the unique characteristics of each individual NFT.
NFTs are also being purchased for a variety of real-world applications including as movie tickets, as real property, and as membership to exclusive clubs. NFTs can also be used for numerous “virtual” applications, such as authenticating digital artwork and collectibles, and online gaming.
As the number of thefts and scams rises, so does the need for regulation and legal oversight. As we mentioned in the opening article of this series, a recurring theme of the Cryptopia event was that laws, regulations and industry standards are coming, and that’s not necessarily a bad thing.
For now, users of the various platforms should create strong, complex passwords for their accounts, and be sure to maintain different passwords for separate accounts that can be used for crypto exchanges, crypto wallets, and NFT marketplaces. Users should also enable multifactor authentication.
Given the openness of the communities, users should also research the platforms they visit. Members have flocked to messaging servers such as Discord to share the latest news and to keep their communities up to date on their respective projects. Lastly, users should only buy, sell or trade from trusted sources, and be skeptical of any promises that sound too good to be true.
In sum …
NFTs have the potential to be great investments, but due to the increase in illegal activity surrounding them, it is likely that regulations and legal oversight will be coming soon. Until then, extreme caution is advised.
For further information about Web3, see the previous articles in this series on crypto and DeFi, be on the lookout for the upcoming article on decentralized autonomous organizations (DAOs), or contact the authoring attorneys at Armstrong Teasdale.