Skip to content

NFT Heists: Are Recent Attacks the First of Many to Come?

  • 2 min read
  • Latest

NFT heists are hitting the news. Here how you can protect yourself, says Indrė Viltrakytė, co-founder of the The Rebels.

Phishing attacks are not new. Sometimes, they are easy to spot. Like when the prompts come with a request to send your banking information to a prince from a far-away foreign land. But sometimes, they are harder to spot. Like when a request to approve the release of your assets comes from a seemingly trustworthy source.

This is what happened recently in an NFT phishing theft case. Users trusted a scheme that involved the Premint platform. The users agreed to a prompt to approve an unknown entity to control their assets. 

On July 17, 2022, a popular NFT platform, Premint NFT, was hacked. 314 NFTs worth $430,000 were stolen. Perpetrators were able to plant malicious code on Premint’s official website. The code instructed users to “set approvals for all” when connecting their digital wallets to the site. This allowed the attackers to access their crypto assets and steal their NFTs. 

The new world of NFTs – digital art collection – may be in line for more phishing attacks. 

NFT heists: What are being stolen?

Typically when we hear the word NFT, we think of a digital image that is unique and connected to the blockchain. It is, however, more elaborate than that. When talking about NFTs, the ownership tracking and uniqueness are always accented. But nowhere in the NFT standard, it is stated what the unique tokens represent. In its essence, the tokens are only unique numbers. It’s the authors of the NFT collection who define what these tokens represent.

Furthermore, images are usually never “uploaded into the crypto wallet.” They are not part of the NFT contract. A hash of the image might be written into the contract to create a connection with the thing that
Read Full Article…