In the ever-evolving digital landscape, protecting your business from NFT phishing attacks and spam is more important than ever before.
—
Meet Fireblocks, a leader in Web3 security, and the head of R&D for Web3, Avi Bashan, who unravels the driving factors behind this trend. From exploiting Twitter-verified badges to the wave of NFT mining on Layer 2 blockchains, Fireblocks is introducing an advanced threat detection tool within its NFT library, providing essential protection against financial loss and reputational damage.
According to blockchain analytics firm Elliptic, more than $100 million worth of NFTs were stolen through scams between 2021 and 2022, and OpenSea reveals that more than 80% of NFTs in 2022 were plagued by plagiarism, counterfeiting or spam – statistics that draw a parallel to the rampant prevalence of spam in emails, of which Symantec estimates that nearly 85% is spam.
Let’s delve deeper into how you can protect yourself against these threats.
Q: What factors do you think are driving the recent rise in NFT scams and fake airdrops within the crypto industry?
A: Multiple factors have led to NFTs being abused by bad actors recently, including increased retail interest in crypto, such as the ability to use the Twitter verified badge to create credibility for spam ads, the popularity of NFT mining on L2 blockchains, improved wallet functionality to support NFTs, and the lack of threat detection tools integrated into wallets that mitigate NFT phishing attempts.
NFTs are a useful medium for attacks because attackers can use the metadata text or image to display a message and instruct users to take a specific action.
Q: Can you explain how Fireblocks’ new threat detection tool within the NFT library works and how it helps protect users?
A: The Fireblocks NFT Library is a dashboard that displays NFTs and allows users to easily manage their collections. Fireblocks’ new NFT Spam Protection detects spam and phishing NFTs before they even appear in customers’ NFT libraries.
When an NFT is transferred to a customer’s wallet, Fireblocks automatically analyzes the NFT for characteristics commonly associated with spam, such as: low-value or mass-produced collections, unverified creators or marketplaces, repetitive or nonsensical metadata and suspicious transaction patterns.
If Fireblocks detects that the incoming NFT matches spam or phishing characteristics, we automatically hide the NFT from the main NFT library screen. The Fireblocks NFT Library has a “hidden” view that allows customers to view NFTs that Fireblocks has identified as spam, as well as NFTs that the user has manually hidden.
This is a crucial feature for businesses that store their NFT collections on Fireblocks and for retail businesses that use Fireblocks Wallets-as-a-Service to store tokens and NFTs for their customers.
Question: What specific characteristics or indicators does Fireblocks’ NFT Spam Protection tool analyze to identify potential spam NFTS?
A: Low-value or mass-produced collections, unverified creators or marketplaces, repetitive or nonsensical metadata, and suspicious transaction patterns. Fireblocks uses insights from Blockaid, a Web3 threat intelligence platform, to detect malicious NFTs.
Q: What impact do NFT scams have on companies and individuals within the crypto space, especially in terms of financial losses and reputational damage?
A: While private consumers are the most susceptible to NFT phishing attacks, businesses present significantly more opportunities for attackers. We often see NFT phishing attacks deployed in combination with other exploit methods, targeting developers or individuals with wallet permissions.
For example, a developer at a trade show might use a wallet on a company computer to test a new functionality for its customers. The wallet itself may not contain any valuable assets, but an attacker can send an NFT to the wallet that directs the developer to download a browser extension or software update to claim a reward or update the wallet. Unbeknownst to the developer, the downloaded software contains malware that exploits the computer’s API keys for a production development environment.
For institutional investors, such as crypto traders or asset managers, an attacker can contaminate the wallet’s transaction history by transferring an NFT called ‘$10,000 USDT’. An unsuspecting merchant or operations staff can quickly copy and paste an address thinking it looks like a frequent counterparty, only to be tricked into transferring funds to the attacker’s wallet.
Or take a crypto hedge fund that is regularly eligible for airdrops. The attacker can use the metadata of the NFT text or image to direct a merchant to visit a dApp to claim an airdropped token. The attacker impersonates a well-known dApp by copying the frontend to make it appear legitimate. The phishing website then tricks the user into connecting and granting wallet permissions to a malicious smart contract that drains the money from their wallet.
Q: What are some common misconceptions or misconceptions people have about NFT security?
A: Many companies believe that they are not susceptible to NFT phishing attacks because they do not invest in or interact with NFTs. As outlined in the blog, attackers can more easily leverage NFT metadata to trick users into taking a certain action or contaminate their transaction history to exploit a lack of operational security – i.e. no governance policies around whitelisting processes.
To learn more about Fireblocks and get in touch with the team directly, visit their website here.
—
Editor’s Note
During our interview with Fireblocks, an ironic twist unfolded: Blockster’s Twitter account was hacked and is currently conducting a fraudulent airdrop. Adding to the alarm, Blockster’s active advertising account is inaccessible. Despite our continued attempts to contact Twitter Support, there has been no response. This disturbing experience raises major doubts about the reliability of Twitter as a platform, given its apparent lack of support. It’s worth noting that similar incidents are happening across numerous business accounts. Stay informed and exercise caution in light of these safety concerns.
