NFT trading involves serious amounts of money. With Bored Ape tokens fetching millions of dollars and lesser-known projects still bringing in thousands, there is no surprise that the NFT space has attracted thieves. While blockchain technology makes ownership bulletproof, creative NFT thieves still find ways to get hold of your treasured collectibles.
To help keep your tokens safe, we’ve detailed below how thieves steal NFTs. Should you find yourself unfortunate enough to be the victim of theft, we’ve also explained how to report a stolen NFT on Opensea and Rarible.
How NFTs are Stolen?
While blockchains such as Ethereum are next to impossible to hack thanks to cryptography, hackers and exploiters make use of vulnerabilities elsewhere in the chain of custodianship. NFT theft is typically, then, a result of human error in some form or other.
Phishing is one form of method, hackers and scammers use to steal your NFT’s. It typically involves using a fake message sent to you related to NFT’s that leads you to click on a certain link.
This link can either contain a Malware, Virus that can possibly hack your computer. However, normally, these days, clicking on such links can take you to another website, that’s Prompts you to enter your Secret Recovery Phrase of your NFT or Crypto Wallet.
There are many instances where many people who don’t have knowledge about such things, fall for such attacks and get their NFT and Crypto Stolen.
Although, the blockchain itself is very difficult to hack, hackers can steal NFT’s using Phishing attacks. This is dangerous and very common on Social Media Apps like Discord, where hackers create identical profile copies of several Blue Chip NFT Projects, and message the user about a fake Giveaway, or Mint Releases. Many people who fall for this are required to enter their Secret Recovery Phrase. If the Victim falls for it, they entirely lose their NFT and Crypto Assets.
So, never enter or give your Secret Recovery Phrase to any website, not even Opensea, Rarible or any other NFT platform.
If you ever find such websites or anyone asking your Secret Recovery Phrase, you can be 110% sure that it’s a scam or a phishing attack that you’ve fallen victim for.
Lastly, be careful of any links or spammy links that you click on your Email and especially, Discord as these links can sometimes contain Malware or Virus that can attack your computer.
The more advanced form of theft involves hackers identifying exploitable code in websites and smart contracts. These holes in the code’s logic allow bad actors to execute unintended code or be granted permission to do things they otherwise wouldn’t. Recently, for example, the Treasure marketplace (https://twitter.com/Treasure_DAO/status/1499386558230769664) was hit with a spate of thefts where a hacker spotted an exploit and was able to mint hundreds of NFTs for free.
These types of exploits are difficult to avoid as they rely on the underlying code of the website and the smart contract being sound, something outside of the typical collector’s hands. Fortunately, as with the case of Treasure’s marketplace exploit, NFTs were returned promptly and the situation was resolved. As the nascent NFT space takes shape, these bugs and vulnerabilities are likely to become less commonplace.
Falling victim to a phishing scam is a common event in the NFT space. With so much money involved in NFTs and trading happening at a breakneck speed, Phishing is commonplace right now. Recently, for example, scammers took OpenSea’s migration of old listings announcements to trick people out of NFT ownership. Ingenious but devious scam artists used phishing links that looked and sounded official to make off with more than a million dollars worth of NFTs, including Bored Apes, Mutant Apes, and Azuki tokens.
Hackers also phish for information through communication channels like Discord, Twitter, and Youtube comments. Presenting themselves as well-known investment gurus, these fake accounts are simply after wallet information such as seed phrases and passwords. Give these scammers enough information and they will drain your wallet of your NFTs and crypto.
A growing form of scam in the NFT space is also artwork theft. These are collections of tokens involve artists completely unaware their work is being used for this purpose. These often include fan art from popular games and shows or conceptual art from places like DeviantArt (https://www.deviantart.com/). A good source of information on resolving this form of theft is the Twitter account NFTtheft (https://twitter.com/NFTtheft), which specializes in artists delisting NFTs with their work.
NFTs are safe. Exploits are extremely rare and phishing scams can easily be avoided. With the NFT space still very much in its infancy, the security of the ecosystem is surprisingly robust, despite some exploits being identified. Phishing will forever be a problem as people try to part investors from their valuable NFTs but as the space evolves, these types of attacks will become easier to spot.
Ways to avoid phishing attacks include:
- Don’t click any links: hover over clicks and inspect the URL carefully before proceeding.
- Never disclose personal information: this could be used to access accounts and potentially crypto wallets.
- Changeup your passwords regularly: hackers are ingenious and can find out passwords in a multitude of ways. Changing them regularly helps prevent marketplace account loss.
- Never Give your Secret Recovery Phrase to Anyone or Any Site: This is the most important one, your Secret Recovery Phrase is like your main key to your NFT and Crypto Assets, Never give it to anyone. It must only be used to Recover a Crypto Wallet. Once you lose, you lose all your NFT and Crypto Assets.
If you have found your NFT stolen, delisted, or frozen on OpenSea, you will want to do the following:
- Email email@example.com
- Use the term “Stolen NFT” in your subject line
- In the body text detail the token ID, URL, collection, and leave a contact address.
- You should also include as much information as you can on how the NFT was obtained illegally.
Reporting a stolen or fraudulent NFT to Rarible is relatively simple too:
- Go to Rarible.com (https://www.rarible.com)
- Locate the search button and type in the name of your NFTs collection and ID of the token
- Once you have found your stolen NFTs listing locate the “…” button next to the title of the NFT
- Scroll down in this list and click on “report”
- A popup will appear in which you can then detail the problem.
- After reporting the NFT, proceed to email firstname.lastname@example.org detailing the situation with as much information as possible.
While, hopefully, you’ll never need to know how to report a stolen NFT on Opensea and Rarible, at least with this knowledge you now know the best way of resolving the situation quickly should the worst happen.
Protect Your Crypto Assets!
If you’re looking for a secure and easy way to manage your crypto and NFTs, look no further than the Ledger Nano X. With new Bluetooth-enabled hardware wallet makes it simple and easy to buy, exchange, and grow your digital assets, all while keeping them safe and secure. With support for over 1,100 cryptocurrencies and tokens, you can be sure that your Ledger Nano X will be able to keep up with your growing portfolio. And with our new NFT manager, you can easily view, manage, and transfer your NFTs right from your wallet. So whether you’re just getting started in the world of crypto or you’re a seasoned pro, the Ledger Nano X is the perfect solution for you