NFTs are tokens that represent digital ownership of an object. It’s an identifier or in other words, a record on the blockchain that is associated with the asset in question.
This concept quickly gained popularity among fans of trading as well as advocates of the metaverse. This extreme popularity while showing the potential of the technology, has also led to big investments and, as a result, multiple hacker attacks.
Are they safe to use
While NFTs themselves pose little risk aside from not going up in price, they are a constant target. They are an easy way for hackers to gain access to users’ wallets. For example, NFTs can be sent during airdrops or various events and promo campaigns. This way, a scam project can get a hold of the user’s wallet. Attackers go as far as creating fake discord servers like in the case of CryptoBatz attack, or websites.
This isn’t the only risk, since many malicious NFT projects use actual artworks without the consent of the real creators. Copyright infringement is among the most popular reasonsу.
So even with NFTs being a profitable concept, they aren’t fully protected from online criminals
Most popular types of attacks
There have been various types of attacks on non-fungible tokens in the last few years. One of the most well-known ones was the OpenSea marketplace. Hackers purchased a large number of tokens at a low price to resell them for a higher price. The amount of losses added up to over $700 000 (around 300 ETH). During this attack, the hackers managed to remove the original listing of the tokens from the portal. However, it remained on the API thus confusing users.
Scam links were used to attack both Full Send Metacard and Fractal both through projects’ Discord servers.
Are there ways to protect NFTs?
An NFT smart contract audit is a complete check of the contract and its features. Audits prevent NFTs from being stolen due to issues within their code. Aside from that, if there are any vulnerabilities that can affect the minting function, resulting in creating tokens without the knowledge of the marketplace. An NFT audit is always concluded by a third party which guarantees impartial judgment. 0xGuard offers the services of experienced auditors with vast knowledge of NFT contracts.
Most common issues
An NFT contract audit can contain various kinds of vulnerabilities so let’s take a look on the most common ones.
Sales: the contract sets limits on the maximum number of NFT tokens that can be purchased by one wallet. During the Adidas token sale, a hacker obtained 330 tokens. To do that, they removed the limit allowing to buy a maximum of 2 NFTs per user.
Marketplace: As a place where the NFTs are sold, the marketplace has to be impervious to external attacks.
Re-entrancy: This vulnerability is popular with the most popular OpenZeppelin NFT standard.
Rug pulls: on several occasions, project owners disappeared with the money after a sale, leaving NFT buyers hanging.
An NFT project audit can bring accountability to the fast-growing and very promising market of non-fungible tokens. 0xGuard provides expert audits to assure that the NFTs are safe to use.