NFTs – How Safe Are They?

Just this March, Christie’s Auction House sold a non-fungible token (NFT) based art for more than $69 thousand dollars. Since then, NFTs continue to capture the attention of consumers, celebrities, and businesses around the world, but the security risks associated are very real.

While discovering new and inventive ways to exchange currency is par for the course in the digital age we live in, being aware of the security risks and taking actions to mitigate those risks will be imperative both in the short and long term.

What are NFTs?

NFTs are pieces of digital content that are stored on a blockchain, which is the same foundation for other cryptocurrencies, such as Bitcoin or Ethereum. What sets NFTs apart from other cryptocurrencies like Bitcoin and Ethereum is that each token is completely unique, so, unlike its predecessors, they cannot be traded or replicated.

How safe are NFTs?

NFTs are a burgeoning industry with a lack of regulations and oversight by design as it is blockchain-based, like cryptocurrencies. As such, the security implications will exponentially increase as user adoption grows with new attack vectors continuously discovered. It’s no secret threat actors are motivated opportunists who will attempt to pilfer any asset, physical or digital, that holds value. There have been many high-profile wallet storage attacks in the cryptocurrency industry over the years. Likewise, NFT wallets are an unregulated industry with private companies utilizing varying degrees of cybersecurity defense techniques to prevent attacks. So in short – they aren’t very secure.

Also in March, attackers compromised multiple Nifty Gateway NFT user accounts and were able to transfer the previously purchased NFTs from their account and purchase new ones to transfer with their payment cards on file. While the users’ cash was recovered, the NFTs were lost to the attackers who promptly sold them to another NFT purchaser located on a different platform since the platform itself, like Nifty Gateway, holds the private keys associated with the NFT and they weren’t recoverable after being transferred.

How can you stay safe when handling NFTs?

The most important things users can do to protect their NFTs are simple but important actions to take on all online accounts, which include:

  • Multi-factor authentication (MFA): While it’s not a failsafe, this simple step makes it exponentially more difficult for threat actors to gain access to your account. By connecting your logins with a phone number or an alternate email account, you can get a notification if someone is attempting to access your account.
  • Password hygiene: his may seem like another no-brainer, but both consumers and businesses have trouble taking necessary steps to ensure the safety of the passwords themselves. To have good password hygiene, you must use (1) lower and uppercase, (2) numbers, (3) special characters and (4) different and unique passwords for every account. While it takes more effort to remember all the different passwords you use on which sites, there are tools out there that can securely store your passwords, like Keeper or LastPass.
  • Secure Storage: For both users and companies, when applicable and done properly, cold storage of digital assets (meaning not stored in an online environment) offers the best security from Internet-connected thieves. But even then, cold storage solutions, whether it be hardware, paper or desktop wallets, still must be physically secured to protect against loss, damage or theft.

Because the NFT industry has a lack of regulations and oversight, it’s no secret among threat actors that there are legal loopholes that exist in the industry, which will allow some to operate with impunity in certain scenarios. If you are a current owner of NFTs or are thinking about buying, the best way to proceed is to educate yourself on the vulnerabilities and take the above steps to secure your environment.

For more information on how Zix can protect your financial data including NFTs, check out our Financial Services page