Security In NFTs
When people discuss security in the crypto space, particularly in NFTs, the first and possibly only thing that comes to mind is avoiding interactions with phishing links or harmful smart contracts. Most people, on the other hand, believe that getting a Ledger wallet will solve all of their problems.
There are other methods to be hacked, even if you have a Ledger wallet, and you don’t even have to click a link to have your wallet erased and your money or NFTs stolen.
Many Crypto/NFT aficionados utilize a computer to engage with the blockchain, which is an incredible advancement in our generation. The blockchain, on the other hand, is an unforgiving platform; the data is immutable, if you snooze, you lose. Because some of these loopholes are as old as or even older than the technology itself, enthusiasts are often unaware of other security flaws. According to CoinGecko.com, the crypto market is currently valued at $1.78 trillion and due to the entrance of this large cheval of cash, it has attracted a den of scammers. This is a significant sum of money, and hackers and scammers have exploited it by fine-tuning malicious programs to their advantage, siphoning money and valuable NFTs from unsuspecting traders.
There are a number of ways you can get compromised in the space, by malware; clipboard hijackers, malicious .scr files and so on.
Clipboard Hijacking
A clipboard is a temporary storage buffer that gets created when we copy information. So when you click Ctrl +C, the data copied is temporarily stored on the clipboard, before you click Ctrl +V to paste, the data remains on the clipboard for a while until you copy another data or sign out of your computer. Clipboard hijacking is a malicious practice of confiscating a victim’s clipboard, a clipboard hijacker is a type of malware that replaces whatever is in the buffer with malicious data, what this means is if your clipboard is hijacked whenever you copy a data, the malware can alter the contents of the copied data. Still wondering how this affects your wallet? Walk with me.
To gain access to your wallet, a clipboard hijacker does not require you to interact with any smart contracts or send your seed phrase; all it needs is to find a way into your PC and stay there. Isn’t it amusing? You might be asking how I’m being compromised if it’s not interacting with my wallet or its contents. As a crypto enthusiast, especially an NFT degen, you’d be transferring a lot of money from wallet to wallet.
Imagine this scenario: you’ve been whitelisted to mint a popular project on CT (crypto twitter), it’s mint day, you’ve submitted your burner wallet address (a separate wallet you created specifically for minting), you’re trying to send money from your main wallet or your Ledger wallet to your burner wallet, and this is the moment the clipboard hijacker wallet has been waiting for: you copy and paste your destination address, then click send without double-checking the address. You have sent money many times before now, so why check address? What you may not realize is that the clipboard hijacker has changed the wallet address you copied to another wallet address, presumably for the hacker. You hit send, and now you’re waiting for the money to arrive, but it never does since it’s been diverted to another wallet.
What happened was that the malware was programmed to change any string of characters beginning with the letter “0x,” which is for ERC tokens, and some to change bitcoin addresses. You copied an address, your address, and it recognized that string and changed it to default, and that’s how you send money to the wrong wallet without being forced to interact with a smart contract; they didn’t even need your seed phrase, did they? The engineered clipboard hijacker will not alter any other data copied on to the clipboard, except for wallet addresses if recognized, and that’s how they are unnoticed in your PC. Don’t get too relaxed, we have clipboard hijackers on mobile phones as well.
Key Logger
This one is quite popular among crypto enthusiasts but what is unpopular is the manner in which they appear in your PC. A keylogger is another malware specifically a spyware, it records every keystroke you make on your computer’s keyboard.A hacker can use this information to figure out your username and password for a variety of websites without even seeing what is on the screen. This is a no-brainer; you immediately recognize how this affects you because you use a lot of passwords, recovery passwords, and the like. Don’t be fooled; with a keylogger on your PC, the hacker has every single record of your keyboard activity; it basically mirrors your keyboard activities and all it needs are your seed phrases, say you forgot your Metamask password. You attempt to recover your wallet, enter your seed phrase, and the rest is history. Malware infiltrates your computer in a variety of ways, most typically through files, and causes damage.
.SCR Files
An SCR file is a screensaver that Windows uses to save energy. You can use it as a Windows screensaver because it features a graphic, animation, slide show, or video. These Windows screensavers were created to help CRT and plasma display monitors last longer. If a user has defined a screensaver in Windows’ display properties, the system will automatically activate the user’s selected screensaver after a certain amount of inactivity on the PC. This is done to keep the power consumption of these display devices to a minimum.
SCR files are executable files that should not be opened or used as a screensaver unless their legality and source can be verified. SCR files acquired from sources other than Windows have been reported to contain viruses and other malware. They’re hidden/packed executable files that contain a virus. You might be wondering how such virus or malicious software found its way into your PC. It is quite a popular malware in the NFT community, and it has been circulating for a while now. It has the ability to take virtually everything you have saved on your computer. The info it can take from your computer is listed below.
Sensitive system information:
- IP, Country, City
- Current PC username + HWID
- Keyboard layouts
- Screenshots of the screen
- Screen resolution
- Operating system
- UAC settings
- Malware admin access
- User-Agent information about the components of the PC (video cards, processors)
- Installed antiviruses/antimalware
Cryptocurrency wallet information:
- Metamask
- Coinbase
- BinanceChain Wallet
- BraveWallet
Software information:
Discord token
Telegram credentials
All browser passwords/cookies on Chromium (Chrome etc.)
All browser passwords/cookies running on Gecko (Mozilla FireFox etc.)
Scammers posing as an NFT artist or a project as a whole send messages to your social media accounts demanding that you join their team, check out their work, as one of their various plots in order to convince you to download this .scr file onto your computer. Once you’ve downloaded it, it’s encrypted, and the hackers give you a password to use to unzip it, which is the start of the end! So you might want to disable your DMs on social media, particularly on Discord, which has become one of the most popular NFT apps.
Website Clones
This is a little different from the others in that there is no malware involved, but the damage can be just as bad as a keylogger. Remember that when a hacker installs spyware on your PC, he tracks your keyboard activity, so he has access to the sites you interact with the most, especially those where you have to connect your wallet. They then proceed to clone those sites so that the next time you search for those sites, the clones appear and you click to engage with them, even connecting your wallet; however, because they are clones, it is difficult to tell the difference. Some even clone Metamask extensions and ask for your seed phrase.
In general, not clicking on phishing URLs or dealing with fraudulent smart contracts will not entirely secure your wallet; you should also safeguard your PC from some of these malwares.
How do I Prevent these Hacks?
You can never go wrong with a hardware wallet like Ledger, however a clipboard hijacker can cause a lot of problems even with your hardware wallet. Getting a hardware wallet minimizes your chances of being hacked and having your cash or NFTs stolen.
Aside from having a hardware wallet, investing in your PC’s security should be a primary priority. Purchase and install licensed and reputable anti-malware software on your device, and have it turned on at all times. These programs run routine checks on your PC to detect harmful software. Consider having one on your computer.
Even if you have a hardware wallet and a top-notch anti-malware program, you must be extremely cautious when opening links because the bulk of them are designed to drain your wallet. To avoid clicking onto clones, you should bookmark your sites and protocols so you don’t have to type them into the search bar every time you need them.
Keeping your seed phrase safe is the most important, and it should be the first thing you secure in this space. The seed phrase gives anyone who has it access to your wallet’s private keys, as well as the contents of your wallet. As a result, one must be cautious with seed phrases. Do not take a screenshot of your seed phrase, do not store it in any digital form; instead, take a pen and write it down in a journal that you can keep safe from theft and fire. If your seed word falls into the wrong hands, you could lose everything. Never reveal your seed phrase to anyone.
Yes, Metamask does not employ 2FA, but are you sure you want to leave your centralized exchange wallets exposed? Managing your passwords and utilizing Two-Factor Authentication(2FA) will also save you a lot from these hacks. Do not use simple passwords or a single password for everything; if you have trouble remembering passwords, I recommend writing them down in the same book where you put your seed phrases.
Interacting with smart contracts can be technical because hackers will sometimes deploy a smart contract that will drain your wallet, but this smart contract will not do so until you approve or sign it, and you will be prompted about what the contract does before approving. The hackers are counting on your ignorance to not read the prompt before signing the contract, and a lot of people just sign these things and their assets are wiped. We’re talking about your money here, so read over every prompt or smart contract before approving.
Enable your File Extensions. Setting Windows to display file extensions is a good idea for security reasons. For example, the.exe file extension is one of many that Windows uses as a program. If the extension is hidden, it’s impossible to know whether a file is a program, a safe document, or a media file. Please activate this setting since hackers can modify a program’s icon.
If you run a check on your PC and discover some of these things, don’t panic; simply transfer your most valuable NFTs and assets to a hardware wallet, download anti-malware software and run a deep scan on your system; if you’re not convinced it did a good job, look for any suspicious EXE files that are currently running in task manager. Stop those activities as soon as possible and erase the malicious data you’ve downloaded from your computer.
You can back up your files and then reinstall Windows. Disconnect your computer from the internet and start your Windows PC in safe mode to create a backup of your files.
To sum it up, the crypto/NFT space is still relatively new, and the technology is still in its infancy. However, it appears to me that these hackers or scammers are outpacing the innovations, inventing new ways to defraud victims, so the space is not entirely safe; you can’t be 100 percent secure, because even big crypto companies are hacked. I hope that security solutions emerge in the coming months or years, but until then, you should be cautious and conduct due diligence. Your security is literally in your hands thanks to the blockchain.
Thank you for reading!
Consider following me on Twitter for essential NFT-related news and updates. I’m an NFT collector and Blockchain enthusiast.
