The art of stealing NFT: How hackers stole $22 million worth of NFT in minutes

With the advent of non-fungible tokens (NFT) art theft became a trivial task for hackers, since it is enough to deploy a phishing campaign to deceive enthusiasts of these virtual assets, making huge profits using only malicious emails.

Such seems to be the case affecting Todd Kramer, a renowned gallerist and art curator specializing in NFTs and emerging artists. Through his Twitter account, Kramer revealed that he suffered a cyberattack that led to the loss of some of his pieces part of the Bored Ape Yacht Club NFT collection, worth almost $2.5 million USD.

Apparently, the theft was possible because the victim visited a fake website believing it to be a legitimate platform, which allowed threat actors to access their online accounts and conduct transactions on Kramer’s behalf. The cybercriminals would have accessed the victim’s hot wallet, a term by which cryptocurrency wallets that require an Internet connection are known, eventually reaching their NFT assets.

Unfortunately for digital art enthusiasts, this is not the only similar incident recorded recently. On social networks such as Twitter, every week new reports accumulate about users, investors and creators of NFT ensuring that their platforms were compromised, losing thousands of dollars in the process.

Sergio Carrasco, a specialist in digital law, mentions that these thefts begin with simple emails of harmless appearance or with messages shared on Discord or Telegram channels: “According to what has been mentioned, Kramer would have clicked on some phishing contract pretending to be a legitimate decentralized app, granting access to its NFT tokens,” theorizes the expert.

Other users familiar with the subject believe that, in addition to cyberattacks, these problems exist due to the decentralized nature of these assets, favoring malicious behavior and exposing investors to all kinds of hacking attempts. Considering that this is becoming a multi-billion dollar industry, the security measures inherent in the NFT trade leave much to be desired.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.