The NFT (non-fungible token) market ‘virtually’ exploded in 2021, and it’s not only the crypto-natives (‘degens’) showing interest. Auction houses are now dabbling in NFTs, corporations such as Adidas and Coca-Cola have taken the leap, and celebrities are flaunting their ape pics to one another. According to Reuters, non-fungible tokens made up a $25 billion market over the past year while Bloomberg actually put the value at $40 billion. Also, Chainalysis, says: “Some $37 billion have already been spent on NFTs in 2022 compared to the $40 billion total paid through 2021.”
As popularity skyrockets, blockchain’s security infrastructure space has lagged. Cybercriminals are already exploring this novel space, stealing NFTs from collectors and enthusiasts through social engineering and vulnerabilities on marketplaces. As reported on Coinmarketcap, the current value of stolen NFTs stands at 24,000 ETH – a whopping $29 million at current market prices.
On February 1, NFT collector Larry Lawliet reported losing several valuable NFTs, including Bored and Mutant Apes, in a suspected social engineering attack. A quick look at Larry’s wallet reveals a rapid sequence of NFT transfers to an address beginning with 0xd27 (the presumed hacker) late on January 31. Here is what happened with the apes next:
Bear in mind that the hackers, sold off most of the tokens right on OpenSea, within minutes after the purported hack and before Larry reported the theft. Even after the platform flagged the stolen tokens, they continued to change hands.
Crypto heists differ significantly from ‘real world’ heists. Here are but a few ways:
NFTs collections are being increasingly targeted, as reports show. This means that collectors and marketplaces alike must pay more attention to their defenses, and keep their private keys safe. Up until now, ‘retail’ (hot) wallets were considered decent, low-cost solutions. The increasing sophistication of hackers suggests that these may not be enough and that NFT marketplaces, like other institutions, need an enterprise-grade custody solution to manage their NFTs.
Crypto hackers understand how to identify attack surfaces, inject malicious code, and access backdoors into the world of private keys. Once hackers have control of the marketplaces’ private keys, they can funnel NFTs directly into their own accounts. More importantly, in the case where the marketplace has its own NFT collection, hackers, according to the business logic of the smart contract, might also be able to control the minting and burning of the NFTs. This can lead to a loss of the whole collection.
It might be time for NFT marketplaces to consider advanced enterprise-grade, self-custody solutions, which enable them to manage and monetize their NFTs (just like any other blockchain-based digital assets), in a more secure fashion. As opposed to ‘outsourcing’ custody to a 3rd party custodian (which might seem like a quick and simple solution), self-custody solutions come with the benefits of lower costs, less risk, and more flexibility in offering new services according to the evolving strategy down the road.
Additional revenue generating opportunities lie in offering custody as a service. Given the hacks mentioned above, it is likely to assume that marketplace patrons would appreciate some help safeguarding their NFTs. With a self-custody solution, marketplaces can offer ‘custody-as-a-service’ – thereby helping patrons safeguard their NFTs until they are willing to part with them.
From here, the potential revenues are virtually unlimited. The custody solution becomes part of the company’s infrastructure ‘on top of which’ the marketplace can offer a wider variety of services according to the supported functionalities of the protocols. Security is not just a threat, it can also be an opportunity.
To learn more about GK8’s innovative custody solutions, click here.