Can NFT be stolen?

in #crypto3 years ago (edited)

NFT — A Quick Introduction

Let’s start with the words themselves. In economics, “fungible” is a term used for things that can be exchanged for other things of exactly the same kind. The U.S. dollar is fungible, because you and a friend can trade $1 bills, and each of you will still have the exact same spending power. Most cryptocurrencies are fungible, too — a bitcoin is a bitcoin, and it doesn’t really matter which bitcoin you have.

But most objects in the physical world, such as cars and houses, are nonfungible — meaning they have unique qualities, and you can’t just exchange them for others of the same type. (You might be willing to swap your 2020 Honda Civic for another 2020 Honda Civic, but the cars wouldn’t be exactly the same, and you’d want to know what condition the other car was in before you’d agree to the trade.)

Tokens, in crypto speak, are units of value stored on a blockchain. Cryptocurrencies like bitcoin, ether and dogecoin are tokens, but not all tokens are meant to be used as money. Tokens can be attached to tangible goods — Nike, for example, is experimenting with crypto tokens that are linked to the ownership of physical shoes — but they can also represent intangible goods, like access to a private chatroom or storage space on a cloud server.

So nonfungible tokens are sort of like cryptocurrencies, except they have unique qualities and they aren’t necessarily used as money.

non-fungible-token-6850539_1920.jpg

NFT Stealing

Unlike your favorite baseball card, thieves can’t steal NFTs from your hands. But let’s talk about the very real security risks in the world of digital collectibles. If you’ve just come here to see if an NFT can be stolen, the simple answer is yes. However, the meaning of “stealing” in the context of blockchain-based collectibles is very different from, for example, the 1952 Topps Mickey Mantle and the Yeezy prototype pair that you can hold in your hand. In most cases (but not all!), Untrusted token theft can be split into two main areas (or a combination of both). A scam designed to trick users into transferring assets or gaining access to the entire cryptocurrency wallet Exploiting existing vulnerabilities in the NFT platform or other online communities Importantly, a user’s own oversight or error can and does contribute to crypto asset theft in both cases — not just the former — though no two cases are created equal

nft-6888382_1280.png

Are Hackers capable of Stealing My NFTs?

Well, that ultimately depends on your definition of what a “hacker” is.

Due to the decentralized and decentralized principles that underlie cryptography, the entire blockchain network in which Bored Ape NFTs live cannot be “hacked” to hack email or Amazon accounts. Internalizing what this fictitious Web3 hacker is doing will require a paradigm shift in information security and how to understand digital threats, and perhaps an unimaginable amount of computing power.

For now, the more accurate term for the common NFT thief is a familiar one: scammer.

Specifically, one who deceives a user into opening up their own wallets.

CASE 1: Hacking Digital Communities Like Discord via Web hooks

A number of NFT lovers clicked a hyperlink from a convincing-but-faux Discord bot and had been robbed of upwards of $150,000 in crypto assets.
Webhooks are API functions that allow packages to screen data dispatched to a selected internet deal with and convey an movement as a result — they basically “listen” for sure situations to be met that cause responses often taking the shape of notifications. But webhooks may be hijacked for malicious functions inside groups that don`t take right authentication safeguards.
In the case of the Fractal event, their Discord channel lacked the anti-spoofing measures that might have averted a webhook from fraudulently impersonating a Discord bot post.

CASE 2: Tricking users to grant access to crypto wallets

You don’t have to hack the Discord channel to escape with an NFT that isn’t yours. Some users are fooled by fake potential buyers in a much more obvious way.
Elsewhere, many chat channels have inevitably popped up under the guise of “OpenSea support” or other services that may be useful to all compelling NFT owners.
Why is Discord a common target for this type of deception? Because such an isolated and intimate community can be the last place that crypto collectors feel need to be vigilant.
Many of these communities are aware of such opportunities and adjust their rules, privileges and protections accordingly. But the risks remain.

Can an NFT Be Stolen Without Deceiving its Owner First?

CASE 1: Cybersecurity Issues on NFT Platforms

Nifty Gateway, a popular digital marketplace owned by the crypto exchange Gemini, experienced a direct hack in March 2021. Several users were watching their accounts stolen, locked out, and their NFT assets stolen with an old-fashioned smash hand grab. This isn’t what you see in Discord, but at least one principle is the same here.
It’s not about hacking someone’s crypto wallet directly, but about exploiting another platform that many crypto wallets connect to. Until now, the idea that a malicious attacker could hack the entire blockchain as if it were a government computer network or power grid is unimaginable.
But the important thing is that he or she doesn’t have to.
Nifty’s cybersecurity issues that led to last year’s event have been resolved. But the fact that it happened altogether is amazing and represents one of the major obstacles as the world makes a major transition from Web2 to Web3.

CASE 2: When Bad Guys Got Your Seed Phrase

You need two things to access the crypto wallet. Specifically, two encryption keys (a public key that encrypts data and a private key that decrypts data).
Each wallet also has a corresponding “seed phrase” (also known as a “recovery phrase”). This is a 12-word or 24-word string that allows users to recover their own crypto assets on the blockchain even if they have access to the wallet. .. That is, the seed phrase generates the encryption key needed to verify the “true” owner’s identity.
For this reason, seed phrases are not intended to be stored, for example, in your cell phone, email inbox, or in a completely unsafe place in the sun (often you choose to write them down on paper). As a result of paper). But if someone hacks your phone or email, or takes a picture of the paper you wrote, and you get your seed phrase … the game is over!

CASE 3: When Totally Unforced User Error Costs $297,000

This isn’t theft. But it did happen, and you need to know about it.
Sometimes, you want to list your Bored Ape for 75 ETH, which was about $300,000 at the time. And sometimes, you take your eye off the ball and list it for 0.75 ETH instead, or about $3,000.

FREE Guide To Start Making Money with NFT -- tinyurl dot com/cryptonftbtc (Copy and Paste this in new tab and Replace dot with actual . )

Get started with Affiliate Marketing for Just $1 -- tinyurl dot com/affiliates101 (Copy and Paste this in new tab and Replace dot with actual . )

Coin Marketplace

STEEM 0.22
TRX 0.25
JST 0.039
BTC 95428.83
ETH 3314.03
USDT 1.00
SBD 3.16