Report: Here’s How Hackers Utilized Loopholes To Move $12 Billion Worth of NFT
The non-fungible token (NFT) space in 2021 suffered losses that have dented the fortune of the decentralized finance industry. A cybersecurity report indicates that hackers moved $22 billion of NFTs the previous year.
Hackers Steal $12 Billion Worth of NFT in 2021
A cybersecurity report from the London-based firm, Elliptic shows the various NFT fraud trends in the sector. The report depicts how price manipulation and money laundering by DeFi hackers cut across world regions.
Dubbed “NFT Report 2022,” released on August 26, the document discussed the dark sides of the DeFi ecosystem and cautioned individuals on how to navigate and perform transactions safely.
According to the document, like other sectors, there are loopholes to explore on DeFi platforms. Malicious individuals constantly seek ways to identify a fault or vulnerability within the layers of code responsible for DeFi’s operations. The document stressed the need to audit a code before allowing it to interact with users’ wallets.
However, the report indicates that projects that use smart contracts and DeFi protocols are prone to compromise. Even NFT-based DeFi platforms are not immune as they have been one of the targets of attackers on numerous occasions.
The NFT-based DeFi gaming network, Axie Infinity, is the perfect example of an NFT platform that has experienced massive loss from hacking.
The notorious North Korean hacking group Lazarus stole nearly $450 million worth of crypto assets from the platform. As a result, this makes the Axie Ronin Bridge Attack the second-largest in the industry.
According to an Elliptic November 2021 estimate, the DeFi ecosystem has a whopping $247 billion total value locked up.
Rising Hacking Incidents
The Elliptic report shows that NFT marketplaces and DeFi protocols have lost $260 million from private key theft between 2020 and 2021.
However, DeFi platforms, in particular, have a unique experience with hacking. This is because developers were given the freedom to change their smart contract codes to nip any vulnerability in the bud. Still, hackers do find ways to conduct rug pulls and large-scale theft.
According to the report, hackers did this after using social engineering to get their hands on private keys belonging to the developer. This they do by striking up a conversation with victims on social media, using pretense to get what they want.
Another critical area hackers exploit through airdrops. NFT projects more often used airdrops to hype their products. The developers do this by taking snapshots of the collections and dishing out rewards. The rewards are called airdrops, which are given based on certain conditions. Hackers usually participate in airdrops to find ways to navigate.
Others are marketplace code exploits and application protocol interface (API) exploits.
The report concludes that despite several efforts to enhance security, hackers still find a way to breach the security of most NFT and DeFi platforms.
