Can an NFT Be Hacked? Understanding How to Keep Your Assets Safe

by Jake Wengroff

The short answer is “Yes.” Your assets can be hacked on an NFT in the same way that crypto assets are stolen from digital wallets and exchanges.

NFT stands for “non-fungible token,” and according to The Verge, it can technically contain anything digital, including drawings, animated GIFs, songs or items in video games. An NFT can either be a one-of-a-kind item, like a real-life painting, or one copy of many items, like trading cards, but the blockchain keeps track of who has ownership of the file. NFTs allow you to buy and sell ownership of unique digital items and keep track of who owns them using blockchain technology.

Many NFTs have suddenly become high-value assets; Grimes sold a series of 10 digital artworks for around $6 million, and digital artist Beeple sold an NFT for $69 million at Christie’s. “So it’s unfortunately not altogether surprising that NFT platforms have become targets for hackers looking to steal the digital artworks or take credit card information to buy more,” notes The Verge.

As with the compromise or theft of crypto assets, it is not a hack of the underlying blockchain or of the servers holding the crypto assets that causes such breaches. The underlying blockchain technology that supports crypto assets would be difficult to get hacked, as the hacker would have to breach a massive number of servers in order to gain access to the private keys for those assets.

Instead, hackers target the digital services, platforms and networks that asset owners use to purchase, trade or store those crypto assets that get hacked.

How to Protect against a Hack of Your NFT 

Given the blockchain-based nature of NFTs, NFT marketplaces like Nifty Gateway do not have control of an NFT once it is stolen. As such, it seems unlikely that the users who had their assets stolen will be able to recover their lost collections.

NFT marketplaces receive a lot less traffic than do larger Bitcoin and cryptocurrency wallets and exchanges. When a hack of those platforms occurs, the platform usually acts quickly to restore assets, or perhaps has some insurance set aside to compensate victims of theft or compromise.

“We encourage our users to enable 2FA [two-factor authentication] that we provide on the platform and never reuse passwords,” Nifty Gateway said in a statement to victims of a breach that occurred in March of this year. “We have seen some reports that NFTs involved in these account takeovers were sold in transactions negotiated over Discord or Twitter. We strongly encourage all Nifty Gateway customers to purchase their NFTs on the official Nifty Gateway marketplace.”

While two-factor authentication does add a layer of security, owners of crypto assets need to build as much protection as possible into their devices, apps and networks. Updating a WiFi router’s firmware, using unique passwords, and installing firewalls can go a long way in protecting a user’s environment from unauthorized access.

NFT assets can also be stored in “cold” wallets, the same as Bitcoin and cryptocurrencies, in which the private keys are printed on paper and stored in a physically safe location offline.

A Title Registry as a Way to Prove Ownership

As the blockchain makes its way through other asset classes, such as the art and collectible worlds, owners and service providers can benefit from a third-party record of ownership. 

TransitNet is creating the industry’s first offchain title registry of record for digital wallets and other platforms. More than an additional layer of protection for crypto assets, the title registry also provides proof of ownership no matter what the transaction. 

Join the forefront of the new crypto infrastructure.

Request an exclusive registration for TransitNet’s title registry when it launches today!

Jake Wengroff writes about technology and financial services. A former technology reporter for CBS Radio, Jake covers such topics as security, mobility, e-commerce, and IoT.

SourceThe Verge – Hackers stole NFTs from Nifty Gateway users