Safeguarding Your Business from NFT Phishing: Insights from Fireblocks

In the ever-evolving digital landscape, safeguarding your business from NFT phishing attacks and spam has become more critical than ever before.

—

Enter Fireblocks, a Web3 security leader, and its Head of R&D for Web3, Avi Bashan, who unravels the driving factors behind this trend. From exploiting Twitter verified badges to the surge of NFT minting on Layer 2 blockchains, Fireblocks introduces a cutting-edge threat detection tool within its NFT Library, providing essential defense against financial losses and reputational harm.

As per blockchain analytics firm Elliptic, over $100 million worth of NFTs have been reported stolen through scams from 2021 to 2022, and OpenSea reveals that over 80% of 2022 NFTs were plagued by plagiarism, fakes, or spam—statistics that draw a parallel with the rampant prevalence of spam in emails, where Symantec estimates nearly 85% are spam.

Let's delve into more details about how to safeguard yourself against these threats.

Q: What factors do you believe are driving the recent surge in NFT scams and fake airdrops within the crypto industry?

A: Multiple factors have led to NFTs being recently leveraged by bad actors including an increased retail interest in crypto such as the ability to utilize the Twitter verified badge to create credibility for spam advertisements, the popularity of NFT minting on L2 blockchains, improved wallet functionality to support NFTs, and the lack of threat detection tools integrated into wallets that mitigate NFT phishing attempts.

NFTs are a useful medium for attacks because attackers can leverage the metadata text or image to display a message and instruct users to take a specific action.

Q: Could you explain how Fireblocks' new threat detection tool within its NFT Library works and how it helps safeguard users?

A: The Fireblocks NFT Library is a dashboard that displays NFTs and allows users to easily manage their collections. Fireblocks’ new NFT Spam Protection detects spam and phishing NFTs before they are even displayed on customers’ NFT Library.

When an NFT is transferred to a customer’s wallet, Fireblocks automatically analyzes the NFT for characteristics commonly associated with spam, such as: low-value or mass-produced collections, unverified creators or marketplaces, repetitive or nonsensical metadata, and suspicious transaction patterns.

If Fireblocks detects that the incoming NFT matches spam or phishing characteristics, we automatically hide the NFT from the main NFT Library display. The Fireblocks NFT Library has a “hidden” view to allow customers to view NFTs that Fireblocks has identified as spam, as well as NFTs that the user has manually hidden.

This is a critical feature for businesses who custody their NFT collections on Fireblocks and retail businesses who use Fireblocks Wallets-as-a-Service to custody tokens and NFTs for their customers.

Q: What specific characteristics or indicators does Fireblocks' NFT Spam Protection tool analyze to identify potential spam NFTS?

A: Low-value or mass-produced collections, unverified creators or marketplaces, repetitive or nonsensical metadata, and suspicious transaction patterns. Fireblocks leverages insights from Blockaid, a Web3 threat intelligence platform, to detect malicious NFTs.

Q: What impact do NFT scams have on businesses and individuals within the crypto space, particularly in terms of financial losses and reputational damage?

A: While retail consumers are most susceptible to NFT phishing attacks, businesses present a significantly higher opportunity for attackers. Often, we see NFT phishing attacks deployed in tandem with other exploit methods targeted at developers or any individual with wallet permissions.

For example, a developer at an exchange may be using a wallet on a company computer to test a new functionality for their customers. The wallet itself may not have high-value assets but an attacker could airdrop an NFT to the wallet that instructs the developer to download a browser extension or software update to claim a reward or update their wallet. Unbeknownst to the developer, the downloaded software contains malware that exploits the computer that has API keys to a production development environment.

For institutional investors, such as crypto traders or asset managers, an attacker could contaminate the wallet transaction history by transferring an NFT named “$10,000 USDT.” An unsuspecting trader or operations personnel might quickly copy and paste an address believing that it resembles a frequent counterparty but are tricked into transferring funds to the attackers’ wallet.

Or take a crypto hedge fund that is frequently eligible for airdrops. The attacker could use the NFT text or image metadata to direct a trader to visit a dApp to claim an airdropped token. The attacker impersonates a well-known dApp by copying the front end to seem legitimate. The phishing website then tricks the user into connecting and granting wallet permissions to a malicious smart contract that drains their wallet funds.

Q: What are some common misconceptions or misunderstandings people have about NFT security?

A: Many businesses believe that because they do not invest or interact with NFTs, they are not susceptible to NFT phishing attacks. As outlined in the blog, attackers can more easily leverage NFT metadata to trick users into taking a certain action or pollute their transaction history to exploit a lack of operational security – i.e. not setting governance policies around address whitelisting processes.

For more information about Fireblocks and to connect with the team directly, visit their website here.

—

Editor's Note

During our interview with Fireblocks, an ironic twist unfolded - Blockster's Twitter account was hacked and is presently running a scam airdrop. Adding to the alarm, Blockster's active ad account is inaccessible. Despite our persistent attempts to contact Twitter Support, there has been no response. This disconcerting experience raises significant doubts about the trustworthiness of Twitter as a platform, given its apparent lack of support. It's worth noting that similar incidents are occurring with numerous business accounts. Stay informed and exercise caution in light of these security concerns.