NFT Theft: 3 Times NFTs Were Stolen By Hackers

From single JPEGs worth $69M to the possibility of using NFT technology in real estate, it’s no surprise that these wildly useable tokens have attracted loads of attention, both good and bad. 

Losing an NFT is more than just losing a screenshot– it could be millions or multiple millions of losses. 

With a higher number of individual wallets suddenly becoming worth millions due to price increases, the rise of NFT theft is inevitable.

A quick refresher: as unique digital assets that live on a blockchain, NFTs represent anything from game assets or characters, songs, articles, digital art, and even tweets. The tokens themselves are valuable because they are unique and cannot be faked since they are blockchain assets– and markets respond accordingly to the provable scarcity. The actual trade value of an NFT depends on how well-known its creators are, its previous purchase value, ownership history. 

Now that we know what NFTs are and why they are valuable let’s talk about some times NFTs were stolen by hackers and how. 

OpenSea’s User Side Hacks 

OpenSea is one of the world’s largest NFT marketplaces. So when, in February 2022, several OpenSea users reported that their accounts had been compromised, it spread like wildfire. 

First, it was thought that the hack had led to NFT thefts worth about $200 million. 

Then, a Twitter thread posted by blockchain security analysis firm PeckShield was retweeted by the CEO of OpenSea. The thread shared a technical analysis of the hack, revealing that only about $1.7M worth of NFTs had been stolen, and that there were 17 users affected.

Whereas readers had initially believed that OpenSea itself was compromised, it came out that the hack occurred through a phishing attack. 

While it looks like only 17 users were affected by the attack, others are concerned that they may have been compromised as well, although these complaints have yet to be addressed by OpenSea. 

Even more, OpenSea faces legal action by one of the victims who lost a Bored Ape NFT worth millions. 

Besides the legal suit and the phishing attack, Fortune reports that OpenSea paid about $1.8 million to some of its users after a bug on its website allowed bad actors to purchase NFTs for less than what they were worth. 

The MetaMask Hack

Metamask is a secure wallet app and web browser known for storing Ethereum tokens and NFTs. 

In December 2021, a phishing attack impersonating Metamask Support invited users to seek help by filling out a Google Docs form. The form requested the user’s secret recovery phrase. A secret recovery phrase would allow a malicious actor to respawn a user’s wallet and steal its content. 

Seeing as Metamask is an ETH wallet, this would majorly affect a user’s NFTs.

Fortunately, the attack was discovered early and the phishing bot was flagged by Metamask.

Sleepminting: The Beeple NFT Theft

Beeple’s Everydays – The First 5000 Days is one of the most valuable NFTs in existence. Sold for a whopping $69M, this NFT rocked the blockchain universe.

So when it was hacked by someone called  “Mr. Nobody,” (aka Monsieur Personne), it was pretty alarming.

Sleepminting, first introduced by Personne, is a process that allows a hacker to “mint” an NFT under the name of someone without their knowledge or consent.

In April 2021, Personne, a self-acclaimed “white-hat” hacker, went on a mission to show the world how vulnerable the technology of NFTs are by attacking the most well-known NFT transaction. Personne sleepminted a second copy of Beeple’s Everydays – The First 5000 Days in Beeple’s name and then gifted the original, unapproved copy to someone named Arsene Lupin. 

Lupin listed the NFT on Rarible and OpenSea, starting at a 0.01WETH, a despicable price compared to its value. Rarible and OpenSea eventually canceled the listing. 

When contacted, Personne wrote, “The goal I want to achieve with this is to take the most expensive and historic NFT and show that if it is not protected, how can we guarantee that any NFT is safe from intentional malice, fraud, forgeries, theft, etc.?” 

Final Thoughts: NFT Theft 

NFTs have the potential to revolutionize hundreds of industries all over the world. As the technology advances, we’ll, unfortunately, most likely see some more thefts, and accompanying security improvements. 

As an NFT owner, keeping your assets secure is vital. 

  • Use secure wallets to protect your addresses from attack
  • Never give out your seed phrase
  • Only use complex passwords that include phrases, numbers, and symbols
  • Store all your passwords and phrases in physical form, locked away safely (not on your computer)

Don’t make it easy!

What Privacy Coins Are and the Four Best Privacy Coins?

A privacy coin is a category of cryptocurrency asset that keeps user data private. Each privacy coin hides or “obscures” a specific type of user data, whether that be a user identity, transaction amount, or anything and everything else. 

How Do Privacy Coins Work?

Contrary to popular belief, all cryptocurrency assets aren’t inherently private or anonymous. The majority of the blockchain networks, such as Bitcoin, publicly broadcast transactions and wallet balances on the blockchain; hence the value of an immutable, transparent blockchain. In most cases, it’s easier to trace someone’s Bitcoin financial activity than it is to trace their physical fiat activity. 

Even if the digital public ledger didn’t provide this information on a silver platter, someone with a sound knowledge of digital forensics and a penchant for deductive reasoning could efficiently track peer-to-peer cryptocurrency transactions– all they would need to do is skillfully connect the nodes and uncover the transactions. 

The last nail in the coffin for digital anonymity with traditional digital assets such as Bitcoin is the “Know Your Customer” KYC policies of exchanges. To trade Bitcoin on an exchange like Coinbase, Gemini, or Kraken, you’ll need to provide an abundance of personal identifiable information. This makes tracing a transaction to its origin a piece of digital cake. 

Privacy coins address and resolve these issues by deploying a diverse set of tactics to keep the data hidden. They usually leverage a mix of multiple strategies to accomplish their goal, such as: 

Stealth Addresses: Creating stealth addresses implies the creation of a new address each time you are to receive cryptocurrency. It ensures that external parties don’t get to link future payments to a permanent wallet address. Monero is the prime example of a privacy coin that deploys this technique. Monero deploys a dual-key stealth address protocol or DKSAP strategy to offer each wallet owner a new private view key, recipient address, and a private spend key. 

Ring Signatures: Blockchain transactions require your digital signature to verify that you’re the sender. Since each user’s signature is unique, it’s not difficult to trace back a transaction to you with your signature. The Ring Signature strategy combines your signature with other signers in the ring– the higher the number of signatures in a ring, the more difficult it is to directly connect you with your transaction. 

CoinJoin: The CoinJoin technique takes the coins from different senders and combines them into a single transaction. Then, a third party mixes the coins and sends them to the recipients. At the user end, each recipient gets his/her coin in a never-used-before address. This reduces the likelihood of a transaction being traced to a very low probability.  

zk-SNARKS: zK-SNARKS, or “Zero-Knowledge Succinct Non-Interactive Argument of Knowledge” is a form of cryptography that allows one to prove it possesses specific information without having to reveal the contents of the information. Privacy coins using zK-SNARKS can prove a transaction’s validity without sending critical pieces of information, such as the sender or receiver’s identity or the number of funds trading hands. 

MimbleWimble: MimbleWimble is an entire blockchain protocol that doesn’t even have addresses. MimbleWimble uses a type of elliptical-curve cryptography and is incredibly efficient at storing data. It only needs about 105 as much data storage as the Bitcoin network, making it a very low-weight highly-scalable solution for storing information. 

The Top Four Privacy Coins

The most successful privacy coins deploy one or multiple strategies from the above list to provide users near or complete transactional anonymity. 

With over 83 privacy coins holding a total market cap of more than $10 billion, privacy coins still make up a very small percentage of the digital asset ecosystem– they occupy less than 1%. 

The following top four privacy coins have gained their reputation due to usage, longevity, and overall investor sentiments. 

Monero

Monero is the largest privacy coin in terms of market capitalization at nearly 4 billion US dollars. The project usually trades between a high of $240 and a low of $216. 

Unlike many other privacy coins, Monero isn’t built on the Ethereum protocol– it runs on its own blockchain. 

Monero (XMR) aims to achieve the maximum possible standard of decentralization where a user does not need to trust anyone else on the network. It’s a completely fungible token that obscures every detail about senders, recipients, and the amount of cryptocurrency transferred. Unlike privacy coin competitors like Zcash, Monero is not selectively transparent. It leverages Ring Signatures to achieve complete privacy. 

ZCash

ZCash has a market capitalization of around $1.5 billion US dollars and it usually trades around the $130 to $150 price range.  Like Monero, ZCash runs on its blockchain and does not use the Ethereum protocol. While Monero is known for offering complete anonymity, ZCash’s advantage is in its feature of optional anonymity. 

You can choose to send ZCash (ZEC) funds in two ways. The transparent method of fund transfer happens similarly to Bitcoin: funds are transferred between public addresses and are recorded on an immutable public ledger. Users and participants of the network can see the addresses and the amount involved. 

Shielded transactions, on the other hand, leverage the zK-SNARKS method and are completely anonymous. 

Zcash is unique in its privacy coin family in that it gives users the option for privacy. 

Horizen

With market capitalization crossing half a billion dollars, Horizen (ZEN) is priced around $48 and $54. Operating on its blockchain, Horizen is unique in its use of a sidechain architecture that opens up possibilities for a host of diverse use cases. It allows for decentralized sidechains by which separate blockchains can run simultaneously while remaining pegged to the parent blockchain. 

Horizen has a mission of making cryptocurrency as inclusive as possible and making an ecosystem where every participant will get rewards proportionate to their contribution. ZEN follows the Equihash consensus mechanism, uses secure nodes, and has TLS encryption to ensure secure inter-node communication.

DASH

With a market capitalization of over 2 billion dollars, Dash is currently priced between $211 and $226. The currency derives its name from Digital Cash.  It runs on an open-source blockchain and aims to offer a fast and cheap decentralized network of global payments. 

One of the most enticing aspects of DASH is that it offers a wide range of usage-mechanism to its participants. For instance, its InstantSend decentralized project governance mechanism allows for payments to settle instantly.  With its Chainlocks feature, the DASH blockchain becomes instantly immutable, and its PrivateSend functionality offers optional privacy for users to choose during transactions. 

The long-term vision of DASH is to become “the most user-friendly” and “scalable payments-focused cryptocurrency in the world.” DASH offers its services to both individuals and institutions. It caters to the international remittance needs of merchants, traders, and institutional users.

Final Thoughts: Honorable Mentions 

Apart from these four top-ranking assets, the list of top ten privacy coins includes Verge (XVG), Private Instant Verified Transaction Cryptocurrency (PIVX), NuCypher (NU), Secret (SCRT), Phala. Network (PHA), Counos X (CCXX), Keep Network (KEEP), and the MimbleWimbleCoin (MWC.)

Privacy coins are an integral part of the crypto-economy because they can benefit otherwise legitimate users who don’t wish to make their transactions to be made public. For example, businesses often want to keep their clients, or the set of vendors they work with, a secret.  Privacy coins enable businesses to leverage the blockchain while preserving their competitive advantage. 

Although public wallets are viewable by anyone, privacy coins ensure that every transaction is mapped with a stealth address that can’t be traced back to the originator. Resultantly, the user feels empowered and gets to exercise his right to privacy in the fullest meaning of the term.

However, privacy coins also have a controversial bend. Outside of legitimate concerns for financial privacy, privacy coins also enable malicious actors to transact in silence. This is one of the primary reasons privacy coins are a focal point for regulatory agencies around the world.