{"id":2702,"date":"2022-03-18T02:52:12","date_gmt":"2022-03-18T08:52:12","guid":{"rendered":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/?p=2702"},"modified":"2022-03-18T02:55:02","modified_gmt":"2022-03-18T08:55:02","slug":"all-my-apes-gone","status":"publish","type":"post","link":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/2022\/03\/18\/all-my-apes-gone\/","title":{"rendered":"All My Apes Gone"},"content":{"rendered":"\n
\"\"
All my apes are gone from Know your meme<\/figcaption><\/figure>\n\n\n\n

With the NFT market being worth more than $10 billion, it has definitely gained the attention of a lot of people. From NFTs being talked about on the news, to celebrities, public figures and giant companies supporting or even starting NFT projects, it would make sense why hackers and malicious actors have decided to exploit the weaknesses in the system. And in this post, I would like to talk about some ways people have exploited these weaknesses in the system.<\/p>\n\n\n\n

Before I start, you should know how NFTs or Non Fungible Tokens work, and since there is a lot that goes on with NFTs, I can not explain everything so I would direct you to this link: Click here<\/a><\/p>\n\n\n\n

OpenSea email Scam<\/h3>\n\n\n\n
\"\"
OpenSea email phishing email from PCrisk<\/figcaption><\/figure>\n\n\n\n

For this attack, unsuspecting users receive an email claiming to be from OpenSea<\/a>, and if they were to click the link it would lead them to a fraudulent website, and ask them to connect their wallet, it would then ask them sign the “Approve All” transaction, which would then let the attacker initiate transactions from their wallet. With that, they are then able to sell the NFTs in the victims’ wallet to themselves for 0 ETH, or way lower than what they are worth. <\/p>\n\n\n\n

According to OpenSea, 17 users fell victim to this attack, and the attacker made stole numerous “valuable” assets such as: 3 Bored Ape Yacht Club, 2 Clonex, 17 Azuki, and 631 ETH. Everything is estimated to cost at least $1.7 million<\/p>\n\n\n\n

Phishing attacks are the most common types of attacks used for stealing NFTs.<\/p>\n\n\n\n

LandMine NFTs<\/h3>\n\n\n\n
\n

@opensea<\/a> One of me wallets was hacked wtf man pic.twitter.com\/BbZ4FKtr6h<\/a><\/p>— Waka Flocka (WakaFlocka.eth) (@WakaFlocka) December 28, 2021<\/a><\/blockquote><\/div>\n<\/div><\/figure>\n\n\n\n

This is also another method hackers have used to drain peoples wallets, by airdropping an NFT into a persons wallet, and if they choose to sell the NFT or transfer it, the NFT drains the victim’s wallet.<\/p>\n\n\n\n

The way this works is that initially, the smart contract of the malicious NFT is a wallet draining contract, but it would not have permissions to do anything until the user interacts with it. But once the user interacts with it, then it is going to have the permissions to interact with the users wallet, and then draining it. <\/p>\n\n\n\n

If you receive an airdropped NFT that you do not trust, NFT traders advice that you just hide it, where it is still in the wallet, but it is not on your main page.<\/p>\n\n\n\n

Conclusion<\/h3>\n\n\n\n

As you can see from the methods used above, even if you are using a “Web3” platform, you can still fall victim to different cyberattacks, and the ways to protect yourself from such attacks are similar to the “Old internet” solutions such as:<\/p>\n\n\n\n