The co-founder of Manifold.xyz – a platform for NFTs – who goes by the Twitter handle @richerd has recently written a Twitter thread which exposes the tactics used by hackers to steal funds and NFTs from crypto wallets. As the go-to guy for crypto wallet security he has a lot of experience in dealing with hackers and ensuring safety of wallets.
And since I am personally a victim of a wallet hack where my funds and some NFTs were stolen, I can only emphasize on the importance of knowing how to keep wallets safe and avoid the pain of loosing your portfolio.
Related Reading: Understanding The Recent NFT Hype
Ways Hackers Compromise Crypto Wallet To Steal NFTs & Necessary Precautions
This is a common tactic where hackers lure users to a legitimate looking website with the promise of free NFTs. Once a user tries to connect his Metamask to the website, a fake error is generated which prompts the user into entering his seed phrase. Once the user has access to your seed phrase he can gain control to your wallet and steal all your funds and NFTs.
Another way these hackers lure a user to their phishing website is by acting as support in the Telegram and Discord pages of tokens. They then lure users seeking support through private messages that ask the user to visit the phishing websites and connect their wallets to it.
Precaution: Never ever type your seed phrase. You should write your seed phrase in a piece of paper, store it safely and forget about it.
If a user is screen sharing there is an option in Metamask to reveal the seed phrase. Hackers often lurk as customer support staff in the social pages of tokens such as Telegram and Discord. They will tell the user that they will “debug” their systems by using screen share and to follow a set of instructions which would reveal the user’s seed phrase to the hacker.
Precaution: Using hardware wallets is the safest method to store your crypto and NFTs.
Stealing crypto and NFTs become more interesting as the market cap balloons | Source: CRYPTOCAP-TOTAL on TradingView.com
There are software which install backdoors to a user’s computer and gives hackers access to the user’s file system, computer memory and screen. Users should only install software after careful consideration and checking their validity. Users should never open random files and software.
Precaution: Never open suspicious files and use a hardware wallet
As per Wikipedia and in the context of cyber security, social engineering can be explained as the psychological manipulation of users into performing actions or divulging confidential information. It is a type of confidence trick for the purpose of gathering information, fraud or system access. Unlike traditions “con”, social engineering requires a set of many steps.
In terms of crypto, attackers will manipulate the user by acting as a trusted individual and ask for Ethereum or some other token from the user in the pretext that the trusted individual’s account is unavailable or have reached their limit.
Precaution: Never send out funds or NFTs to any person without verifying their identity.
Physical Hardware Attack
In this type of attack, the hacker will try to gain physical access to your system and thus reveal your seed phrase. There are also external devices such as a USB which can be plugged into the target computer to gather information. There have also been incidences when the attacker has physically stolen the laptop and run away with it.
Precaution: Using hardware wallets and storing them safely is the best way to store valuable funds and NFTs. Never leave your computer unattended and always be attentive when you are outside.
Supply Chain Hack
This kind of attack on hardware wallets are common where the attacker creates a website to sell hardware wallets that have a pre-loaded key through which the attacker can drain your funds and NFTs.
Precaution: Always buy hardware wallets directly from the manufacturer.
Featured image by iStockPhoto, Charts from TradingView.com