On a Saturday evening back in February 2022, somewhere between the peaceful hours of 5 pm to 8 pm ET, a panic broke out at OpenSea, the world’s largest NFT (non-fungible token) marketplace, in the wake of a phishing attack that deprived at least 32 users of their valuable NFTs worth $1.7 million.
While this reads like a movie scene in which the super cops hunt down the malevolent hackers and everyone is made whole, the real-life aftermath was less rosy. In this case the authorities couldn’t trace the cybercriminals and the OpenSea heist became one of the most prominent examples in 2022 of a successful phishing attack on a popular, high traffic NFT marketplace.
What’s more, this scam was not the only one of its kind involving NFTs in 2022.
Actor Seth Green lost four Bored Ape NFTs worth more than $300,000 in a phishing attack carried out by an NFT collector going by the moniker “Mr. Cheese.” In another case believed to have been a phishing scam, more than $2.2m worth of NFTs were reported stolen from the New York-based art collector and gallerist Todd Kramer.
According to Comparitech, “a whopping $25 billion and counting has been lost to cryptocurrency, and NFT rug pulls and scams to date”.
NFT-related cybercrimes have not only become more numerous; they are getting more complex and sophisticated. NFT art marketplaces must therefore take proactive steps to protect their users from NFT scams and apply equally sophisticated and advanced solutions to oppose these threats. When employed in the right way, AI can play an important role in developing adequate cybersecurity defenses.
In this piece, we will scratch the surface of the ways an AI-powered approach, and especially the use of deep learning algorithms, can make the NFT art marketplaces more secure.
Phishing is still the most popular form of NFT Art Cybercrime
Phishing attacks, which are rooted in the art of deception and aim to mislead the victim into believing that the communication they received is from a legitimate enterprise, are still the most common type of cybercrime observed by the NFT community.
Those attacks can take many forms, from email phishing, which involves an attacker sending thousands of fraudulent email messages, which may contain malicious links to fake NFT sites, in the hopes of netting significant information like NFT user account or crypto wallet credentials, to directly hacking discord channels or sending fake messages to users via DMs. Cybercriminals are also adept at tricking victims into opening files attached to emails that contain trojan malware capable of hijacking their PCs and stealing usernames and passwords.
Traditional security can’t keep up
Today’s scammers are becoming so ingenious in their scam attempts, that traditional security measures just can’t keep up. Cybercriminals leverage various types of attacks, including phishing scams, data exfiltration, automated generation of malicious single-use domains and URLs used to breach NFT platforms, and techniques like cloaking that enable attackers to hide malicious URLs from web crawlers and bypass security defenses.
While some issues are more pronounced, others are harder to detect, like, for instance, Domain Name System (DNS) tunneling. DNS carries enormous amounts of data, making it an attractive target to carry out attacks. In addition, through ultra-slow DNS tunneling, attackers can achieve data leakage across multiple domains, making it harder to detect and block.
Mitigating phishing attacks with the use of AI
To tackle cyber threats which are outpacing traditional security measures, NFT art platforms must embrace more advanced solutions, including those driven by AI and deep learning approaches to security.
Using the power of inline deep learning capabilities, AI solutions can analyze live traffic as it enters the platform’s network, learn to distinguish between legitimate behaviors and suspicious activities over time, and use that training to prevent cyber threats in real-time. AI-powered solutions can help to mitigate phishing attacks by detecting, analyzing, and preventing access to both known as well as previously unidentified URLs or files if there are signals that they might be malicious or suspect.
Also, AI offers protection against malware using Next-Generation Firewalls, content filtering and data leakage prevention systems, and a host of other measures that help prevent network intrusion. On top of that, the AI-powered approach affords NFT art platforms better protection against DNS attacks via clear visibility into DNS traffic, Cloud-Based Protection, and other essentials.
NFT art platforms can also leverage AI and deep learning capabilities to train their own security systems to detect phishing messages, malicious URLs, or malware using actual suspicious messages or links which platform users receive. Systems trained this way can better identify and prevent future attacks.
It’s encouraging to see that NFT art platforms have started taking proactive steps toward better cybersecurity and real-time protection of their users’ data and assets. For instance, just recently OpenSea launched new features which can auto-detect stolen NFTs and prevent their resale, as well as help to spot and disable malicious links.
NFT Art Cybercrime: AI and deep learning as guardrails against cybersecurity threats
As cybercrimes targeting NFT art platforms are becoming more frequent and increasingly sophisticated, embracing equally complex cybersecurity solutions to counteract them becomes essential, especially when it comes to spotting and thwarting cyber threats which happen in real-time.
This is where AI and deep learning techniques can assist NFT platform builders in their efforts to protect their users from phishing attacks leading to financial losses, NFT theft and crypto wallet theft. So far there’s still much work to do to make the online market for NFT art more secure. NFT marketplaces like OpenSea play an important role in the smooth functioning and wellbeing of the NFT art market, so it’s imperative that they invest in and pioneer new techniques that leverage the capabilities of AI and deep learning to improve their cybersecurity defences.