Hackers used loopholes to steal $12 billion worth of NFTs

Hackers used various loopholes to steal $12 billion worth of NFTs in 2021, according to a recent report about NFT fraud.

NFTs, or non-fungible tokens, have gained popularity in recent years. Essentially, ownership of an NFT is recorded on a blockchain that is associated with a digital or physical asset that can be sold and traded.

But, with the industry already struggling with cybersecurity issues, a report by London-based blockchain analytics firm Elliptic has highlighted how loopholes were used by hackers to steal millions of dollars worth of NFTs.

The report, titled NFT Report 2022, was released on 26 August and outlines the dangers the decentralised finance (DeFi) world faces and suggests ways to avoid them.

The report found that between 2020 and 2021, the DeFi industry lost $260 million from thefts across the NFT and NFT-DeFi protocols.

Earlier this year, an NFT-based DeFi gaming application, Axie Infinity, was hacked by a group called Lazarus based in North Korea. They stole around $540 million worth of crypto and is the world’s second-largest attack in terms of value taken.

Sign up to our new free Indy100 weekly newsletter

Hackers are able to exploit different weak areas in terms of security to steal millions of dollars worth of assets.

Methods they have been known to use include contacting developers on social media under false pretences before stealing their information and exploiting NFT airdrops and marketplaces with weak coding.

The report suggested: “There is always potential for a malicious individual to identify a loophole, vulnerability or faulty function within the layers of code necessary for a DeFi platform to run effectively.

“Therefore auditing a code before it interacts with users’ funds is considered a good practice.”

Have your say in our news democracy. Click the upvote icon at the top of the page to help raise this article through the indy100 rankings.