In February 2022, OpenSea fell victim to a major phishing attack that resulted in the theft of more than $1.7 million worth of non-fungible tokens (NFTs) from users. It was not the only incident: Blockchain users reportedly lost $3.9 billion due to fraudulent activities in 2022 alone.
As we entered 2023, there was a chorus of promises to increase security within the crypto space. But, so far, things have not changed significantly. Companies using blockchain are still not doing enough to prevent scams.
If blockchain technology is to see mass adoption, companies will have to shift their approach from the bottom up. By focusing on education and implementing better processes to identify malicious activity, these platforms can better serve their customers as the space continues to grow.
Blockchain platforms must learn to identify malicious activity
In the case of the OpenSea hack, victims were asked to sign an incomplete contract, apparently at the request of the platform. While OpenSea’s core infrastructure was not hacked, the fake accounts were able to take advantage of the open source Wyvern Protocol. The hackers were then able to use the owner’s signature to transfer to a fake contract that gave them ownership without having to pay NFTs.
Related: 10 predictions for crypto in 2023
OpenSea recently reversed some of its previous policies after it was reported that 80% of the NFTs minted for free on the platform were plagiarized or spammed. OpenSea also relies on trust in developers using its API, which is not a foolproof way to assess risk. These developers could use the API for malicious purposes to take advantage of users who sign contracts they don’t read.
Smart contracts are an integral part of the blockchain engine and can be found everywhere from NFT exchanges to true decentralized applications. Understanding how these contracts work is imperative to keeping users safe. Instead of reinventing the wheel, companies can implement standard protocols to ensure that smart contracts are resilient and protected against malicious activity. From there, companies can take advantage of the flexible nature of the blockchain and customize their contract, such as setting up multi-signature wallets and regular unit testing.
Beware of airdrop spam
If you search for the popular Mutant Hounds collection that appears in the main OpenSea collections, there is no indication which collection is legitimate. The lack of verification can lead to the formation of counterfeit collections, artificially increasing the price to make it appear legitimate and confusing to users. Fake collections are often distributed through airdrops, intended to be found through the search functionality of an NFT platform.
Related: Where Paul Krugman Is Wrong About Crypto
Spam collections can also send unapplied NFT users via airdrops. Users will not be redirected through the platform where they have a collection, such as OpenSea, but through a different site, where the scam occurs.
This is a common risk that platforms that monitor such activity can address, whether through a collaborative database that tracks fraudulent accounts or an administrative tool that knows what to look for and is constantly on top of updated scams. Additionally, NFT platforms may require offers to be in the same currency as the listing to avoid confusion. Many users have been scammed by accepting an offer in a less valuable currency than the one in which they put the NFT up for sale. Blockchain platforms can rely on data to expose their outliers by flagging suspicious activity based on irregular activity among a small number of holders.
Of course, it should be noted that companies like OpenSea are in the difficult position of having to keep an eye on fraudulent accounts that they mint on their platform. In many cases, it comes down to the need for further verification of the official collection.
Incorporation is an integral part of the business plan.
Onboarding should be a core part of the blockchain experience for both new and veteran users. Just like smart contracts, setting clear user guidelines and highlighting potential risks should be considered one of the fundamental best practices for ensuring user security. These guidelines should be reviewed periodically, taking risk assessment into account, and adjusted accordingly as the blockchain matures.
Among experienced users, the acronym “DYOR” is commonplace among blockchain users. Short for “do your own research,” this expression has become an unspoken rule for those who interact with potential investment opportunities. However, it can be challenging for newcomers to know precisely where to start. There is a chorus of discordant information from influencers within the space who are often pushing the next big thing and driving risky investments, making users fall victim to scams or asset losses. Guidelines and educational materials should be readily available, selected for the unique value system and risks of each platform.
Best practices should be a priority for all blockchain platforms
As the blockchain community currently grapples with its growth woes, companies need to build on the hard lessons learned through major exploits like OpenSea’s and refine their security protocols to make sure that doesn’t come back. to happen. Learning the ins and outs of basic technology, from smart contracts to how to protect the seed phrase, should be the starting point. From there, learn how to implement and maintain best practices, such as identifying malicious activities and those that wreak havoc. Perhaps all it would have taken to prevent some of the more recent large-scale hacks would have been simply for someone to notice that something seemed wrong.
Michael R. Pierce is co-founder and CEO of NotCommon. He received his BBA and MBA from the University of Texas at Austin.
This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts and opinions expressed herein are those of the author alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.
This post OpenSea serves as an example of why cryptosecurity must improve
was published first on https://cointelegraph.com/news/opensea-must-become-more-ambitious-about-fighting-hackers
