In February 2022, OpenSea was the victim of a serious phishing attack that stole over $1.7 million value of non-fungible tokens (NFTs) from users. This was not the one incident: Blockchain users have reportedly lost $3.9 billion because of fraudulent activity in 2022 alone.
As we entered 2023, there was a chorus of guarantees to extend security within the crypto space. But to date the situation has not modified significantly. Blockchain corporations are still not doing enough to forestall fraud.
If blockchain technology is to be adopted on an enormous scale, corporations may have to alter their approach from the underside up. By specializing in education and implementing higher processes to discover malicious activity, these platforms can higher serve their customers because the space expands.
Blockchain platforms have to learn to discover malicious activity
In the case of the OpenSea hack, victims were asked to sign an incomplete contract, apparently on the request of the platform. Although the underlying OpenSea infrastructure was not hacked, fake accounts were able to take advantage of the Wyvern open protocol. Hackers could then use the owner’s signature to be transferred to a bogus contract that gave them ownership without having to pay for the NFT.
Related: 10 predictions for cryptocurrencies in 2023
OpenSea recently withdrew a few of its previous rules after it was reported that 80% of the NFTs minted without spending a dime on the platform are plagiarism or spam. OpenSea also relies on trusting developers using its API, which is just not a reliable technique to assess risk. These developers can use the API for malicious purposes to benefit from users signing contracts they do not read.
Smart contracts are an integral a part of the blockchain engine and could be found all over the place from NFT exchanges to actually decentralized applications. Understanding how these agreements work is important to keeping users secure. Instead of reinventing the wheel, corporations can implement standard protocols to make sure smart contracts are resilient and guarded against malicious activities. From there, corporations can benefit from the flexible nature of the blockchain and customize their deal, similar to organising multi-signature wallets and regular unit testing.
Watch out for spam drops
If you might be in search of the favored Mutant Hounds collection present in the highest OpenSea collections, there is no such thing as a indication which collection is legit. Lack of verification can result in the creation of faux collections, artificially inflating the worth to make it look legitimate and confusing to users. Fake collections are sometimes distributed via airdrops which can be alleged to be found using the search function of the NFT platform.
Related: What Paul Krugman is mistaken about cryptocurrencies
Spam collections may also send users unsolicited NFTs via airdrops. Users might be redirected to not the platform where they host the gathering, similar to OpenSea, but to a different site where the scam is going on.
This is a standard risk that could be addressed with platforms that monitor such activity, either through a crowdsourcing database that tracks fake accounts, or an administration tool that knows what to search for and is always aware of current scams. In addition, NFT platforms may require bids to be in the identical currency because the bid to avoid confusion. Many users have been scammed into accepting a proposal in a less useful currency than the one through which they put the NFT up on the market. Blockchain platforms can depend on data to disclose outliers, flagging suspicious activity based on erratic activity amongst a small variety of holders.
Of course, it ought to be noted that corporations similar to OpenSea are in a difficult position as they need to police the fake accounts that appear on their platform. In many cases, this comes all the way down to the necessity for a more thorough verification of the official collection.
Onboarding is an integral a part of a marketing strategy
Onboarding ought to be a fundamental a part of the blockchain experience for veterans and novice users. Like smart contracts, setting clear guidelines for users and listening to potential threats ought to be regarded as one in all the fundamental best practices to maintain users secure. These guides ought to be reviewed commonly, bearing in mind the chance assessment, and adjusted accordingly because the blockchain matures.
Among experienced users, the initialization “DYOR” is common amongst blockchain users. As short for “do your personal research,” the phrase has develop into an unspoken rule for those interacting with potential investment opportunities. However, it will possibly be a challenge for novices to know exactly where to start out. There is a chorus of conflicting information from influencers within the space who often push the subsequent big thing and make dangerous investments, leading to users falling victim to scams or lack of assets. Guidelines and academic materials ought to be available, aligned with each platform’s value system and unique threats.
Best practices ought to be a priority for all blockchain platforms
As the blockchain community is experiencing its growing problems immediately, corporations should learn the hard lessons from major exploits like those on OpenSea and refine their security protocols to be certain that this does not occur again. The place to begin ought to be to familiarize yourself with the ins and outs of the underlying technology, from smart contracts to easy methods to protect your source phrase. From there, learn easy methods to implement and maintain best practices, similar to identifying malicious activities and those who wreak havoc. Perhaps it could have been enough to forestall a few of the recent large-scale hacks if someone noticed something was mistaken.
Michael R. Pierce is the co-founder and CEO of NotCommon. He received his BBA and MBA from the University of Texas at Austin.
This article is for information purposes only and is just not intended to be and shouldn’t be construed as legal or investment advice. The views, thoughts and opinions expressed listed here are those of the creator and don’t necessarily reflect or represent the views and opinions of Cointelegraph.