In February 2022, OpenSea fell prey to a massive phishing attack that stole over $1.7 million in non-fungible tokens (NFTs) from users. This was not the only incident. A blockchain user reportedly lost $3.9 billion to fraud in 2022 alone.
As we entered 2023, there was a chorus of promises to increase security within the crypto space. Companies using blockchain are not yet good enough to prevent fraud.
As blockchain technology becomes widely adopted, businesses will need to fundamentally change their approach. By focusing on education and implementing better processes for identifying malicious activity, these platforms can better serve their customers as the space continues to expand.
Blockchain platforms need to learn how to identify malicious activity
In the case of the OpenSea hack, victims were asked to sign an incomplete contract as requested by the platform. OpenSea’s core infrastructure was not hacked, but the fake account was able to take advantage of his open-source Wyvern Protocol. Hackers were then able to use the owner’s signature to transfer to a fake contract that gave them ownership without paying for the NFT.
Related: 10 Predictions for Cryptocurrency in 2023
OpenSea recently withdrew some of its previous policies. report 80% of NFTs created for free on the platform were plagiarized or spammed. OpenSea also relies on trust in developers using its APIs, which is not a foolproof way to assess risk. These developers may use your APIs for malicious purposes to take advantage of users who have signed contracts they have not read.
Smart contracts are an integral part of blockchain engines and can be found everywhere from NFT exchanges to truly decentralized applications. Understanding how these contracts work is essential to keeping users safe. Rather than reinventing the wheel, companies can implement standard protocols to ensure smart contracts are resilient and protected from malicious activity. From there, businesses can take advantage of blockchain’s flexible nature to customize contracts, including setting up multi-signature wallets and regular unit testing.
Beware of spammy airdrops
When looking for a popular mutant hound collection featured in OpenSea’s top collections, there’s no telling which one is right. Lack of verification can lead to the formation of counterfeit collections that artificially inflate prices to appear legitimate and confuse users. Fake collections are often distributed through airdrops with the goal of being found through the NFT platform’s search function.
Related: What Paul Krugman Gets Wrong About Cryptocurrencies
The spam collection can also send unsolicited NFTs via airdrop. Users are redirected to another site where the scam occurs instead of the platform that holds the collection such as OpenSea.
It monitors such activity, either through crowdsourced databases that track fraudulent accounts, or through administrative tools that know what to look for and are always aware of updated scams. It is a common risk that can be addressed by any platform that does. Additionally, NFT platforms may require bidding in the same currency as the listing to avoid confusion. Many users are scammed by accepting offers in a currency that is less valuable than the currency in which the NFT was sold. Blockchain platforms can rely on data to uncover outliers by flagging suspicious activity based on irregular activity among a small number of owners.
Of course, it should be noted that companies like OpenSea are in a difficult position to crack down on fraudulent accounts created on their platform. In many cases, the official collection must be further verified in the end.
Onboarding is an integral part of your business plan
Onboarding should be a core part of the blockchain experience for veteran and novice users. As with smart contracts, establishing clear user guidelines and highlighting potential risks should be viewed as one of his basic best practices for ensuring user safety. These guides should be reviewed regularly in light of risk assessments and adjusted as the blockchain matures.
Among experienced users, the acronym DYOR is common among users on blockchain. Short for “do your own research,” the expression has become an unspoken rule for those who interact with potential investment opportunities. However, it can be difficult for beginners to know exactly where to start. There is a discordant chorus of information from influencers in the space, often pushing the next big thing and risky investments, resulting in users falling prey to fraud and loss of assets. Guidelines and teaching materials should be organized and readily available to each platforms value system and inherent risks.
Best practices should be prioritized across all blockchain platforms
As the blockchain community is now dealing with increasing pain, companies are taking the hard lessons learned from major exploits like OpenSea and improving their security protocols to ensure that it never happens again. must be Learning the ins and outs of the underlying technology, from smarthis contracts to how to secure your own seed phrases, is a good place to start. From there, learn how to implement and maintain best practices, including identifying malicious and disruptive activity. Perhaps all it took to prevent some of the recent major hacks was for someone to notice that something seemed wrong.
Michael R. Pearce Co-founder and CEO of NotCommon. He has both a BBA and an MBA from the University of Texas at Austin.
This article is for general information purposes and is not intended, and should not be construed as legal or investment advice. The views, thoughts and opinions expressed herein are those of the author and do not necessarily reflect or represent the views or opinions of Cointelegraph.