The co-founder of Manifold.xyz – a platform for NFTs – @richerd recently wrote a tweet exposing the means by which hackers steal funds and NFTs from cryptocurrency wallets. As the right-hand man for cryptocurrency wallet security, he has a lot of experience in dealing with hackers and securing wallets.
As I was personally a victim of a wallet hack that saw my funds and some NFTs stolen, I can only stress the importance of knowing how to keep your wallet secure and avoid the pain of losing your portfolio.
Ways hackers can compromise cryptocurrency wallets to steal NFTs and necessary precautions
This is a common tactic where a hacker uses the promise of free NFT to lure a user to a site that appears legitimate. Once the user tries to connect his Metamask to the site, a fake error is generated prompting the user to enter his seed phrase. Once the user obtains your seed phrase, he can take control of your wallet and steal all your funds and NFTs.
Another way these hackers lure users to their phishing sites is by acting as support on Telegram and Discord’s token pages. They then lure users seeking support through private messages asking them to visit the phishing site and connect their wallets to the site.
Precaution. Never enter your seed phrase. You should write your seed phrase on a piece of paper, store it safely, and then forget about it.
If a user is screen sharing, there is an option in Metamask to display seed phrases. Hackers often lurk in the social pages of tokens such as Telegram and Discord as customer support staff. They will tell users that they will “debug” their systems by using screen sharing and follow a series of instructions which will reveal the user’s seed phrase to the hacker.
Precautions. Using a hardware wallet is the most secure way to store your cryptocurrencies and NFTs.
There are software that can install backdoors on a user’s computer that allow hackers to access the user’s file system, computer memory and screen. Users should only install software after careful consideration and checking its validity. Users should not open files and software at will.
Precaution. Never open suspicious files and use hardware wallets
According to Wikipedia and the context of cybersecurity, social engineering can be explained as the psychological manipulation of users to make them act or reveal confidential information. It is a technique of trust for the purpose of information gathering, fraud, or system access. Unlike traditional “trickery”, social engineering requires a series of many steps.
In the case of cryptocurrencies, the attacker will manipulate the user by playing the role of a trusted individual and asking for Ether or other tokens under the pretext that the trusted individual’s account is unavailable or has reached its limit.
Precaution. Never send funds or NFTs to anyone without verifying their identity.
Physical Hardware Attacks
In this type of attack, the hacker will attempt to gain physical access to your system, thus exposing your seed phrase. There are also external devices, such as USBs, that can be plugged into the target computer to gather information. There have also been incidents of attackers stealing laptops from the body and running off with it.
Precautions. Using a hardware wallet and storing it securely is the best way to store valuable money and NFT. Never leave your computer unattended, and always be aware when you are out.
Supply Chain Hacking
This type of attack on hardware wallets is common, where an attacker creates a website to sell hardware wallets that have a pre-installed key that the attacker can use to drain your funds and NFTs.