Know your NFT dealer, urges cybersec analyst
A cybersecurity provider has called for finance-style know your customer (KYC) regulations to be introduced to the non-fungible token (NFT) market, warning that lack of oversight is leaving the digital art industry vulnerable to fraud and other scams.
“Introducing a greater level of regulation may assist in reducing the likelihood of such technology being abused to facilitate financial crime,” said Digital Shadows in a blog published today. “In particular, the introduction of KYC processes will greatly impact money laundering activities. These should include establishing customers' identity, and monitoring to understand the nature of their activity.”
To back up its claims, Digital Shadows pointed to the recent rise in “wash trading”, whereby a seller buys his or her own NFT to artificially inflate its value. Such practices are made possible because many trading platforms do not require their users to register personal details – allowing a bad actor to hold two accounts, one to buy and another to sell.
“The goal would be to make one’s NFT appear more valuable than it is by selling it to a new wallet the original owner also controls,” said Digital Shadows. Unscrupulous traders then sell the artificially inflated NFT to unsuspecting buyers, who believe the art token they are purchasing has been growing in value.
Other forms of cybercrime being facilitated by NFTs include “rug pulls” – in which an influencer promotes a digital token to solicit public investment before scotching the project and disappearing with the cash – and the standard social engineering tactics that have been used by cybercriminals for years.
“Many of these attacks work by using phishing or other common tricks to con users into handing over their credentials,” said Digital Shadows, adding that many such scams originate on social media platforms like Twitter and target owners of digital tokens, tempting them with fake offers to acquire more.
“Users were contacted about opportunities to buy NFTs through dedicated marketplaces [and] presented with a malicious Google document containing a screen saver file,” said Digital Shadows. “When downloaded by the unsuspecting NFT owner, it would result in the propagation of malware and their credentials being harvested. The attacker could then access accounts for financial theft or otherwise hold sensitive data for ransom.”
Digital Shadows believes that to secure its future as a legitimate art market, the NFT industry must adopt tighter regulation and offer better guidance to users.
“Efforts need to be made to ensure safety and trust across NFT marketplaces,” it said. “The average consumer will be largely ignorant of the risks associated. Ensuring that guidance is provided on safe usage – including methods to secure accounts and spot suspicious requests – will allow the NFT marketplace to grow.”
More from Cybernews:
Subscribe to our newsletter