In February 2022, OpenSea was the victim of a massive phishing attack that resulted in more than $1.7 million in nonfungible tokens (NFT) being stolen from users. This is not the only case: Blockchain users are reported to have lost $3.9 billion due to fraudulent activity in 2022.
As we enter 2023, there is a chorus of promises to improve security in the crypto space. However, so far, the situation has not changed significantly. Companies using blockchain are still not enough to prevent fraud.
If blockchain technology is going to see mass adoption, companies need to change their approach from the bottom up. By focusing on education and implementing better processes to identify malicious activity, the platform can better serve its customers as the space continues to grow.
Blockchain platforms need to learn how to identify malicious activities
In the case of the OpenSea hack, the victims were asked to sign an incomplete contract, apparently at the request of the platform. While OpenSea’s core infrastructure is not hacked, these fake accounts can take advantage of the open source Wyvern Protocol. Hackers can then use the owner’s signature to transfer to a fake contract that gives them ownership without having to pay for the NFT.
related: 10 predictions for crypto in 2023
OpenSea has recently reversed some of its previous policies reported that 80% of NFTs printed for free on the platform were plagiarized or spam. OpenSea also relies on the trust of developers using the API, which is not an easy way to assess risk. These developers can use the API for malicious purposes to take advantage of users signing unread contracts.
Smart contracts are an integral part of the blockchain engine and can be found everywhere, from NFT exchanges to true decentralized applications. Understand how these contracts work to keep users safe. Instead of reinventing the wheel, companies can implement standard protocols to ensure smart contracts are durable and protected from malicious activity. From there, companies can take advantage of the flexible nature of the blockchain and manage contracts, such as setting up multisignature wallets and regular unit testing.
Beware of airdrop spam
If you are looking for the popular Mutant Hounds collection shown in OpenSea’s top collection, there is no indication of a valid collection. Lack of verification can lead to fake collections being formed, artificially increasing prices to appear legitimate and confusing users. Fake collections are often distributed through airdrops, which are intended to be found through the search function of the NFT platform.
related: Is Paul Krugman wrong about crypto
Spammy collections can also send users unsolicited NFTs via airdrops. Users will be redirected not through the platform that owns the collection, such as OpenSea, but through a different site, where the fraud occurs.
This is a common risk that can be solved by a platform monitoring the activity, through a crowdsourced database that tracks fraudulent accounts or an administrative tool that knows what to look for and is always aware of updated fraud. Additionally, NFT platforms may require bids in the same currency as listings to avoid confusion. Many users are being cheated by receiving offers in currencies that are less expensive than the NFTs being sold. Blockchain platforms can rely on data to expose outliers by flagging suspicious activity based on irregular activity among multiple owners.
Of course, it should be noted that a company like OpenSea is in a challenging position because it has to follow the fraudulent accounts that create the platform. In some cases, it boils down to the need for further verification of the official collection.
Onboarding is an integral part of the business plan
Onboarding should be a core part of the blockchain experience for both veterans and new users. As with smart contracts, creating clear user guidelines and highlighting potential risks should be considered one of the most fundamental practices to ensure user security. These guidelines should be reviewed regularly, taking risk assessments into account, and adapted as the blockchain matures.
Among experienced users, the initials “DYOR” are common among users on the blockchain. As an abbreviation of “do your own research,” this expression has become an unspoken rule for those dealing with potential investment opportunities. However, it can be challenging for newbies to know exactly where to start. There is a chorus of inappropriate information from influencers in the space that often push the next big thing and drive risky investments, causing users to fall victim to fraud or lose assets. Guidelines and educational materials should be available, tailored to each platform’s value system and unique risks.
Best practices should be a priority for all blockchain platforms
As the blockchain community is currently experiencing growing pains, companies need to take the hard lessons learned through major exploits like the one in OpenSea and refine their security protocols to prevent it from happening again. Learning the ins and outs of basic technology, from smart contracts to how to protect seed phrases, should be your starting point. From there, learn how to implement and maintain best practices, such as identifying bad activities and those that lead to accidents. Perhaps all it will take to prevent some of the latest large-scale hacks is for people to know that something is being seen.
Michael R. Pierce is the co-founder and CEO of NotCommon. He received his BBA and MBA from the University of Texas at Austin.
This article is for general information purposes and is not intended and should not be construed as legal or investment advice. The views, thoughts and opinions expressed here are solely those of the author and do not necessarily reflect or represent the views and opinions of Cointelegraph.