Upcoming events

Latest ISLF News

Menu
Log in

Information Security Leadership Forum Interational

A Community of Today and Tomorrow's Leaders

Crypto Exchanges and NFTs; the New Hacker Heaven?

Monday, February 20, 2023 3:23 PM | Timothy Phillips (Administrator)

Crypto Exchanges and NFTs - Is This the New Dot Com Bubble?

Crypto Exchanges and NFTs - You can’t go too far in a day online without finding someone talking about either crypto currencies or Non-Fungible Tokens (NFT). Whether it is on social media or financial news programs, it seems like these two topics are all people is talking about. If you watched this year’s Superbowl.


One of the most talked about was the ad for Coinbase, which was simply a QR code floating on the screen. So many people scanned the code, they crashed the Coinbase servers.                    

Sidenote – millions of people mindlessly scanned a QR code on their TV screen was a big topic of discussion on infosec driven social media accounts, with most people in a state of disbelief that the public would do such a thing.

There is a feeling of manufactured urgency over the crypto market, like the Dot Com bubble of the 1990s. Crypto, once the exclusive playground of nerds and hackers, is now being flooded with celebrity endorsers and Instagram influencers.    

With notoriety and popularity comes bad apples looking to take advantage of people and, more to the point, they are coming to steal your investment by hacking the Crypto exchanges.

NFTs are on the same trajectory. An NFT is a digital asset that represents real-world objects like art, music, in-game items, and videos. They are bought and sold online, frequently with cryptocurrency, and they are generally encoded with the same underlying software as many cryptos.  NFTs, like cryptocurrency, have been around for nearly a decade but only recently have been gaining popularity. Over $174 million has been spent on buying, selling, and trading NFTs since 2017.

When “Secure” is not Secure

 Some analysts see that the rise of crypto exchanges and NFT marketplaces have more to do with the “Fear of missing out” (FOMO) than about investing for the future. It is also inevitable that the more of these websites that exist, the bigger target they are for hackers and other malicious actors.

In 2021, hackers went after crypto exchanges with a vengeance. The five biggest crypto hacks of 2021 were:

  1. Poly Network - $611 Million
  2. BitMart - $196 Million
  3. Cream Finance - $148 Million
  4. Vulcan Forged - $140 Million
  5. Badger Finance - $120 Million

That is over $1.2 BILLION stolen by hackers in just those five hacks alone. In 2021, there were more than twenty exchange hacks where over $10 million was stolen.

NFT market places are not faring any better. In January:

  • $2.2 million worth of NFTs were stolen from Todd Kramer in the “Bored Ape” hack.
  • A hacker exploited a vulnerability in Open Sea, the largest NFT marketplace, which allowed them to buy already owned NFTs at their previous lower prices and then turn around and sell them for vastly higher prices, defrauding the legitimate asset owners.

And in February, FortiGuard released a notification that NFTs are being utilized to distribute the BitRAT malware.

And these are just the incidents that have been reported. Crypto exchanges and NFT marketplaces are often hesitant to notify the public of an attack for fear of the reputational and financial damage the news could bring.

Hackers Jump on The Trend

Unfortunately, as crypto and NFTs become increasingly “trendy” and more and more celebrities are pushing investment in these markets, hackers will have an endless supply of easy targets. People eager to get into these markets will often do so without ensuring that they, their systems, and the markets/wallets they utilize are as secure as can be. With the rise of end users being targeted with spear phishing attacks, expect the number of hacks to only increase over the next few years.

Questions For You!

Where do you see things going in the future?

Are you aware of someone you know directly that has been affected by this? If so, do you have any insights you'd like to share on the topic?

What are your thoughts on the future of cryptocurrency and NFTs, as it relates to hackers continuing to target them?

What needs to happen, if anything, to address this growing concern?

If you have thoughts on any of these questions or other relevant and related ones, please leave a comment in the comment section below. Please note to keep our environment clean and free of advertisments of any kind, comments may not include external links, citing company names to promote them, or the like.