Digital art marketplace Nifty Gateway is a victim of hacking over the weekend as its users' accounts were compromised, and artworks were stolen.
Some users of NFT reported that their whole accounts of digital certificates of authenticity for digital assets, also known as non-fungible tokens (NFTs) or nifities, were drained. However, even after they changed their passwords, some users said that the hackers were still not kicked out of their accounts.
Some users reported that the digital assets stolen from their accounts were then sold on Discord or Twitter. Other users reported that hackers also stole their credit card information, and they started using it to make purchases of other art up to $20,000.
Nifty Gateway, a marketplace where the users can buy, sell and display digital items, stated that they encourage the users to use two-factor authentication or 2FA in order to prevent account takeover and hacking, noting that none of the accounts that were affected had 2FA enabled.
Nifty Gateway also said that it had seen no indication of any compromise of the company's platform.
The hacking happened just a week after digital art backed by an NFT sold for almost $70 million at Christie's. According to a report by The Wall Street Journal, it was the most expensive digital asset to ever sell with an NFT.
The question remains as to whether the value of the NFT-backed digital art will dissipate over time and whether the value is rooted in its novelty, but for now, the hackers are going after valuable assets, according to Vanity Fair.
Hackers' new target
While hackers, like those working for the North Korean government, have gone after cryptocurrencies before making money, NFTs are different in that they can't be exchanged for other NFTs in the same way cryptocurrencies can because the items that they represent are unique.
Information security has been on NFTs' radar in recent weeks. One user of the NFT marketplace OpenSea, had posted an exploit backed by NFT just this month.
This immediately raised ethical questions about what should be bought and sold using NFTs and whether hackers may seek to buy, sell and trade exploits or other hacking tools in the future by using NFTs.
Matthew Hickey, the co-founder, and director of the security firm Hacker House, posted on Twitter that as an exploit engineer, he saw some vulnerabilities with works of art. He found it an interesting and intriguing computer security bug that results in denial-of-service of a widely used network game engine.
Hickey added that Asset/IP will be transferred in full, so the winner can do with it as they please.
The problem was post-authentication memory corruption vulnerability in the ioquake3 engine, a software first-person shooter engine, and would have allowed anyone who bought it to cause a denial-of-service condition.
According to CoinDesk, OpenSea took down the listing, and Hickey said he has been trying to contest the takedown. He thinks there should not be any restrictions on the types of digital assets someone should be able to sell with NFTs.
Related Article: Russian Hacker Who Stole at Least $100 Million Now in Jail
This article is owned by Tech Times
Written by Sieeka Khan