Crypto and NFT Asset Security | Rodman Law Group, LLC

In June, OpenSea announced that user email addresses had been compromised due to vendor employee error.

If you have an OpenSea account, as almost all NFT investors do, your email address was leaked in late June, most likely due to a company-wide data breach.

This is not the first cyberattack on the popular NFT market, but another reminder to investors of the vulnerabilities of online Cryptocurrency and NFT trading.

on 29 JunepearlOpenSea shared a post. Declaration to Twitter “[a]An employee of our email vendor Customer.io abused their employee’s access to download and share email addresses with an unauthorized external party.”

The post also states that “email addresses provided to OpenSea are affected”.

If your email is linked to an OpenSea account or you have signed up for newsletters, your email address was probably included in the data breach along with your phone number.

As a result of the breach, leaked email addresses can become the target of email phishing attacks. These attacks range from malicious links to attachments and more than just accounts that claim to be OpenSea. These scam accounts may have nearly the same addresses as OpenSea’s, but with slight differences.

One thing all investors should know is not to open any links in emails that you don’t trust or expect. Likewise, investors should not open unexpected foreign attachments from that sender.

Another attack vector that investors should avoid is unfamiliar text messages with links and possible SMS two-factor authentication (“2FA”) authorization violations. Investors can prevent such attacks by removing SMS 2FA and replacing it with authentication tools like Google Authenticators.

The emergence and growth of the Cryptocurrency and NFT markets brought investors full custody of their assets, and with this self-custodial responsibility came the responsibility to keep those assets safe.

Regarding Cryptocurrency, Coinbase’s latest 10-Q filing with the US Securities and Exchange Commission (“SEC”) reminds investors that assets held on exchanges in investors’ personal exchange accounts may be subject to bankruptcy proceedings. These investors run the risk of being treated as “general unsecured creditors” should the stock market go bankrupt.

This means that assets held by consumers on Coinbase can be paid to the secured creditors of that exchange if Coinbase is unable to pay these debts in the event of bankruptcy.

However, it is important to remember that all SEC-regulated exchanges must comply with current regulations, such as quarterly filing of 10-Qs, as well as the requirement that investors with assets on exchanges are considered unsecured creditors.

While mainstream exchanges like Coinbase are unlikely to file for bankruptcy any time soon, the company’s latest 10-Q filing reminds investors that the responsibility for securing their assets ultimately rests with them.

While not entirely foolproof, hardware wallets can help maintain digital asset security.

So, what are the best ways to secure your Cryptocurrency and NFT assets?

The foremost method of security for crypto and NFT assets held online is to move them offline to a hardware wallet. The hardware wallet password must be securely stored offline in addition to the recovery phrase assigned to that hardware wallet.

Both the password and the recovery phrase should not be shared with anyone, and no company should need such information.

While storing assets in an offline hardware wallet is one of the best security methods for investors, it can provide a false sense of total security that their assets in hardware wallets are impenetrable.

In other words, many investors have the mistaken belief that if you have a hardware wallet, your assets should be safe regardless of the actions that investor may take. This is not always the case, especially when your hardware wallet is connected online to interact with marketplaces and exchanges.

Where your hardware wallet connects online, be aware of which sites you allow connections to as well as transactions you approve through your hardware wallet.

For example, a mint site where you plan to print an NFT could be hijacked by hackers. The same compromised mint site that requires your hardware wallet to be linked for mint operation can give hackers access to your wallet, subject to you confirming a malicious smart contract.

As a result, once a transaction has been confirmed by a hardware wallet on a hacked mint site, hackers can send your assets from your wallet to another.

The contract shown prior to approval should always reflect the correct information on your hardware key, so do not allow the action to be taken if you are unsure. Once a smart contract is approved, your hardware wallet is accessed according to the permission granted.

Attacks on popular NFT markets like OpenSea will likely continue to be tested, so always remain aware of your asset security and ways to mitigate security risks.

Leave a Comment

Your email address will not be published.