Tag: cybersecurity

Ransomware Group Demands $4M in Bitcoin from Argentina, Border Activity Halted for 4 Hours

A Bitcoin ransomware attack was directed towards Argentina’s immigration agency, halting border crossing temporarily.

Netwalker Malware Strikes Again

It appears as though the notorious ransomware group Netwalker has struck again with their infamous cryptocurrency demands.

According to the computer support platform Bleeping Computer, this may be the first time that a cyber attack on a federal agency has effectively interrupted a country’s global operations. Argentina’s cybercrime agency—Unidad Fiscal Especializada en Ciberdelincuencia—caught wind of the Bitcoin ransomware attack when multiple checkpoints called in for tech support on August 27.

After further investigations from the Central Data Center and Servers Distributed, a virus infecting MS Windows and Microsoft Office files were discovered. The malware, Netwalker, is reputed to be a powerful virus used in numerous cryptocurrency ransom attacks in the past. It functions by encrypting documents using an Advanced Encryption Standard (AES) cipher, which is often leveraged by government bodies to protect classified information. Ransom notes were also found on the encrypted devices, and the Netwalker group made their demands through them.

In exchange for a safe release of the stolen private data, Netwalker hackers asked for a $2 million ransom in Bitcoin from Argentina’s immigration office. They also linked a dark web payment site with details containing information about how to purchase a decryptor, sensitive data from their attack as proof that it happened, and the ransom amount. In an email to the immigration office, hackers said:

“Do not try to recover your files without a decryptor program, you may damage them and then they will be impossible to recover.”

As their crypto requests were not granted after several days, the hackers increased the ransomware sum to $4 million in Bitcoin, which translates to roughly 355 Bitcoins (BTC). On the Tor website through which they issued their demands, it read: “Payment expired! New price: 4,000,000 $ (355.87180000 BTC).”

Officials unfazed by Bitcoin extortion

To ensure that the ransomware attack did not spread on to other servers, the immigration office of Argentina shut down its computer networks and temporarily suspended border crossing for four hours. Because some of the servers were particularly compromised, there were delays for entry and exit at the Argentinian border, as cybersecurity experts scrambled to resolve the issue.

Argentinian government officials were reluctant to comply with the ransomware hackers’ demands, disclosing to local news outlet Infobae that “they will not negotiate with hackers and neither are they too concerned with getting that data back.” Argentina’s immigration agency refused to be intimidated, calling the Netwalker ruse an extortion crime that could be punishable with 5-10 years of imprisonment.

Netwalker group is Bitcoin hungry

Netwalker ransomware group has notoriously engaged in cybercrime since September 2019, with their most recent attack affecting the University of California, San Francisco. After a week-long negotiation, a sum of 118 Bitcoin was finally agreed upon between the educational institution and the ransomware group.

The Rise of the Anon: Protecting Innovation

A little over ten years ago, an anonymous developer known only as Satoshi unleashed an unstoppable new form of money into the world. In the years that followed, that invention spread, grew, and garnered global influence, reserving a space on the balance sheets of major corporations while knocking sternly at the door of printer-happy central banks. It’s this same controversial nature that has led many to acknowledge that Satoshi’s decision to remain anonymous may in fact have been one of the great gifts imparted to his technology.

Removing a central figure as a fulcrum of influence, for better or worse, allowed the technology to function independently as intended.  Increasingly, however, more and more founders, online personalities, educators and others are choosing an anonymous identity – not only for the protection it may proffer their ideas, but for the personal safety it also provides.

Being an “Anon”: The Benefits and the Trend

In an increasingly online world, a personal identity can be a target – names, email addresses, locations and other identifiers are all easily exploitable by other anonymous actors.  Duplicate accounts and impersonation are objectives easily accomplished with a name and email. With the connection of a name and email to other sensitive information, such as passwords, risks like identity theft and blackmail begin to loom large. While often this level of access is due to a data breach at some major company with a long list of such info, proffering personal information freely online doesn’t help. Additionally, the increase in “doxxing” of online personalities whose ideas may run contrary to others’ beliefs – or simply have rubbed some online troll the wrong way – is another very real reason for personalities to go dark.

The ability to express one’s opinions and ideas without the threat of asymmetrical personal repercussions is becoming increasingly desirable or even necessary in a polarized world. These factors, independently or combined, have given rise to credible anon. Today, community members and creators are often able to legitimately build, lead and educate from behind the lines of an avatar.  The acceptance of credentials from accounts behind even the names of comic book heroes or other mythical characters happens via the vetting of their content, rather than character, and has often even earned these anons a place in the upper echelons of internet influence.

Bad Actors

It’s not to say that anonymity doesn’t work both ways. While anonymity is a tool being increasingly used by credible sources, it also still remains a shroud to those who prefer to lurk in the shadows, circumventing accountability. The same protection offered to those who might share simply opposing or unconventional views can also be used to spew unwarranted vitriol that would never see the light of day under public circumstances. Likewise, anonymity offers easy cover for scammers, shills, and “developers” of new and unknown but sure-to-be-huge projects, selling the snake oil of the next big thing and then disappearing into oblivion without repercussion. It stands to reason that in an anonymized world, critical thinking, level-headed judgment and personal responsibility play an even greater role. However, the layer of mystery anonymity provides can make distinguishing between bad actors and legitimate anons more challenging.

Navigating Anonymity

When is it necessary to know the character of a person, and when is it enough to rely on the quality of their content? Some of the most respected names in business history have gone on to steal their customers’ funds. A public persona and even proven track record are not necessarily always enough to judge the outcome of an endeavor. However, these same aspects are nonetheless an important measuring stick in due diligence.  Particularly with investments, the outcome of the project remains to be seen – and the character of the founder becomes a greater factor in decision making. At a minimum, a point person reduces the risk of the same absconding with funds or being able to escape responsibility entirely in the event of gross negligence.  An anonymous founder, meanwhile, doesn’t have to be a red flag – many projects can and do benefit from the absence of a central figure. However, even Satoshi’s brilliant brainchild, as the product of an anon, had to work seamlessly for almost a decade before it earned the attention of major investors. Other types of projects rely less on trust. Endeavors like analysis and opinion, other forms of content creation and even sometimes reporting, offer a greater opportunity to be immediately vetted, discredited, discussed or accepted.  The nature of content as a product itself requires less reliance on unknowns like future promises or the persona of the author themselves. While discretion plays a role in any online activity, content provided is intrinsically less opaque than contracts based on character when it comes to anonymous sources.

Anonymity is a double-edged sword that provides protection to whoever wields it. The rise of the anon may mean the distinction between criminal tactics and those used in service of discretion blurs, with future parameters for what justifies suspicion versus what constitutes privacy potentially becoming battlegrounds.  However, just as attackers have historically used anonymity as a veil with which to protect themselves, it stands to reason that anonymity is a tool now being used by credible sources – from innovators to educators and more – in order to mitigate such attacks and remove both themselves and their ideas from becoming targets.  As more people’s lives go online, being an “anon” can provide personal safety on the web, as well as allowing the focus of someone’s work to be exactly that.

EU’s Move to Bypass Encryption on Platforms like WhatsApp Sparks Indignation

European Union lawmakers have created a draft proposal that aims to circumvent end-to-end encryption on applications such as WhatsApp and Signal, in a move to increase cybersecurity measures.

EU wants to access encrypted chats

Following the news of terrorist attacks in France and Vienna, members of the European Union Council have attempted to up security by proposing a bill that would enable government officials to access data running on end-to-end encrypted applications.

The proposal indicated that the European Union wished to join forces with tech firms to ensure transparency and to enable authorities to verify information circulating on encrypted mediums. The goal was to ensure public security in light of recent events, and to protect victims from future terrorist acts, online child exploitation, organized crime, and the list goes on.

EU proposal met with criticism

The proposal has been met with a lot of criticism, as privacy advocates have argued that the EU’s proposal will do the contrary – by allowing lawmakers to access end-to-end encrypted platforms, this will inhibit the privacy and security of users. Currently, the draft is pending and is to be presented in front of the European Union Council board on November 19.

Expressing her disapproval, German politician and Left Party activist Anke Domscheit-Berg said:

“The proposed EU regulation is an attack on the integrity of digital infrastructure and therefore very dangerous.”

Others followed her sentiment and also said that it may create opportunities for hackers and foreign intelligence to infiltrate communication channels, according to the Associated Press.

EARN IT Act

The proposal is not unlike the EARN It Act proposed by Attorney William Barr, which is currently pending approval from the US Congress. The bill proposal seeks to regulate the internet and to hold website hosts accountable for content circulating on their platforms. Numerous critics have shunned the bill, calling it a direct threat to security provided by end-to-end encryption.

With bills as those mentioned above, censorship would be on the rise, and freedom of speech would be inhibited across the web. Digital experts have viewed these types of proposals as inherently dangerous, as it is seen as a way for governments to exert further control, therefore threatening overall security, privacy, and freedom of speech.

What this entails for the crypto and blockchain community still remains unclear, as certain crypto platforms typically leverage encryption to host user content.

US DHS Cybersecurity Official Expects to be Fired in Trump’s Post-Election Purge for Debunking Fake News

Christopher Krebs, a top cybersecurity official who worked on protecting the 2020 United States election from hackers and debunking disinformation, believes he could be fired as President Trump continues his post-election purge of the administration after refusing to concede defeat to Democrat Joe Biden.

According to Reuters on Nov. 13, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) head, Christopher Krebs has been one of the few Trump administration officials pushing back against misinformation surrounding election security.

Head of CISA, Kreb’s “Rumor Control” website which focused on combating rampant disinformation surrounding election fraud, apparently drew the ire of the White House and President Trump.According to Reuters, Krebs told his associates that he expected to be fired soon.

President Donald Trump has been on a post-election administration purge following a projected loss to Democrat Joe Biden as he continues to reject the result as electoral fraud.

In a separate action the assistant director for cybersecurity at CISA, Bryan Ware confirmed that he had resigned on Thursday. Ware did not officially comment on the reasons behind his resignation but a US official told Reuters that it had been upon the request of the White House.

President Trump has yet to concede to the overwhelming election data projecting Joe Biden will safely assume the role of President-elect. The lame-duck president continues to raise concerns for Biden’s near-certain transition to the White House and has repeatedly made unsubstantiated claims of election fraud by the Democrats. According to Reuters, Trump has been churning through the administration and installing loyalists into top Pentagon positions.

In cryptocurrency, Christopher Krebs has often spoken about the threats of ransomware in the digital space and the agency CISA has been responsible for flagging several vulnerabilities and bugs on the Bitcoin network.

Origin DeFi Protocol Loses $7 Million to Hacker in Security Breach

Origin decentralized finance (DeFi) Protocol has announced that its Origin Dollar (OUSD) stablecoin project has been hacked, resulting in a loss of funds worth $7 million in combined Ethereum and DAI stablecoin cryptocurrency, including $1 million deposited by the company employees and founders.

In its official blog, Mathew Lui, the founder of Origin Protocol, confirmed the incident and said that the cause of the attack was a flash-loan transaction. The attacker used a flash loan and exploited vulnerabilities within OUSD contracts to initiate what is called a “reentrancy attack”, which led to the loss of funds.

The blog said:

“The attack was a reentrancy bug in our contract. The attacker exploited a missing validation check in mint multiple to pass in a fake “stablecoin” under their control, allowing the hacker to exploit the contract with a reentrancy attack in the middle of the mint.”

Origin Protocol said that they have traced the funds and know that the hacker used both renBTC and Tornado Cash (mixers) to wash and move the funds.

The company stated that it is taking exhaustive measures to recover the stolen funds before holding a discussion about a compensation plan for the affected customers. The firm has advised people not to buy OUSD on SushiSwap or Uniswap as those prices do not reflect the token’s underlying assets. Furthermore, the company has left a message requesting the hacker to return the funds and promised not to take legal action against the attacker if he or she returns 100% of the funds.

Lastly, the company has expressed sincere gratitude to the crypto community as it has obtained outpouring assistance from its security experts, DeFi engineers, investors, and others in such trying times.

Flash Loan Attacks Adversely Affecting DeFi Sector

In September this year, Origin Protocol launched OUSD stablecoin backed by deposits of DAI, USDC, and USDT and is designed to serve as a saving account. The OUSD stablecoin enables users to passively earn competitive returns while holding funds in their Original Dollar (OUSD) wallets.

Original Protocol is the latest to suffer from flash loan attacks, which have become common in the DeFi sector. Flash loan is a new emerging service within the DeFi landscape that allows users to instantly borrow funds without the need for collaterals to access the loans. However, criminals try to use borrowed funds to manipulate the DeFi market – commonly identified as flash loan attacks.

Typically, flash loan attacks happen when malicious actors loan funds from the decentralized finance platforms (like Origin Protocol), but use exploits vulnerability within the platform code to escape the loan mechanism and get away with the funds. Some of the DeFi platforms that have experienced massive hacks and loss of funds include Harvest Finance DeFi protocol, Value DeFi platform, and others.

Stay Alert to Crypto Wallets Protection from Quantum Computer Attack

Cybersecurity experts foresee quantum computers could be advanced enough to break through the Great wall of Cryptographic security within a decade. The application of digital signature to access financial accounts could be risky to be attacked by quantum computer hacking, CNBC reported Thursday.

Cybersecurity experts indicate that most world financial services are using asymmetric cryptography. Individuals generally use public-private key pair to access digital services, such as email or crypto wallets, by using the public-private key pairs and verified by a digital signature to correspondent accounts.

However, the technique of digital signature, i.e. Elliptic Curve Digital Signature Algorithm, could be risky, allowing hackers with quantum computing to forge the digital signature and subsequently empty crypto wallets.

Although the technology of quantum computers is still developing, experts predict quantum computers could be advanced enough to break the cryptographic security of digital assets within a decade, including Bitcoin wallets.

“Every single financial institution, every login on your phone. It is all based on asymmetric cryptography, which is susceptible to hacking with a quantum computer,” Fred Thiel, CEO of cryptocurrency mining specialist Marathon Digital Holdings, said.

However, cryptographer experts said that they do not worry too much about the quantum hacking of Bitcoin wallets as it still has time to well-prepared. Castle Island Ventures founding partner Nic Carter pointed out that quantum breaks would be gradual rather than sudden:

 “It wouldn’t be something that happens overnight; We would have plenty of forewarning if quantum computing (were) reaching the stage of maturity and sophistication at which it started to threaten our core cryptographic primitives.”

Yet, it is still running out of time if the institutions and the public ignore protecting their crypto assets. Thiel said some countries, for example, China, could be able to crack wallets on the blockchain if the government owns a quantum computer.

Thiel further explained that The National Institute of Science and Technology (NIST) in the U.S. has been working on a new standard for encryption to strengthen quantum-proof.

According to the coverage from CNBC, the first standard, the quantum-safe crypto algorithm, is expected to meet the public by 2024 before quantum computers can break bitcoin’s cryptography. Groetker said that once the newly standardised post-quantum secure cryptography is completed, a mass migration of assets will begin.

“Everyone who owns Bitcoin or Ethereum will transfer [their] funds from the digital identity that is secured with the old type of key, to a new wallet, or new account, that’s secured with a new type of key, which is going to be secure,”

Still, hackers could target some traditional accounts and become increasingly insecure if no appropriate and proactive upgrades by using weaker keys. Institutions are recommended to lock down all old-type cryptography and give owners a limited way to access it to deal with cybersecurity upgrade risks.

Last month, at least a hundred Instagram users from Malta were reportedly attacked by hackers. Criminals were demanding that users pay Bitcoin if they wished to regain access to their accounts.  The hackers are allegedly Turkey-based, and this cybercrime has been happening for a few months

Centralization Caused Most DeFi Hacks of 2021, $1.3B Loss to Users in 2021

The growth of the digital currency ecosystem comes with so many challenges chief of whom is security. Innovative sectors of the industry, particularly decentralized finance (DeFi) have borne more of the brunts of security lapses in the past year, with blockchain security and audits firm, Certik pegging the total losses due to hacks at around $1.3 billion of user’s funds. 

Certik shared in its latest DeFi security report that it audited a total of 1,737 projects in 2021. Of these numbers, Ethereum-based projects make up about 42%, and Binance Smart Chain-based projects made up the vast majority of this number with 36%. While it remains one of the most popular audit firms in the ecosystem, the number shows how widespread more innovators are coming into the space.

Beyond DeFi, Certik pointed out that newer trends were seen in Non-Fungible Tokens, and blockchain gaming both of which went mainstream in the previous year. The downside of this growth is the inability to keep up pace with the right security to keep the space secured, with centralization of operational models cited as one major fault amongst protocols that suffered mishap last year.

“With such explosive growth, blockchain security became more important than ever. While the dollar value of losses due to hacks and exploits increased, the proportion they represented of DeFi’s market capitalization decreased yearover-year,” the Certik report reads, “Centralization issues were the most common attack vector exploited in the $1.3 billion in user funds lost in total, across 44 DeFi hacks. This underscores the importance of decentralization and highlights the fact that many projects still have work to do to reach this goal.”

Besides centralization, the utilization of an unlocked compiler version, reliance on third-party dependencies, and missing event emissions were also sources of major security breaches in the DeFi ecosystem. While protocols like the Poly Network survived its hack as the hacker returned all of the stolen funds, Certik believes security will always remain a major challenge in the ecosystem with increasing growth and sophistication.

400 Crypto.com Accounts Hacked, CEO Confirms Reimbursement for all Victims

Kris Marszalek, CEO of Crypto wallet provider and trading platform Crypto.com, confirmed at least 400 accounts have been hacked, saying he would be more than willing to share information about Tuesday’s hack if the regulator has any relevant inquiries, according to Bloomberg.

As of this week, Crypto.com said it will stop all deposits and withdrawals due to suspected unauthorized transactions on the platform.

According to statistics, about 400 customer accounts suffered cybersecurity breaches, and the ether and other cryptocurrencies under their accounts were illegally transferred.

CEO Kris Marszalek said that the platform has not yet been assisted by any regulatory agency.

In the interview, he mentioned that:

“Obviously, it’s a great lesson and we are continuously strengthening our infrastructure.”

All client funds are currently safe and clients who have been attacked have been reimbursed.

Crypto influencer and podcast host Ben Baller said earlier this week that hackers have been emptied of about 5,000 ETH worth approximately $16,000,000.

The Singapore-based exchange had restored its missing funds in the latest Twitter update.

The hacking of systems has been an ongoing problem in the cryptocurrency industry. As reported by blockchain.News the day before yesterday, North Korean hacks on the cryptocurrency platforms jumped to at least seven times, extracting nearly $400 million worth of digital assets over the last year, blockchain analysis firm Chainalysis said.

As one of the largest exchanges with over 10 million users, Crypto.com is not the only exchange to be hacked.

BitMart suffered from a large-scale security breach. According to the cryptocurrency trading platform’s CEO, hackers were able to withdraw assets valued at up to approximately $150 million.

BAYC says Discord Server was "Compromised"

Bored Ape Yacht Club (BAYC) announced through Twitter that its Discord server was hacked.

However, BAYC said that the hack was immediately detected and asked users not to mint and NFT using a link posted on its Discord.

“STAY SAFE. Do not mint anything from any Discord right now. A webhook in our Discord was briefly compromised. We caught it immediately but please know: we are not doing any April Fools stealth mints/airdrops etc. Other Discords are also being attacked right now,” BAYC, the largest non-fungible token (NFT) collection, tweeted.

Further details have yet to be released but it is known that a hacker was able to gain access to the official Discord server that hosts members of Bored Ape Yacht Club, Mutant Ape Yacht Club and Mutant Ape Kennel Club – the three NFT collections from Yuga Labs.

According to security firm PeckShield, the hacker was able to steal Mutant Ape Yacht Club #8662 after posting a phishing link in the Mutant Ape Kennel Club channel, disguised as a ‘stealth NFT mint’.

According to The Block, reports suggest the hacker may have carried out the attack via Ticket Tool – a Discord bot that generates support tickets automatically.

Discord server of NFT platform Doodles has faced a similar crisis, Twitter users have warned. The Block said that Doodles has yet to release a statement about it.

Phishing attacks on NFT collectors via exploiting Discord accounts have become a customary route for hackers. In a recent phishing attack, assets worth $790,000 were hacked from members of a freshly launched NFT collection Rare Bears.

In BAYC’s recent developments, it announced the release of the crypto token ApeCoin ($APE).

According to a report from Blockchain.News, ApeCoin was unveiled in the official BAYC Twitter account, which detailed initiatives planned by creator Yuga Labs.

The initiative also included a planned token tied to gaming and virtual experiences.

The underlying key feature of the token is a dedicated decentralized autonomous organization (DAO) and a supporting foundation, the report added.

Exploitation in the NFT World is Real But Are They Preventable?

To old investors in the digital currency ecosystem, exposure to various forms of scams, frauds, and exploitation will not come as something new, as they must have learned over time that the digital currency ecosystem is filled with such negative occurrences.

New investors, particularly those who started with Non-Fungible Tokens (NFTs), may not understand the growing rate of exploitation bedevilling the ecosystem at the moment.

According to data from blockchain security firm, Slowmist, the first four months of 2022 saw as much as $52 million in losses in NFT-related hacks, a figure that surmounts the $7 million recorded throughout the whole of 2021. 

While the bulk of data available to firms like Slowmist is those featuring well-publicized NFT projects, it is undoubtedly true that many more NFT holders are experiencing personalized exploitations on a daily basis.

To many following big-name projects like Bored Ape Yacht Club (BAYC), it will be recalled that the prestigious NFT brand has faced at least two different exploitations this year alone, the latest leading to the loss of over 200 ETH from Bored Ape owners. That the exploitation in the NFT world is growing is no longer debatable. CryptoMarketsBeat spoke with several industry veterans on the worrisome trend to know its root causes and possible ways investors can protect themselves.

NFTs Are an Attractive Ecosystem for Exploits to Thrive

Hackers and cybercriminals often follow anywhere there is money. While exploitation generally takes many forms, all of them are successful on the premise that there is a big financial catch. The emergence of NFTs came with the underlying goal of extending the utilities of Ethereum, and by extension, blockchain technology.

Nowadays, it is not uncommon to connect NFTs to massive financial valuation, and some projects like CryptoPunks, Bored Apes, and Moonbirds amongst others are reserved for investors or collectors with deep pockets. 

In the image above, the CoinMarketCap aggregator, the top collections, and the floor-price column show projects like Bored Ape can only be snapped up by investors with more than 88.5 ETH (approximately $137,638.74 at the time of writing). Snapping up one Bored Ape through an exploit in any form will come off as a big payday for the exploiters.

“Many NFT projects emerged on the wave of hype when piles of money were injected into this industry,” said Dyma Budorin, CEO of Hacken, a cybersecurity and audit firm. Budorin surmised that the bulk of the attacks on blockchain and NFT protocols could be linked to the misguided desire to follow the money in space.

With money being a very good attraction in space, hackers have come to understand that they can easily exploit protocols because many do not pay due diligence to their security infrastructure.

“Most common hack scenarios involve social engineering and the usage of various scripts to steal private keys or other credentials to access the critical infrastructure point,” said Andrey Pelipenko, CTO of Roach Racing Club, “On top of that, hackers seek vulnerabilities in the smart contracts that accumulate funds, so using proprietary smart contract solutions that are not tested adequately, especially those coming from inexperienced developers, is a poor solution” which consistently predispose NFT projects to attacks.

What is Bad for the Goose is also Bad for the Gander

Suppose the big NFT projects are the Geese in this context and the Ganders’ smaller ones. Experts agree on the fact that all these projects are collectively victims of these scams.

“I bet you’ve seen news headlines about NFT hacks containing a name of a big project, such as OpenSea or Bored Ape Yacht Club, just because these projects are the most famous ones and accumulate the greatest volume of assets. Small projects and individual NFT creators and buyers also fall victim to hacks,” Budorin added.

A new perspective was brought into the discourse by Dr. Dmitry Mikhailov, CSO of Farcana Gaming Metaverse, who noted that attacks are necessarily not targeted at individual collectors or NFT projects alone. He said users of big marketplaces like OpenSea are also highly susceptible to various forms of cyber attacks.

While not referring to one particular platform, Dmitry believes “such marketplaces are often developed too fast to provide the proper level of cyber defence. Vulnerabilities are caused by insufficient attention to security issues: lack of two-factor authentication, lack of readiness for phishing, and DDoS attacks.”

As it is now obvious, irrespective of the form that projects take, they can easily be exploited if the appropriate safeguards are not put in place.

Curbing Growing NFT Exploitations

Despite the fact that the broader NFT world is still being unravelled, there are a number of ways that the experts we spoke to believe can be adopted to wade off the activities of cybercriminals across the board.

While the first of the major recommendations in accordance with Dmitry is to educate NFT investors on the major causes or reasons why they fall prey to attacks, Budorin advocates close “cooperation with trusted cybersecurity vendors,” a move that will enable projects “to undergo smart contract audits and consider running a public bug bounty program.”

These recommendations have been vetted by other experts and are generally known to prevent crucial hacks in the short history of the NFT ecosystem. In all, Pelipenko advocates that investors should always do their own due diligence before injecting funds into any project, no matter the hype.

“We always recommend Doing Your Own Research (DYOR) before taking any actions: it’s a must-do in the crypto space. It is important to understand that, unlike the non-fungibles from the GameFi sector, most NFTs are just collectables without any specific utility. NFTs are risky assets, yet, most people still tend to fall for hyped projects without doing any deep research first,” he said.

The Light at the End of the Tunnel

Along with the broader digital currency ecosystem, the NFT space has a lot of bright lights at the end of the tunnel as investors are becoming more vigilant, and developers are doing their due diligence to ensure protocols are as secure as possible before launch.

Aside from the bearish correction in the industry, Venture Capital firms are injecting liquidity into security protocols like CertiK to bootstrap the security outfits tasked with safeguarding the ecosystem of tomorrow.

From current trends, scams may persist, but the growing awareness will largely tame their spread in the near future.

Exit mobile version