Halborn Logo

// Blog


NFT Scams: How to Protect Your Assets From Targeted Crypto Hacks


Rob Behnke

February 1st, 2023

Cybercriminals are increasingly targeting high-profile and high-net-worth individuals in the crypto space.  Once these attackers gain access to the target’s systems and accounts — via a variety of different means — they can drain the NFTs or cryptocurrency stored within their digital wallets.

The Rise of Targeted Crypto Attacks

Many major DeFi and crypto hacks focus on quantity over quality.  By targeting major protocols and projects, cybercriminals can drain large sums from exploited smart contracts.

However, cybercriminals can also achieve big payoffs by targeting high-net-worth crypto owners.  Within the last month or so, several major personalities in the crypto space have been the victims of targeted attacks.  These include the following:

  • Kevin Rose: The CEO of the Proof NFT collective was the victim of a phishing attack that allowed the attacker to steal 40 NFTs.
  • NFT God: The pseudonymous NFT God accidentally downloaded a trojan horse that gave the attacker complete control over their online accounts, including digital wallets.
  • Nikhil Gopalani: The COO of RTFKT lost approximately $173,000 to a phishing attack, including numerous NFTs.
  • CryptoNovo: An NFT collector was the victim of a phishing attack that stole 10 NFTs that sold for 492.66 ETH.
  • Luke Dashjr: An original Bitcoin Core developer, Dashjr lost 216 BTC worth approximately $3.6 million due to compromised accounts and a leaked PGP private key.

These are only some examples of cybercriminals targeting high-profile crypto figures.  Many other NFT hacks and other forms of crypto attacks are designed to gain access to trusted social media accounts to push scams and phishing attacks.

Personal Crypto Security Best Practices

Crypto attackers use a variety of different means to gain access to users’ wallets and drain them of funds.  Some best practices that can help you protect yourself against these threats include:

  • Beware of Phishing: Many crypto thefts begin with a phishing email that tricks the recipient into revealing their private keys or installing malware on their computer.  Be cautious of any unsolicited email containing links or attachments.
  • Verify Links: Cybercriminals commonly try to trick their targets into visiting phishing pages that masquerade as legitimate sites.  Recently, NFT God and other individuals have been hacked by downloading malware from malicious sites listed among sponsored ads on Google searches.
  • Only Use Trusted Trading Sites: Cybercriminals may try to convince victims to transfer NFTs and other digital assets on non-standard sites.  Once a wallet is connected to these sites, the attacker can perform transactions to drain everything from them.
  • Use MFA Where Possible: Attackers commonly attempt to steal passwords to access online crypto wallets and other digital accounts.  Enabling multi-factor authentication (MFA) where possible makes this harder for attackers to accomplish.
  • Validate Software Before Install: Alleged digital wallet software and mobile apps may contain malicious code to steal private keys or perform unauthorized transactions.  Validate that software comes from a legitimate source before installing it and entrusting it with sensitive information.
  • Watch Out for Airdrops: Some airdrops are designed to trick recipients into connecting a wallet, which allows the attacker to drain them of digital assets.  Verify the legitimacy of an airdrop before opening any tokens sent to your wallet.
  • Store Crypto on a Cold Wallet: A cold wallet stores blockchain private keys offline, making them less accessible to an attacker.  High-value NFTs and other assets should be stored in a cold wallet whenever possible to reduce the risk of theft.

Scammers post a significant threat to the security of your crypto assets.  To learn more, check out our blog on the most common crypto scams and our ultimate guide to spotting and avoiding NFT scams.