“Limited” Edition NFT’s Stolen; Only Accounts with No 2FA Affected, says Nifty Gateway
With so much money flowing in the crypto space, hackers have locked onto their new target – Non-Fungible Tokens (NFT).
As we saw with DeFi, now NFTs are becoming popular, going mainstream with millions of funds flow into space; hackers have started taking notice. Several people reported their NFTs being stolen.
“I got an alert that I sold something on the @niftygateway Marketplace. When I checked to confirm the transaction, I noticed that my entire collection was empty.”
He then received multiple fraud alerts from his financial services provider American Express. He added,
“During today's drop, I got multiple fraud alerts from AMEX. I have been using fiat/cc exclusively on NG.”
Miraflor got legal advice and has reported the matter to the local police and contacted his insurance company, which covers his physical art. His digital assets, NFTs, however, are lost and may never be recovered.
Other people also shared similar accounts of their NFTs stored on the platform being stolen, on Twitter.
Someone hacked my @niftygateway account tonight and used my credit card attached to the account to buy like $20k worth of art… cool
— Keyboard Monkey (@KeyboardMonkey3) March 15, 2021
In response to the security concerns on the platform, crypto exchange Gemini owned Nifty Gateway said the platform wasn’t at fault. The platform tweeted,
“We have seen no indication of compromise of the Nifty Gateway platform. The Nifty Gateway team is communicating with a small number of users who appear to have been impacted by an account takeover.”
According to the marketplace, the impact was “limited” and only those accounts were impacted which didn’t have any 2 two-factor authentications (2FA) enabled.
The attacker obtained access through valid account credentials. Some of the NFTs involved in these account takeovers were reportedly sold in transactions negotiated over Discord or Twitter. It said,
“We encourage our users to enable 2FA that we provide on the platform and never reuse passwords…We strongly encourage all Nifty Gateway customers to purchase their NFTs on the official Nifty Gateway marketplace.”