Over the weekend, some users of the NFT market, Nifty Gateway, said that hackers stole thousands of dollars worth of digital artwork from their accounts. Some people who were hacked also said that their credit cards on file were used to buy additional NFTs, also costing thousands of dollars, which were then transferred to a hacker’s account.
Nifty Gateway confirmed in a statement to The Verge that some accounts without two-factor authentication have been hacked and that he is in contact with the affected people, but said he has seen no evidence that his platform has been breached. The Nifty Giveaway suggests that hackers may have successfully reused login credentials that were leaked from other services.
“We saw no indication of a compromise on the Nifty Gateway platform,” says the statement. “The Nifty Gateway team is communicating with a small number of users who appear to have been affected by an account hacking. Our review is ongoing, but our initial assessment indicates that the impact was limited, none of the affected accounts had 2FA enabled, and access was obtained through valid account credentials. “
Someone stole my NFTs today in @niftygateway and bought $ 10K ++ worth of today’s drop without my knowledge. The NFTs were then transferred to another account.
I encourage EVERYONE to verify their accounts as soon as possible.
Could you use everyone’s help here – please RT!
Complete
– Michael J. Miraflor (@michaelmiraflor) March 14, 2021
Someone hacked mine @niftygateway account tonight and used my credit card attached to the account to buy about $ 20k worth of artwork … cool
– Keyboard Monkey (@ KeyboardMonkey3) March 15, 2021
@niftygateway my entire account was hacked and the person who entered it was not even initialized after changing my password ?! What the hell is happening ?!
– Lt.Crandog (@LtCrandog) March 13, 2021
In the past few weeks, many NFTs have suddenly become high-value assets; Grimes sold a series of 10 digital artworks for about $ 6 million, for example, and digital artist Beeple sold an NFT for $ 69 million at Christie’s. So, unfortunately, it is not at all surprising that NFT platforms have become targets for hackers looking to steal digital artwork or obtain credit card information to buy more.
To help prevent future hacks, Nifty Gateway recommends enabling two-factor authentication. “We encourage our users to enable the 2FA we provide on the platform and never reuse passwords,” continues the statement. “We saw some reports that the NFTs involved in these account purchases were sold in transactions negotiated on Discord or Twitter. We strongly recommend that all Nifty Gateway customers purchase their NFTs from the official Nifty Gateway market. “
Given the blockchain-based nature of NFTs, the Nifty Giveaway has no control over an NFT after it is stolen, so it seems unlikely that affected users will be able to recover their lost collections.