Do you really know who is bidding on your NFTs?

Non-fungible tokens (NFTs), offer huge revenue potential for brands, and opportunities for cybercriminals to exploit if security is not considered from the start.

These days, bots are cybercriminals’ secret weapon and are increasingly being used to manipulate prices, defraud customers and undermine the NFT ecosystem.

This means that NFT marketplaces must do everything they can to provide dynamic security defenses against bots and other cyber-attacks to safeguard their NFT investments, market reputation and customer experience

Why do hackers focus their bots on NFT sales? It’s quite simply where the money is. The market for NFTs grew to $41 billion by the end of 2021, according to Chainalysis. NFT market ecosystems are relatively new and the technology and processes are not always understood – making them a perfect target.

The online retail industry has been hit hard by bots, especially with limited edition product releases like sneakers being targeted by bots for inventory. While blockchain, cryptocurrencies and decentralized finance are recent innovations, they are emerging in a mature, battle-tested cybercrime environment.

Bots to watch out for

Malicious bots can manipulate NFT prices and product availability, or offer fake products for sale. Bots can also be part of larger schemes that involve taking down entire websites, as well as stealing identities and other personal financial information. Here are some types of bots you should protect against:

Buy robots. These are designed to buy goods or services online in bulk, the moment they go on sale and complete the payment process instantly. The goal is to gain mass control of valuable inventory, which is usually resold on secondary markets at a significant premium. They prevent purchases from real human buyers, resulting in consumer frustration and denial of inventory as the NFTs become unavailable.

Bidding robots. These bots make fake bids to manipulate NFT prices. By placing a large number of lowball bids for NFTs well below the asking price, price bots reduce the value of an NFT without actually making a purchase. Increase price bots buy low-priced NFTs, creating artificial scarcity and increasing popularity to force buyers to pay more for remaining inventory, often in secondary markets. And bidding bots can artificially increase the price of NFTs through automated bidding wars.

Counterfeit NFT bots. Bots can be used to sell non-authentic NFT projects that do not match policy IDs. When a consumer mistakenly buys a counterfeit NFT, there is little chance of a refund, and without proper authentication, no chance of legal resale.

Fake advertising bots. Bots can also disguise themselves as phishing schemes, tricking users into clicking on links to take advantage of very limited offers, such as a fake YouTube Genesis Mint Pass.

Widespread bot activity in NFT marketplaces sows doubt and suspicion and affects potential buyers, legitimate sellers, artists, athletes and creatives whose products are sold on online marketplaces. Malicious bots could also potentially derail the growth of blockchain-based markets, and if NFT exchanges gain a reputation for being bot hotbeds, it could threaten one of the most dynamic facets of the new digital economy.

Protects your marketplace from bots

We have learned a lot from our work with many of the top NFT marketplaces and exchanges, helping them implement sophisticated security and safety measures. This includes protecting against bot attacks that target logins, stopping the creation of fake accounts and preventing inventory bots that buy up inventory and drive up NFT prices. Here are some important points to consider:

  1. Understand patterns of fraudulent new account openings and validate their registration.
  2. Evaluate your bot defense strategy to prevent sophisticated, human-like automation and refactoring.
  3. Avoid account takeover by monitoring transactions for signs of fraud or risky behavior and harden login systems against credential stuffing.
  4. Leverage authentication intelligence to improve the customer experience.
  5. Manage users to identify whether they are customers or bots.
  6. Expand your security and fraud teams with new tools and intelligence support.
  7. Expect criminals to keep revving up their attacks—and to be able to quickly restore your defenses.

Help your customers protect themselves from cybercriminals

It is important to protect and gain customers’ trust, and this starts with education. Here are some tips to share with your customers:

Consider hardware wallets. If you use cryptocurrency to buy NFTs, consider using a hardware wallet to make the purchase. Hardware wallets, which are external physical devices with specialized firmware to prevent access to private keys, can significantly improve the security of cryptocurrency and NFT purchases by protecting them from bots and other cyber-attacks.

Always review contracts. Buying an NFT almost always involves entering into a “smart contract” with the seller. Carefully review these contracts, which are issued on the blockchain, before approval because they detail the unique information associated with your NFT, including ownership and transaction details. Know what you’re agreeing to, as smart contracts can specify rules for trading NFTs and other ownership rights.

Beware of fake marketplaces. Only consider buying NFTs from reputable organizations that take security seriously and keep transactions bot-free.

Understand how your NFT marketplace communicates and what your options are if your NFTs are stolen. Knowing in advance how your marketplace will contact you and what you can use if your NFTs are stolen can help you deflect phishing attacks, counterfeiting and other scams.


About the author

Angel Grant is VP of Security at F5, on why Web3 companies need to defend their customers against malicious bots. F5 is a multi-cloud application services and security company committed to bringing a better digital world to life. F5 works with the world’s largest, most advanced organizations to optimize and secure every app and API anywhere, including on-premises, in the cloud or at the edge. F5 enables organizations to offer exceptional, secure digital experiences for their customers and continuously stay ahead of threats. For more information, go to f5.com.

Featured image: ©Dmitry


You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *