Crypto and NFT Asset Security | Rodman Law Group, LLC

_{In June, OpenSea revealed that users’ email addresses were compromised due to vendor errors.}

As virtually all NFT investors do, if you have an OpenSea account, you probably got your email address leaked in late June due to a company-wide data breach.

This is not the first cyber attack in the popular NFT market, but is another reminder to investors about the vulnerabilities of online cryptocurrency and NFT trading.

June 29th^thOpenSea published one statement to Twitter explaining that “[a]n employee of our email provider, Customer.io, abused employees’ access to download and share email addresses with an unauthorized external party. “

The post further states that “Email addresses provided to OpenSea were affected.”

If your email is linked to an OpenSea account or you have signed up for their newsletter, your email address was probably included in the data breach, possibly along with your phone number.

As a result of the breach, leaked email addresses can be targeted against phishing attacks on email. These attacks range from malicious links to attachments and more from accounts claiming to be OpenSea. These scam accounts may have addresses that are virtually identical to OpenSeas, but with slight variations.

One thing all investors should be aware of is not to open any links in emails that you do not trust or expect. Similarly, investors should not open unknown attachments that were not expected from that sender.

Another attack vector investors should avoid are unknown text messages with links as well as possible SMS two-factor authentication (“2FA”) Breach of authorization. Investors can avoid this type of attack by removing SMS 2FA and replacing it with authentication tools such as Google Authenticators.

The emergence and growth of the cryptocurrency and NFT markets gave investors complete custody of their assets, and with that self-custody came the responsibility to maintain the security of these assets.

In the case of Cryptocurrency, Coinbase’s recent 10-Q filing with the US Securities and Exchange Commission (“SEC”) Reminds investors that assets investors have on stock exchanges in their personal swap accounts may be subject to bankruptcy proceedings. These investors risk being treated as “general unsecured creditors” in the event of the stock exchange’s bankruptcy.

This means that assets held on Coinbase by consumers can be paid to secured creditors on that exchange if Coinbase is unable to pay these debts in the event of bankruptcy.

That said, it is important to remember that all SEC-regulated exchanges are required to comply with applicable regulations such as quarterly 10-Q submissions and the requirement that investors with assets on exchanges be treated as unsecured creditors.

While it is unlikely that widely used exchanges such as Coinbase will file for bankruptcy anytime soon, the company’s recent 10-Q submission reminds investors in more ways than one that the responsibility for securing their assets is ultimately their own.

While not entirely flawless, hardware wallets can help maintain the security of digital assets.

So, what are the best ways you can secure your cryptocurrency and NFT assets?

The foremost security method for crypto and NFT assets held online is to move them offline to a hardware wallet. The hardware wallet password should be stored securely offline in addition to the recovery phrase assigned to that hardware wallet.

Both the password and the recovery phrase should not be shared with anyone, nor should any company need such information.

Although storing assets on an offline hardware wallet is one of the best security methods for investors, it can give a false sense of total security that their assets on hardware wallets are impenetrable.

In other words, many investors have the false belief that if you have a hardware wallet, your assets must be safe no matter what actions that investor may take. This is not always the case, especially when your hardware wallet is online to interact with marketplaces and exchanges.

In situations where your hardware wallet is connected online, pay attention to which websites you allow connection to, as well as the transactions you approve through the hardware wallet.

For example, a coin website where you plan to create an NFT could be compromised by hackers. The same compromised coin website that requires your hardware wallet to be connected for the coin process can then give hackers access to your wallet based on your approval of a malicious smart contract.

As a result, once a transaction is approved by a hardware wallet on a hacked coin website, hackers can send your assets from one wallet to another.

The contract shown before approval should always reflect the correct information on your hardware key, so if you are unsure, do not let the transaction be processed. Once a smart contract is approved, access to your hardware wallet is granted based on the permission granted.

Attacks on popular NFT marketplaces such as OpenSea will most likely continue to be attempted, so stay consistently aware of your security and ways you can reduce your security risk.