Non-fungible token (NFT) hacks have led to losses of almost $52 million in the first four months of 2022 alone compared with less than $7 million over the whole of 2021, according to report by Top10VPN, a global digital privacy and research group.
After only a single hack in the first half of 2021, which was reportedly due to individual users failing to enable multi-factor authentication rather than security issues on the Nifty Gateway platform, there have been almost 40 more incidents since then.
Bored Ape Yacht Club, one of the most well-known NFT projects, was hacked in April 2022 when its official Instagram account was compromised and used to send a phishing message. The stolen NFTs as a result of this were reportedly worth $3 million.
While the concept of NFTs dates back to 2014, the market for such digital collectibles has exploded in popularity in a very short time, attracting financial speculators flush with cryptocurrency. Platforms such as OpenSea and Binance have sprung up to facilitate the lucrative trade in NFTs.
“With individual NFTs often changing hands for a million dollars or more, and sometimes much more than that, it’s inevitable that the NFT ecosystem would become a target for hackers. We found that while hacks on NFT platforms may have started small in early 2021, targeting individual users for a few tens of thousands of dollars, less than a year later, cybercriminals are now regularly making off with millions of dollars worth of cryptocurrency,” Top10VPN said.
The report further said that cryptocurrency itself, another highly lucrative blockchain-based tech, is at the heart of another big cybersecurity trend in 2022. Cryptojacking is the unauthorized use of victims’ devices to mine for cryptocurrency, typically after infection with malware.
The research found cryptojacking to be the fastest growing form of malware in 2022, due to a cryptocurrency market whose total value was over $2 trillion at the time of writing. The average number of cryptojacking incidents in 2022 stood at 15.02 million per month compared to 8.09 million per month over 2021, an increase of 86%.
The analysis, which draws on threat intelligence data captured by firewall vendor SonicWall, shows that the growth of cryptojacking far outstripped the general trend for malware, which is so far up 16% in 2022.
The following table shows the methods use to attack the NFT ecosystem, typically resulting in the theft of tokens or cryptocurrency, since the start of 2021
It’s possible that NFT investors are wising up however, as scams account currently account for 21% of all NFT hacks in 2022 compared to 36% in 2021. This could change however over the year to come.
No platform vulnerabilities were successfully exploited until 2022 but now account for 17% of attacks this year.
The average number of cryptojacking incidents in 2022 stands at 15.02 million per month compared to 8.09 million per month over 2021, an increase of 86%.
Number of incidents of cryptojacking by month from the start of 2021 by region
IoT Malware Statistics
The average number of such incidents (Month-wise) in 2022 stands at 9.5 million per month compared to 4.9 million over 2021, an increase of 95%.
Number of incidents of IoT malware by month from the start of 2021 by region
IoT devices have proliferated and range from consumer items, such as smart home devices and wearables, to retail uses, such as barcode readers and payment terminals, and industrial applications, such as sensors, drones and smart robotics. Many newer model cars also contain IoT components. Other key sectors that increasingly rely on IoT devices are healthcare and education.
All of these devices and sectors are being increasingly impacted by malware, particularly in North America. The region experienced over 60% of all such attacks in March 2022. In comparison, it accounted for just 24% of global attacks in March 2021.
The average number of such incidents in 2022 stands at 534.2 million per month compared to 458.8 million over 2021, an increase of 16%.
Total malware is increasing more modestly than its niches, however there are still over 75 million more attacks each month in 2022 around the world than there were in 2021.
The average number of such intrusions in 2022 stands at 489.2 billion per month compared to 430.7 billion over 2021, an increase of 14%.
Number of malicious intrusion attempts by month from the start of 2021 by region
Source: Top10VPN & TechCircle