TechRepublic’s Karen Roby spoke with Rick McElroy, principal cybersecurity strategist with VMware Carbon Black, about security concerns with non-fungible tokens. The following is an edited transcript of their conversation.
SEE: NFTs: What IT leaders need to know about non-fungible tokens (free PDF) (TechRepublic)
Karen Roby: Rick, set the stage first for what NFTs are.
Rick McElroy: Yeah, it’s a non-fungible token, so essentially it’s the digital representation of a unique piece of artwork, whether that’s a video file, a picture, a digital piece of music, any of that stuff. You can use this methodology to essentially create a unique digital property and then sell that through exchanges across the internet.
Karen Roby: We know with things that are new like Bitcoin or other cryptocurrency, when things are new and exciting and people want to get in and want to get involved but don’t quite understand it, there are security risks involved, and that is certainly the case here.
Rick McElroy: Yeah, definitely. I’m glad you mentioned some of the other cryptocurrencies out there like Bitcoin. I mean, when you look at the risks of any of these transactions that occurred over a blockchain, the rest are the same. You have something that’s worth value on the open market. In this case, it’s a piece of digital art, and then you want to exchange that for currency, but one of the unknowns about NFTs is things like starting your crypto wallet because you have to receive payments. The NFTs are going to be stored in there, the owner of those NFTs and those things. And so what happens is along that chain, it’s just ripe for attackers, whether they go after the gateways and exchanges themselves, which we’ve seen with cryptocurrency or if they’re actually targeting the users themselves and going out to those digital wallets.
SEE: Best bitcoin hardware wallet in 2021 (ZDNet)
Karen Roby: Rick, expand a little bit on who’s buying these, who’s selling, who’s involved within NFTs.
Rick McElroy: When you look at some of these transactions, multiple millions of dollars invested, look, I think for artists themselves, it’s pretty cool. And I think a lot of artists out there, especially when it comes to protecting their property rights and being able to monetize their art form in different ways, that becomes really cool. And then as you look toward future techs and things like augmented reality, virtual museums that you can walk into and see some of these things on a headset, it’s really cool. Conversely, from an attacker perspective, they know they’re valuable. They know they’re worth money. I think from an attacker perspective, they’re looking at a couple of things, the things they always do, but I also think that it becomes ripe for things like money laundering. Whenever you have an asset that’s worth value that does not go through some sort of regulated central bank, you pretty much can see that followed by things like fraud and those types of attacks. So, I think it will be leveraged for those as well.
Karen Roby: Including the security talk here, what other advice do you have for people regarding NFTs?
Rick McElroy: Number one, I think they should keep in mind that you’re acting as your own bank in these cases, whether you’re using cryptocurrency or something that leverages the same technology like NFTs. You are acting as a bank. You have a valuable asset that sits in a wallet. A lot of folks leave those wallets online and connected to the cloud. I’m recommending that you don’t do that. I’m also recommending, and this becomes rather unique in an NFT case because you are advertising an asset for sale, however I don’t think people should be very braggy on social media about it because you’re actually making yourself a target.
SEE: Cryptocurrency glossary: From Bitcoin and Dogecoin to hot wallets and whales (TechRepublic Premium)
We know that crypto wallets have been targeted in the past. They will continue to be targeted through things like phishing attacks, and then we also know that the gateways themselves for exchanges will be targeted. And so my second piece of advice is please ensure that you’re using multi-factor authentication everywhere that you can. There was a recent case where one of the gateways was hacked, that the user accounts were accessed, they had access to buy, sell, trade NFTs, they had access to the cash accounts. And the cash and the currency that were in these accounts were insured. None of the NFTs that were stolen were, and so we’ll continue to see regulations that will be helpful for things like NFT theft, but I think multi-factor authentication everywhere that you can get it is just a good piece of advice.
Karen Roby: Rick, I like how you said don’t brag on social media about something like this.
Rick McElroy: If you had a bunch of gold sitting in a safe, you wouldn’t go brag about it or conditionally, I would say people wouldn’t. NFTs and cryptocurrencies should be treated the same way.
Karen Roby: Rick closing out, what do you see for NFTs say two, five years down the road?
Rick McElroy: Well, it’s interesting right? I mean, NFTs are either going to be a thing or they won’t. Generally, the community behind it will either strengthen them or not. I do think there’s some good movement with NFTs. I don’t know that anyone can predict where this ultimately lands and whether or not any sort of proprietary content then gets turned into an NFT. But I do think on the digital media side, I do think for things like music artists, it’s going to be very helpful for them to monetize their art and get that out in some different ways. And so, I actually think they’re kind of cool. I actually think especially for some of the protections that they have for artwork that’s out there, being able to add a percentage rate on a resale market for a piece of art that I generate if I’m an artist, I think that can make it sticky and so I’m hopeful that it’ll change the way we do art forms.