tl;dr Summary: As Yuga Labs declares a “persistent security threat” to their NFT ecosystem, it’s a good reminder that the crypto and NFT space is still very susceptible to threats. However, various dApps and marketplaces are implementing tighter security measures which will hopefully make hacks less regular.
Yuga Labs, the company behind the Bored Ape Yacht Club and other popular NFT collections, has had a difficult year. Their rise to prominence in the NFT space has been accompanied by a barrage of security threats. Their Discord server has been hacked twice in 2022 alone. Multiple Yuga Labs employee accounts were compromised by hackers who posted malicious links to false giveaways or surprise minting sites. Unsuspecting users, believing the posts were from legitimate leaders from the Yuga Labs team, clicked on these links and unknowingly approved transactions that allowed hackers to drain millions of dollars of cryptocurrency and NFT assets.
The cofounder pseudonymously known as Garga notified his Twitter followers on July 11 that a hacker was trying to get access to his account. Just a few days after this incident, Yuga Labs reported a “persistent security threat” to their 337,000 Twitter followers. According to the tweet, multiple communities were being targeted in a coordinated attack. It was never reported who the party behind the “persistent security threat” was or what actions Twitter and Yuga Labs took to defend against them.
These attempted hacks are barely newsworthy as the web3 market has been reeling from dozens of attacks this year. According to Certik, a blockchain auditing and security company, over $2 billion have been lost to hacks and exploits through Q2 of this year—more than in all of 2021 combined. However, Yuga Labs’ vigilance and prompt action to defend against such security attempts is a sign that the crypto community is attempting to fight back against the hackers. Many notable names are also leading the charge alongside Yuga Labs and others.
OpenSea, one of the top NFT marketplaces, announced new security features last month to help prevent scams and fraud. Among the solutions is a feature that automatically conceals untrusted NFT movements as soon as they are spotted. The new features also include changes to prevent scams and theft, reduce critical response times, and scale moderation and reviews.
In an update to their platform, MetaMask, one of the leading Ethereum wallet applications, makes it more apparent to users when they are authorizing transactions that give applications access to their NFT assets. Their latest update emphasizes highlighting transactions that request “set approval for all” of your MetaMask wallet. This has been one of the largest issues with previous exploits of the Bored Ape Yacht Club community. Users that are reasonably excited about a free NFT giveaway will often miss the complicated fine print associated with a Metamask transaction approval. The “set approval for all” command grants smart contracts permission to approve and transfer tokens from the user’s wallet at a later date. Bad actors can exploit this command to drain wallets long after this approval was given. MetaMask’s update reminds users to be mindful of the smart contracts they interact with.
Along with security updates to existing applications, new applications are also being built to arm NFT communities against security threats. An innovative new application and browser extension called Pocket Universe simulates transactions on a copy of the blockchain and checks if the user is signing a safe transaction. The app only reads the transaction data and tests it in their simulation data. The user can then decide whether or not they’d like to approve the transaction based on the apps’ assessment.
Fans of Yuga Labs are encouraged to see that some effort is being made by leaders in the NFT space to curb the incessant attacks on early web3 adopters. Hacks and exploits are a glaring problem that need to be solved before mainstream adoption could ever be accomplished. Until then, the constant vigilance and communication with their followers will allow for Yuga Labs to remain a trusted brand in the nascent NFT industry for years to come.