NFT marketplace account takeover
The digital marketplace for NFTs grew to an estimated $22bn last year, but companies face new frauds challenges every day. Recently fraudsters are able to perform a successful fraud using the account takeover in the NFT marketplace.
There are different methods that fraudsters can use to hijack an account. For example, credentials stuffing, phishing, social engineering, and SIM swap for high-profile accounts are the key account takeover methods. Fraudsters use stolen usernames and passwords on login forms to steal the NFT non-fungible token or NFT arts by employing credential stuffing. The NFT marketplace login forms are constantly hit by bots and automated scripts which involves very less cost to initiate the attack for the fraudster.
NFT account takeover becomes a nightmare for the victim and also destroys the marketplace reputation, customer trust, strain on operations teams, customer loyalty and retention, financial impact, and the future of the marketplace becomes dark.
Some of the recent attacks on the NFT marketplaces are given below. You can find the list of stolen NFT arts in the example. Victims are rushing to review and revoke your token approvals for dApp using ETH token approval checker.