NFT marketplace account takeover
The digital marketplace for NFTs grew to an estimated $22bn last year, but companies face new frauds challenges every day. Recently fraudsters are able to perform a successful fraud using the account takeover in the NFT marketplace.
There are different methods that fraudsters can use to hijack an account. For example, credentials stuffing, phishing, social engineering, and SIM swap for high-profile accounts are the key account takeover methods. Fraudsters use stolen usernames and passwords on login forms to steal the NFT non-fungible token or NFT arts by employing credential stuffing. The NFT marketplace login forms are constantly hit by bots and automated scripts which involves very less cost to initiate the attack for the fraudster.
NFT account takeover becomes a nightmare for the victim and also destroys the marketplace reputation, customer trust, strain on operations teams, customer loyalty and retention, financial impact, and the future of the marketplace becomes dark.
Some of the recent attacks on the NFT marketplaces are given below. You can find the list of stolen NFT arts in the example. Victims are rushing to review and revoke your token approvals for dApp using ETH token approval checker.
Account takeover fraud prevention for NFT marketplace
Before applying any prevention measure, ensure the customer is not facing high frictions on the login. Below are the some actionable implementations that can be done. However, it does adds the friction when logging in.
- Rate Limiting on the Authentication
- Identifying the high risk IP addresses such as TOR, VPN and proxies
- Identifying the Bots authentication.
- Learning user behavior based on the historical non-PII data
- Usual authentication fail or successful spikes
- Send users notifications for account suspicious behavior
To learn more about how account takeover works, check our insights page here.
Account takeover fraud prevention for NFT Marketplace
NFT account takeover
NFT fraud prevention
NFT marketplace account takeover
5 replies on “Account takeover: Combating NFT marketplace with frauds”
Beosin Reactor – Best in Class and Great Service
I am a website designer. Recently, I am designing a website template about gate.io. The boss’s requirements are very strange, which makes me very difficult. I have consulted many websites, and later I discovered your blog, which is the style I hope to need. thank you very much. Would you allow me to use your blog style as a reference? thank you!
Your enticle helped me a lot, is there any more related content? Thanks! https://www.binance.com/en/register?ref=P9L9FQKY
I have read your article carefully and I agree with you very much. This has provided a great help for my thesis writing, and I will seriously improve it. However, I don’t know much about a certain place. Can you help me? https://www.gate.io/vi/signup/XwNAU
The point of view of your article has taught me a lot, and I already know how to improve the paper on gate.oi, thank you. https://www.gate.io/tr/signup/XwNAU