On April 2, Jay Chou posted on Instagram that his boring ape was stolen, and NFTs quickly became the hegemonic topic of domestic social networking sites.
Image source: Jay Chou ins
From March last year, artist Beeple's NFT painting "Everydays: The First 5000 Days" sold for $69.37 million, and NFTs quickly became popular.
During this year's Beijing Winter Olympics, the price of the NFT digital collection of ice piers soared nearly a thousand times, attracting countless people to rush.
The industry heat of NFTs can be described as "unprecedented". Open the Baidu index, search with "NFT" as the keyword, you will find that in the past 30 days, the daily average of the search index has reached 12870, and the daily average of the information index has exceeded 73708.
The ultra-high topic of NFT quickly entered the field of vision of the general public.
01
What is an NFT?
NFT is so hot, many netizens have to ask, what is NFT?
Take advantage of this topic and talk to everyone.
The full English name for NFT is Non-Fungible Tokens, Chinese generally translated as "non-homogeneous tokens/non-fungible tokens".
Image source: Wikipedia
It is the only cryptographic token used to represent digital assets, that is, video, audio, pictures, artwork, game props, etc., and is an entry belonging to the blockchain. Imagine that buying an NFT with Bitcoin is equivalent to buying a painting in RMB, buying a prop with game currency, and also bringing its own anti-counterfeiting logo.
Of course, this description is not very accurate, and the NFT does not represent the digital product itself, but the buyer's proof of ownership of the work. We can pay for an NFT of a picture, and this act will be recorded on the back of the chain and prove that I am the permanent owner of the picture. And NFTs can also be traded, resold and gifted to others for a second time.
As soon as this concept was launched, it was sought after by many celebrities, such as Zhou Dong's monkey, and there was a blue monkey in the same series. If you have a basketball-loving friend around you, he probably used the following avatar, which is the NFT that NBA player Curry bought for $180,000.
Curry boring ape head, image source Curry ins
Curry spent $180,000 to buy a profile picture, I right-click to save, is it a net profit of $180,000? Well, just kidding.
Although I was able to copy and save this picture, the real owner of this blue-haired monkey is Curry. Like real-life artworks, everyone may have a 1:1 copy of Van Gogh's painting Fifteen Sunflowers in a Vase, a poster, but the real original work is only one, in the hands of only one person.
NFT this thing is very valuable, Zhou Dong and Curry involved in the boring ape is one of the world's hottest NFTs, the current lowest price of a single product on the network is 108 ether, equivalent to 350,000 US dollars. And jay Chou's stolen boring ape cost about $420,000. You know, when the boring ape project was first launched in April last year, the unit price of these monkey pictures was only 200 US dollars, and in less than a year, the price increased by about 2,000 times.
According to data agency Nonfungible, the size of NFT transactions will reach $14 billion in 2021. It is predicted that in 2022, the transaction record of overseas NFT markets may reach 22 billion US dollars.
02
Why was it stolen?
The huge value-added space and growth trend of NFTs have not only attracted a large number of retail investors to enter the game, but also caused the black industry gangs to rub their fists.
Black industry gangs generally steal user information through two ways, one is to directly attack the business system; the other is to target ordinary users, using Trojans/viruses to directly intercept sensitive data of users, or to deceive users into handing over information through phishing websites.
For example, to steal Zhou Dong's NFT, you can directly attack the business system to get his account number and password. Zhou Dong's NFT is placed in the Ethereum wallet, so to steal this monkey NFT, you must first crack his Ethereum key.
The Ethereum key is a string of 256-bit binary numbers. Each bit has 2 possibilities (0 or 1), and to guess all 256 numbers correctly, you need to try violently up to 2 times
How big is that number? 2 = 180 billion * 180 billion * 180 billion * 180 billion * 180 billion.
Such a huge number is impossible to crack with supercomputer brute force. Obviously, the black production team can't be so reckless.
The easiest way to do this is the second way: fraud through non-IT means, that is, communication to induce victims to pass security authentication and thus invade sensitive information.
Like telecom fraud, well-trained fraud gangs first create tension by deceiving calls. Then disguise a real platform SMS link or URL to send to your phone, as long as you click in and enter the account and password and other operations, sensitive data will be completely exposed to the fraud gang.
Image source: Wikipedia
Zhou Dong was lured into a disguised phishing website, entered an account number and password, and finally stolen.
According to foreign media reports, a number of NFT projects, including Boring Ape, were hacked on April 1, all of which released phishing information to induce users to leak data, but it is uncertain how many users were victimized.
Media investigations show that the attack on multiple mainstream NFT projects involved two cryptocurrency wallet addresses, and the assets stolen by the phishing attack eventually flowed to an unusually active cryptocurrency wallet address. The wallet has a total of 1447 Ether ($5 million in contract), 6 million Tether ($6 million in contract), and a large number of other cryptocurrencies.
The hot search on Jay Chou's NFT theft incident also proves that NTF revenue is very high, encryption means are also very advanced, but the cost of theft is extremely low.
3
How to prevent theft?
Even the best encryption methods can do social engineering. With the soaring price, the risk of being stolen by hackers is also increasing, and if you want to avoid losses, you can only rely on yourself to strengthen prevention.
First: Treat all kinds of packaging of the sky's most crazy website, to carefully screen, to ensure that the open url domain name is true.
Second: Given that the keys and mnemonics of a personal Crypto wallet cannot be modified, and the anonymity of the Ethereum address, once the key is compromised, not only can the wallet not be used, but you cannot find out who the hacker really is. It is important not to divulge keys and mnemonics.
Third: If your wallet is accidentally authorized on a fake website, cancel the authorization in time.
The most important thing to keep in mind is that the blockchain field is currently not protected by mainland law, and once it is stolen, no one can help you find it.
Audit Expert: Tan Jianfeng, a senior expert in the field of information security.
END
Tadpole stave original article, reprinted indicating the source
Responsible editor / A smoke and rain walk the rivers and lakes
Swipe left to view the new media communication system of the Beijing Association for Science and Technology