The NFT space can feel like information overload at times, so we’ve cut through the noise to deliver you a curated dose of what matters most. Your all-in-one weekly companion.
Headline News - NFT Projects Lost $22M to Largely the Same Hackers on Discord
It’s another CryptoPunk that claims this weeks highest NFT sale, ETH had a brief lull before bouncing back hard and fast, UniSwap is on fire, Yuga Labs is hit with a class action lawsuit and both Japan and Dubai surge forward into the NFT/metaverse space. You can dive into these stories and many below.
In keeping with our two-part look at security within the NFT space (covered in depth in the Talking Point section below, and last week), I thought we’d highlight some recent findings by TRMLabs, a Digital Asset Compliance & Risk Management firm, who’s been delving into the NFT hacks of the past year or so.
They found that in May alone over $22M of NFT assets were stolen. They reported that cyberattacks linked to NFT minting scams deployed via compromised Discord accounts subsequently increased by 55% in June 2022 compared to the previous month. Their research also seems to suggest that a wider network of hackers are at play, originating from North Korea and China.
For the full article by the amazing Decrypt team, please click here.
Curated News - the best bits of the past week
BIGGEST NFT Sale: CryptoPunk #8595 for 145ETH
Yuga Labs ‘inappropriately induced’ BAYC investors: Class action
FTC Sues Meta to Stop Facebook Parent From 'Owning the Entire Metaverse'
Madonna ‘Hellbent’ on Buying $1.3M Bored Ape Yacht Club NFT—Now Deemed ‘Too Expensive’
Coinbase released ‘THE DEGEN TRILOGY: PART ONE’. Watch here.
Educational: Top 20 Best NFT Marketplaces to Buy & Sell NFTs
Educational: What Is Stepn? The ‘Move-to-Earn’ NFT App That Pays You Crypto to Exercise
Maybe Something - things we’re keeping an eye on
The free mint project The Potatoz saw the highest volume of sales of any project over the past week. Isekai Meta and [Ledger] Market Pass - Genesis Edition were two other new collections which saw large volumes.
Former COO of Proof, Ryan Carson, tweeted that to make his 121G.fund
more accessible, he’s reducing the minimum investment from $72.5k per quarter to $10k.
Goblintown.wtf hints at a merch drop via a tweet. And announces “Baiting”, starting on 29th July. To qualify you must hold both a goblintown.wtf and mcgoblin.wtf NFT.
MoonCats partners with TheDefiMons. See tweet here.
New Cool Cats characters coming this Friday? Seems likely
Historical Insight: The GENOFLIGHT card, part of the Spells Of Genesis NFT collection, is the rarest of all the SoG collectibles, with only 87 in circulation, after 917 were burnt. (Warning: Be very careful when purchasing. There are fake ones on OpenSea. Seek advice if you’re unsure).
Talking Point - Security Measures: Part 2
Last week we took a look at preventative measures users can take in the fight against cyber attacks aimed at compromising NFT wallet security.
This week we’ll take look at some of the tricks and scams hackers are employing to steal users’ assets, in the hope of raising awareness and preventing further attacks. Below are some examples.
Discord DMs - These are plentiful, and come in many guises. The hacker usually sends a user an unsolicited DM impersonating a community leader of an NFT project. This occurs most readily immediately after joining a projects Discord channel. The DM will likely have a malicious link in it, often telling the user they’ve won early access to a special mint, a giveaway or something similar.
Compromised Discords - On numerous occasions over the past year, Discords or their administrators have been compromised. In this instance, hackers tend to post malicious links in announcements channels (usually claiming a stealth mint is happening) which if connected to, can potentially drain user wallets.
Compromised Twitter/Instagram accounts - This is similar to the above, whereby if compromised, hackers can post illegitimate, malicious links in the hope that unsuspecting users connect their wallets, and they can steal the contents. This famously happened to BAYC’s Instagram account earlier in the year.
Email phishing & email downloads - This is the same as normal email phishing. The quality of the scam emails is getting increasingly more convincing though. The best thing to do is never open any attachments in any emails, and instead, if you think it’s legitimate, visit the companies website, and navigate to the relevant section from there. I don’t open any email attachments at all any more. You can also check the sender info to check if the email address is as expected.
Smartphones - Personally, i don’t conduct any NFT/crypto work on my smartphone. The main worry with smartphones (aside from the other things mentioned in this list) is that you may connect to public WiFi connections in bars/restaurants or the like. This makes you more vulnerable to attacks, especially if you store passwords on your phone (which you should never do).
Malicious websites/links - This is one of the most prevalent attack vectors and is related to almost all other things on this list. Hackers are generally trying to get you to click a link, connect your wallet and encourage you to approve malicious transactions which drain your assets into their wallets. Always be extremely cautious on clicking any links or connecting to any websites unless you 100% certain it’s safe.
NFT interaction hacks - Some hackers employ a tactic whereby they send NFTs into your wallet, and once you transact with them (put them for sale, transfer them etc.) they will ask for permissions that allow the hacker access to your assets, or simply drain your wallet. Do not interact with any NFTs that randomly appear in your wallet. Most are automatically hidden, but not always.
Transaction approval hacks - This one is related to most other things too, but this is the single most important thing to be cautious of, because once you approve a malicious transaction there’s very little you can do to rectify the situation afterwards. (See Metamask update info below on this)
OTC issues - This is not a hack as such, but people are often scammed by doing OTC (Over The Counter) deals with strangers, whereby one party sends the asset, and the recipient never sends back the agreed fee for it. Or vice versa. You can use trusted third parties in many cases to ensure things don’t go awry, but there’s even incidences where these “trusted” third parties are in on the act too. Exercise extreme caution in any situation.
Tricky bidders - Again, this is not so much a hack, but instead a sneaky attempt to trick users. In this instance, the tricksters will bid in DAI as opposed to ETH, in the hope that the seller doesn’t notice the currency difference, and accepts the DAI bid. For example, the floor price of a collection is 3ETH, a trickster will bid 4DAI. If the seller accepts, they’ve just sold their asset for 1/1200th of its actual value (based on ETH at $1,600).
This is not a complete list of all hacking techniques, but does provide a very good overview of the most common ones. Essentially, be very wary of clicking any links and connecting your wallet to websites, especially when you’re receiving the information from an unsolicited source.
Also, if you see something that seems too good to be true, it likely is. It’s always best to seek confirmation from multiple sources when trying to ascertain if information is legitimate or not. Check the projects Discord, Twitter, Instagram and their website. Don’t FOMO in on a “stealth launch” or the like without being absolutely certain it’s genuine.
In response to recent issues experienced in the Premint hack, Metamask has released update 10.18.0 which addresses the much-needed emphasis on knowing when a transaction is requesting "Set Approval For All". You can see improvements on the images below.
Slowly but surely, the constant improvements with regards to asset security means it will become harder and harder for hackers access our NFTs. Until then, we need to ensure new users are appropriately informed on how to safeguard their assets in this nascent industry, to ensure continued growth isn’t hampered by a mistrust in the technology.
An IRL Experience - NFT Expoverse
A lot of peoples interaction with the NFT space is conducted online, but there’s nothing better than getting involved in real-life events/conferences with like-minded enthusiasts. Over the coming days, between 29th and 31st July, NFT Expoverse provides exactly this.
NFT Expoverse is a mass adoption blockchain event intended to bring together collectors, artists, developers, industry professionals, gamers and game designers, sports fans, and all NFT enthusiasts to showcase the latest developments and innovative ideas in a networking setting.
You’ll get a glimpse into a future dominated by technologies that will change our very notion of reality. Learn about the inevitable widespread impact of NFTs, blockchain, and Web 3.0, while joining a network of visionary artists, tech experts, and entrepreneurs.
Tickets range from $150 for a day pass up to $1,500 for a VIP all-access 3-day pass. Students can get a healthy discount on the general admission 3-day pass, paying only $150 instead of the standard $250 rate.
The conference will take place at Los Angeles Convention Center, 1201 South Figueroa Street, Los Angeles, CA 90015, and tickets are still available to buy here.
This type of conference is an invaluable opportunity to network and hear leaders in the space discuss the potentials within the industry. There will also be access to exclusive NFT drops for attendees. Go along if you can. You won’t be disappointed.
ZenAcademy and 333 Club Noticeboard
Regular Event Reminders
Join poker nights via our Discord. Events held weekly, with prizes to be won.
Weekly Movie Nights are going strong. See more info here. This week is Disney & Pixar’s Soul.
As a ZenAcademy member you get exclusive access to periodic market health statistics in the Discord content channel.
As part of the ZenAcademy community you’ll also have free access to the Misfit Robot Discord, and several of their “Members Only” rooms. ZA believes mental health support should be accessible to everyone. Check them out here: https://discord.gg/misfitrobots
Season 2 of the ZenAcademy Trivia Challenge has started up again. Click here for more info.
Irregular Events and Info
Zeneca’s latest Newsletter is now out, entitled ‘Impossible Expectations’. Click here to read the full article. Also includes a closer look at Proof, Moonbirds and Oddities.
It’s been a whole year since the ZA Discord server was set up and Zeneca started inviting people in. There’s currently a giveaway to win a ZenAcademy Genesis token . Click here to visit the Discord link and enter.
Zeneca released another educational video in collab with InPeak entitled ‘Mastering Art Block NFTs’. Check it out here.
The latest edition of ZenChats is now available. It’s about ‘Learning Web3 development’, with guest star Hashlips. Click here to watch.
Episode #48 of Two Bored Apes, called ‘Hacks, Spiders, Tomatoes and a Giveaway’ is available on YouTube. Click here to watch.
The FIRST ZenAcademy sponsored "Global-Local" Meetup will be taking place in Singapore. Community members click here for more details.
333 Club x Prysm collab announced. As part of this collaboration, Prysm gave the 333 Club free early access to their Season 2 Squads NFT. CPG Club, Friends With Benefits, and Proof are some of the other partner communities that have been selected. Another value add for the amazing 333 Club community.
Zeneca tweeted a post-mortem about his Twitter account hack. Read the full thread here.
ZA announced a long-term partnership with Roo Troop! Roo Troop is a collection focused on developing the first on-chain job marketplace.
A ‘global-events’ channel was launched in the ZA Discord to help facilitate IRL meet-ups amongst the community. Click here for more details.
Our GITBOOK is now live! It is a repository for all of the information relating to ZA (our values, the team, our partners, perks, and plenty of helpful resources). You can visit it by clicking here.
Nothing in this or any other ZenCaps publication should be construed as financial or investment advice. The views and opinions expressed in ZenCaps publications do not reflect those of Zeneca_33 or the ZenAcademy.
Always exercise caution within the NFT space and adhere to best practices when it comes to making any investments. There is plenty of potential, but this comes with inherent risks.
Stay safe, and as always, good luck.