Menu Close

Crypto currencies and Non-Fungible Tokens (NFT) Threats explained

The threat landscape for crypto currencies and Non-Fungible Tokens (NFT’s) continues to evolve, but before we dive in, let’s pause for a moment and explain what an NFT is and how they differ from cryptocurrencies, as these digital assets are still a relatively new concept that not everyone has encountered yet, or gained familiarity with.

Crypto currencies are fungible (mutually interchangeable) assets, which means that they can traded directly, in the same manner as physical currencies. One bitcoin, for example, will always be worth the same value as another and can therefore be directly traded. The combined value of both bitcoins are variable against other currencies, both digital and physical, but the values of the two coins individually will always be isomorphic.

In contrast, NFT’s are unique digital assets and the value of each individual one can vary in direct comparison to another. They can relate to physical or virtual forms, and most are based on the Ethereum blockchain ledger.

Physical assets can include a painting, parcel of land, building or any other commodity.

At an individual level it has been suggested that they could eventually replace our passports and other similar identity documents.

NFT’s relate to any digital assets, such as digital photographs, collections of artwork, soundtracks, text and online gaming assets, such as avatars. All NFT’s will have the ability to capture ownership information, security and other unique information embedded in the metadata of each token.

Threat update

Even though crypto-assets are a relatively modern phenomena, the main threats and hazards to these assets still emanate from the same threat vectors, such as theft, fraud and deception. The theft of any NFT asset represents some quite challenging problems for the owner. The first challenge is who to report the theft to in a decentralised trading environment and what exactly can be done to try and recover the asset for the true owner.

It was reported in the media last month that the Bored Ape Yacht Club NFT Project, which enabled the creation and trading of digital artwork NFT’s, was hacked and thousands of NFT’s were stolen, with a combined reported value of USD $2.7 million. 

In this incident, the attackers were reported to have compromised the Bored Ape Yacht Club’s Instagram account, which was then used to publicise a fake “Airdrop”. This provided a link, that enabled hackers to gain access to the victim’s virtual wallets.

The security of blockchain ledgers is generally more secure, but this attack highlighted the vulnerabilities that exist in the use of social media accounts today and how they can be used to circumvent the security measures of core ledgers and databases. At the time of writing, it had still not been reported how the Instagram account was compromised, however it was confirmed that the account in question had 2 factor authentication enabled.

The war in Ukraine also appears to have impacted the world of cybercrime with the fraudsters using the situation to further exploit victims. Russian law enforcement agencies have reported that, since the introduction of sanctions against Russia, there has been a 58% surge in the volume of Ponzi, or pyramid selling, scams that are targeting individuals, both inside Russia and globally, by trying to leverage the fears of global financial turmoil that the sanctions against the Russian Federation are creating.

In addition to the risks of scams and thefts, as we’ve seen with crypto currency exchanges, there is also a risk that the hosting platform of the asset could close and cease operation.


The risks of theft and misappropriation of cryptocurrencies are well publicised problems, with numerous examples of such activities reported in media sources over recent years, and it appears that NFT’s are equally susceptible to the attack strategies and methods that are used to perform the attacks on the crypto currency assets. However, there are some fundamental issues in managing the identified risks. For example, the global insurance market for NFT’s is still developing, and playing catch up, to the evolving risks. The current value of NFT’s in circulation is estimated to be USD $41 Billion and just 2 years’ ago, the estimated total volume of NFT’s in circulation at that time was just 1% of the current figure. Only a handful of insurance firms are offering solutions to protect crypto assets and the highly volatile nature of the values which adds another layer of complexity to situation, especially when it comes to determining the exact value of an asset when it is stolen or lost.

We will continue to monitor this evolving picture and provide updates on the situation.


Kev Brear

Director of Consulting
Technology Risk

Speak to me directly by Email

Kev is a risk and resilience professional with proven expertise in the areas of risk management, cyber and information risk, business continuity and IT disaster recovery, crisis management and resilience. Kev has delivered strategic and operational solutions for the protection of organizations, people and assets.

To discuss how the above impact your business, feel free to get in touch with our team. We provide our clients with pragmatic advice and support to help them achieve a robust and defensible position.


Stay in control of your inbox

Register your details to receive our featured insights,
news and analysis covered by our Information Security team.

Stay up to date and discover how the requirements impact your business.