LoginID offers FIDO2 biometric authentication that is free for small businesses and startups. Get started today HERE.
NFTs Are Exploding in Popularity, Scope, and Value
NFTs or Non-Fungible Tokens have exploded in popularity over the past couple of years generating over $23 billion in trading volume in 2021. This is a meteoric rise from a total volume of just $21.7m a year earlier in 2020.
Several factors can be attributed to this tremendous growth in NFT popularity, including, but not limited to, the overall growth of the crypto space. The NFT space has also seen celebrity involvement from the likes of Tom Brady with his Autograph NFT marketplace and Eminem with a massive $462k purchase of Bored Ape Yachtclub NFT. Luxury brands like Gucci and Dolce & Gabbana have also done NFT releases.
Another exploding sector of the NFT space is the Metaverse, a virtual reality space where users can interact with one another and purchase virtual items and even property for their avatars. Virtual real estate sales in the Metaverse were valued at over $500 million in 2021 and are projected to double to over $1 billion in 2022.
Not to be overlooked, the play-to-earn and learn-to-earn gaming space is also growing in popularity especially in places like the Philippines and Indonesia. The basic concept of play-to-earn is that gamers actually own the rewards they earn while playing the game. These virtual items can be bought or sold with other players, creating a virtual economy. Companies like AAG Ventures, who currently use FIDO2 biometric authentication, are even seeing some players earning most or their entire income playing their games.
With value and volume in the billions, NFTs, along with the entire crypto space, has become a prime target for hackers looking to steal and scam digital assets away from their rightful owners. Outdated security measures and ever evolving fraud schemes are at the heart of the issue. Instituting stronger real time fraud prevention measures like FIDO2 passwordless authentication and transaction confirmation with biometric digital signatures can help stem the tide of thefts.
NFT Thefts are on the Rise
On Feb 19, 2022 hundreds of OpenSea users' NFTs were stolen by hackers in an apparent phishing attack. The total value of these NFTs is estimated to be around $1.7m, a significant haul.
Fraudsters emailed OpenSea users fake links that would move their NFT listings to a new contract system. This new contract system was a scam that allowed the hackers to remove the NFTs from their rightful owner’s digital wallets at will.
This is just the latest in a string of thefts targeting NFT marketplaces and their users in the past few months. In early January 2022, an art gallery owner had $2.3m worth of NFTs removed from his digital wallet without his permission by hackers. This could have been prevented if his digital wallet had a biometric transaction confirmation requirement for any NFT transfers into or out of the wallet.
NFT Scams are on the Rise
In addition to thefts of investors legitimate NFTs, there are also many false listings that are impacting artists as well. Digital artist Louis van Baarle found over 100 listings of her art on OpenSea, none of which she listed herself.
After the success of Beeple’s $69m NFT sale on Christie’s, OpenSea did away with their anti-fraud and plagiarism checks in order to facilitate the ease of listing. As a result, it is incredibly easy for a bad actor to take a screenshot of a famous artist’s digital work, create an NFT, and sell it without the artist’s permission or compensation.
Many NFT enthusiasts consider those types of NFTs to be counterfeit or stolen, but the issue is still rampant. The problem is that policies and regulations have not caught up to the technology, so no one is sure what sort of protections or consequences there are in the NFT space.
Biometric Authentication for NFT Investors and Artists
With NFTs clearly becoming a prime target for hackers and scammers, now is the time to add additional real time fraud prevention and security measures to marketplaces, digital wallets, postings, and transactions. There are many who have been victimized by these scams and thefts and are calling on the industry to enact stricter protection measures while regulators play catch up.
One of the simplest, fastest, and most effective means of accomplishing this would be to integrate LoginID’s FIDO2 biometric authentication solution. Powered by the FIDO protocol and public key private key cryptography, LoginID offers multiple SDKs that can be integrated in a sprint cycle instead of the traditional 12 month build to connect to FIDO. LoginID also offers OpenID Connect (OIDC) and a Wordpress plugin that can be installed in as little as 5 minutes.
How FIDO2 Biometric Authentication Works
When a user registers a new account or wants to add biometric authentication to their current account, they will be prompted to enter the biometric that is native to their device (fingerprint or face scan). Going forward, the user will then be able to authenticate and access their account with their biometric, using the exact same mechanism they use to unlock their phone or device already.
The biometric never leaves the device and is not shared with LoginID or the NFT marketplace, digital wallet, website, or app. This ensures that whoever is accessing the account is in fact who they say they are. Passwords are frequently stolen, biometrics are not.
Transaction Confirmation with Biometric Digital Signature
The prime way hackers have been stealing these NFTs is by gaining access to an investors digital wallet and then transferring their NFTs out without the owner’s permission. Instituting LoginID’s transaction confirmation protocol into digital wallets could prevent this all together by requiring a biometric digital signature for any NFT transfer out of the wallet.
Even if a hacker were able to get into the wallet, they would not be able to move the NFTs out of it without the proper biometric authorization. A marketplace could also require this prompt before a purchase of an NFT is made, acting as a payment authentication and creating an indisputable digital receipt of every transaction.
If NFT marketplaces are interested in supporting copyrights and protecting artists’ creations they could enact a policy that any upload from an artist include a biometric signature as well. This ensures that the artist creating and uploading the initial NFT is the artist and not a scammer stealing their work.
Check out our developer documentation HERE](https://docs.loginid.io/) or click [HERE to get started for free. You can also check out our tutorial here to see our solution in action.
