November 21, 2022
At CUJO AI, we like to play with new technologies. And even though we have provided machine learning-based 0-day phishing protection since 2019, we do not stop there and continue to improve our solutions. One new feature we recently rolled out is protection against Web3 and NFT-related scams.
At the moment, tens of millions of homes are protected by CUJO AI Sentry, and an analysis of a small sample of malicious sites we block showed that ~0.5% of new, previously unknown phishing threats are related to Web3 scams, which is much more than we expected!
What Is an NFT Anyway?
What Is an NFT Anyway?
NFT stands for Non-Fungible Token. What makes NFTs hip and unique is that people can prove they own a specific NFT thanks to complex cryptography and math. By default, an NFT is just a unique number attached to a smart contract on the blockchain. If you don’t know what these words mean, think of the blockchain as a database (a slow, distributed, but secure database) and smart contracts as stored procedures running on the database.
Nowadays, NFTs are often linked to images of animal or human characters with different combinations of elements (eyes, mouth, clothes, hats, backgrounds, etc.), often put together in a totally random, computer-generated way. Someone who collects these NFTs can see them in their local software wallet (like Metamask) or on an online NFT trading platform like Opensea.
Even though the NFT and cryptocurrency market crashed multiple times recently, each of the pictures in the screenshot below are still worth at least 58.1 ETH (73,671 USD) as I write this on November 14, 2022. Whether these NFTs are really worth that amount of money is up for discussion, but that’s what their market price is.
NFTs in Danger
In case you’ve missed it, I highly recommend checking out our latest blog post about NFT scams as a service, it is a very good example of the NFT/Web3 scamming ecosystem. The tl;dr version is that even though NFTs are safe from a cryptographic point of view (as long as the owner keeps their private keys safe), malicious actors can still trick the owner into transferring the NFT to their wallet.
It is pretty similar to what can happen if you sign a contract without understanding its consequences.
But, unlike in the real world where you are likely to keep your house if you can prove you have been scammed, things are immutable on the blockchain, meaning that what is lost is lost. There is no court that can give your NFTs back.
How big is the risk? Well, surprisingly, NFT scamming is a huge business. For example, this is what an NFT scammer spent 47,500 USD on:
You can read a long thread about how scammers from France are making millions of dollars by stealing NFTs here.
The most effective way for scammers to convince users to connect their wallets to fraudulent Web3 sites is through hacked Discord servers.
What Can You Do to Protect Your NFTs?
If you own or plan to buy NFTs, it will not be easy to protect your NFTs while engaging with the community and participating in new airdrops or free mints.
What we recommend is the following:
- always take your time, and never rush into things – scammers always try to induce the feeling of urgency, don’t fall for it,
- if you can, use a new burner wallet every time you engage with the community,
- use a hardware wallet to store your NFTs,
- see more tips for protecting NFTs in my presentation.
CUJO AI Protection Against NFT Scams
We also offer an extra layer of seamless protection to millions of subscribers at Comcast, Charter, and TELUS, among others. As subscribers browse with the Sentry module enabled, whenever their home router connects to a previously unknown website, the URL/domain name is sent to our backend for analysis. The machine learning algorithm rapidly analyses the website and, if it finds it suspicious, the connection to that URL is blocked. All of this happens seamlessly in the background, without using any private data.
As I’ve noted in the introduction, a recent sample of our data showed that at least 0.5% (20 out of 3,500) of new phishing threats were related to Web3 scams. It is likely that the actual percentage is higher, as the blocked URLs were re-accessed and analyzed up to 5 days after their discovery – some of the sites may have been offline by then, as phishing websites tend to be short-lived.
Just last month, Sentry stopped a total 60,415,885 attempts to open malicious URLs, which include phishing websites discovered by our machine learning algorithms, as well as known spam, malware, and phishing sites. Our protection extends to mobile phones, notebooks, and desktop computers, no matter what operating system they are run. As long as you are on a protected network or using CUJO AI On The Move to protect mobile devices across all networks, you are a lot safer.
If you are not sure whether your internet subscription includes protection from CUJO AI Sentry, contact your internet service provider.
We wish everyone a happy and safe experience on the Web2/3.