Recently, various attacks targeting virtual assets, especially NFT, have been occurring, threatening the NFT ecosystem. Interest in the NFT market began to get attention with the advent of CryptoPunks in 2017, and has been growing rapidly since 2020. The historic deal for NFT was an incident in which digital artist Beeple sold his NFT work at Christie's in March 2021 for $69 million. Since then, works from top NFT collections such as CryptoPunks and Bored Ape Yacht Club have sold for hundreds of thousands of dollars.
According to the 2021 Blockchain Trends report released by Chainalysis, the transaction amount for NFTs (ERC-721, ERC-1155) soared from $1.06 million in 2020 to about $44.2 billion in 2021. That's about 40,000 times more in a year. Trading volume briefly declined in February this year, but recovered in mid-April, with $37 billion already traded as of May 1, and the number of buyers and sellers continues to grow.
As hundreds of thousands of dollars of NFTs are traded between individuals, and buyers and sellers continue to grow, attackers are exploiting this and attacking through various channels.
NFT (Non-Fungible Token)
NFT is a unit of data stored in a blockchain, and refers to unique and interchangeable tokens. NFT can be used to represent photos, videos, audio, and other types of digital files, and act as a virtual certificate of authenticity to determine whether a work is copied, ensuring ownership of the digital artwork.
With the recent increase in interest in NFT, the market size has grown and the resulting transaction amount has also increased, drawing keen attention from cybercriminals seeking financial benefits. Attack targets targeted by attackers can be divided into three major targets, as shown below.