7 Most Common Methods Used by Hackers to Loot NFTs and DeFi

Quick Summary:

  • In 2021 alone, hackers looted the DeFi industry by stealing NFTs worth 12 billion dollars. NFT cybersecurity is already struggling as experts point out many loopholes.

Related: NFT Scam – All you should know about it and how to beware of it

NFTs are enjoying skyrocketing popularity and the ‘fad’ is not coming to an end as claimed by the critics. They are one of the many blockchain products which we invented around a decade ago. NFTs are even recent addition and thus prone to more hacks.

Defi and NFT hacks

In 2021 alone hackers exploited loopholes to break into the security and steal NFTs worth $12 billion. According to a report released recently, the DeFi industry also lost $260 milion to hackers. Not only this but over $540 million worth of crypto was hacked in the same year. However, it is evident that NFTs suffered a lot more than any other blockchain-based asset.

How hacker infiltrate NFTs?

Hackers are being creative every day and coming up with new methods to steal NFTs from the wallets.

·        Classic Hosting methods

Usually, NFTs are stored using classical methods. NFTs are media files that are stored online on servers. For instance, an NFT image will be stored online with an address like: www.domain.com/nft.png.

Since these assets reside on a server, the server owners can tamper with the data anytime. One of the famous NFT hacks was done using this. To avoid this, most of the NFTs use IPFS (Inter Planetary File System), a decentralized storage system, to host NFTs.

·        Scam by imitating wallets

Wallets downloaded from unofficial sources might contain hostile syntax to steal the users’ assets. Hackers clone web 3 wallets and drop their links on unofficial sources. These wallets are the same as the original wallets with the same interface except they do steal as soon as any funds arrive in them.

·        Hacking the social media handles

Considering an easy target, hackers target social media handles like Twitter and Discord to scam people by dropping phishing links and directing them to scam-minting websites. Recently, the Twitter account of an NFT was hacked to scam the same way. In a similar event, hackers hacked a Discord server to steal around $800,000.

Other hacking methodologies:

  • Exploiting Webhooks
  • Phishing attacks
  • Failed 2 FA
  • Centralized Keys


We are still living in blockchain infancy and even the blockchain veterans and top developers are learning from the mistakes. As hackers become more creative to steal people’s assets, developers and cybersecurity firms are struggling to save their users. However, it might take a few more years fully secure these digital assets.


more to read

OpenSea NFT Trading Volume Falls 99% In Past 90 Days

Follow NFT World News: Twitter, Instagram, Telegram, Tiktok, Youtube, Twitch


author: mnmansha

Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.