Over the last few days reports emerged that hackers took over accounts of multiple users of Nifty Gateway, a digital art platform that lets people sell, buy, trade and display non-fungible tokens (NFTs or “nifties”), and stole hundreds of thousands of dollars worth of NFTs.
Over the weekend, several Nifty Gateway users complained on Twitter that they have been victims of fraud on the platform. According to one user, attackers compromised their account and then sold all of their NFTs and then bought more than $10,000 worth of NFTs and transferred them to another account. Another user said that their account was hacked to buy about $20,000 worth of art using a credit card attached to the account.
In some cases users reported that digital art stolen from their accounts were then sold through chat application Discord or Twitter. Furthermore, some users said that hackers weren’t booted out from their compromised accounts even after the password was changed.
Nifty Gateway acknowledged a security incident in a series of messages on Twitter, but said that the Nifty Gateway platform itself was not compromised.
“We have seen no indication of compromise of the Nifty Gateway platform. The Nifty Gateway team is communicating with a small number of users who appear to have been impacted by an account takeover,” the company said. “Our analysis is ongoing, but our initial assessment indicates that the impact was limited, none of the impacted accounts had 2FA enabled, and access was obtained via valid account credentials… We encourage our users to enable 2FA that we provide on the platform and never reuse passwords. ”