HONG KONG: Risks involving non-fungible tokens (NFTs) and the metaverse are among key security threats to look out for in Hong Kong in 2022, according to the government-run cybersecurity watchdog Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT).
It warned that as the value of cryptocurrencies continues to climb, criminals could steal sensitive user information or access their accounts to hijack money, either at the point of transaction or where it is stored.
The HKCERT said that last year it handled 7,725 information security incidents, with 48% being phishing scams, a 7% increase from 2020. Phishing, a common type of online scam, occurs when someone posing as a legitimate entity tricks users into opening a link that could steal their information.
NFTs, digital assets whose ownership and uniqueness are verified by blockchains, have become mainstream around the world, with people snapping up digital artworks and cartoon avatars for millions of dollars.
The metaverse, a concept that refers to an imagined immersive virtual world where digital representations of people can interact with each other like they do in real life, also took off over the past year, driving an investment frenzy.
NFTs, which allow people to own and trade digital assets, are expected to drive the metaverse economy. Both attracted greater attention from the public as the Covid-19 pandemic supercharged the expectation that even more activities will move into the digital realm.
A vibrant community of NFT and metaverse enthusiasts have formed in Hong Kong, Asia’s financial and art trading hub, where regulators have been slow to catch up with the rapid development of cryptocurrencies. Artists are adopting cryptocurrencies to sell their artworks as NFTs, and countless cartoon avatar projects are vying for people’s money and attention.
The space also became fertile ground for fraud and scams, with victims having little recourse.
NFTs and the metaverse involve the storage of new types of virtual assets, large volumes of transactions and data exchange, whose security issues are expected to receive greater attention this year, the HKCERT said in an article published last week.
In December, popular NFT project Monkey Kingdom, founded by entrepreneurs in Hong Kong and promoted by celebrities such as JJ Lin and Steve Aoki, lost nearly US$1.3 million worth of cryptocurrencies from its community after the project’s administrator account was hacked.
So-called rug pulls, where a project’s team disappears with investors’ funds, are also common occurrences. About US$2.8 billion was lost to rug-pull scams across NFT and decentralised finance projects around the world last year, according to market data tracker Chainalysis.
It is hard for buyers to properly assess the market value of an NFT as the space is still in its infancy, said Charles To, partner at law firm Ellalan in Hong Kong.
And because of the blockchain’s anonymity, it is often impossible to ascertain the identity of the counterparty, making it extremely difficult for buyers to seek recourse in case of fraud, he added.
Regulations need to strike a balance between protecting the public and hampering the growth and adoption of technologies, while regulators need to educate the public on the risks involved in trading NFTs, To said.
Last month, the HKCERT recommended a series of measures investors should take to protect their NFTs. They should always carefully verify senders’ identities and links, for instance, and consider using a combination of internet-connected crypto wallets and hardware wallets to store their NFTs.