In these instances, the users themselves were compromised, not the entire platform, they claim; at least one user separately confirmed on Twitter that they hadn't enabled two-factor authentication on their Nifty account, which would have prevented someone from stealing their passwords and logging in as them.NFTs have received a surge of popularity lately, as more people flock to buy and sell art on marketplaces for cryptocurrency. Last week, the rights to an audio sex tape of rapper Azealia Banks and boyfriend Ryder Ripps sold for $17,000, and the artist Beeple sold an NFT at auction for $69 million. NFT owners buy them as a show of solidarity within their art community, or in the hopes that these collectors items will grow more valuable in time. One user said on Twitter that they're filing a police report and calling their credit card company to dispute the charges—when your credit card is compromised, banks often offer help through their fraud protection departments, to recoup any lost funds. I asked Nifty whether the company has policies in place for when this type of fraud happens—as well as whether it plans to make 2FA mandatory in the future—and will update if I hear back."We have seen no indication of compromise of the Nifty Gateway platform. The Nifty Gateway team is communicating with a small number of users who appear to have been impacted by an account takeover. Our analysis is ongoing, but our initial assessment indicates that the impact was limited, none of the impacted accounts had 2FA [two-factor authentication] enabled, and access was obtained via valid account credentials. We encourage our users to enable 2FA that we provide on the platform and never reuse passwords.
We have seen some reports that NFTs involved in these account takeovers were sold in transactions negotiated over Discord or Twitter. We strongly encourage all Nifty Gateway customers to purchase their NFTs on the official Nifty Gateway marketplace."