Nifty Gateway, the popular non-fungible token marketplace, warned in a statement that a small group of its users experienced “account takeovers.” Victims have claimed they either had their NFTs stolen or NFTs purchased using their credit card information and then stolen.
- In its statement Nifty said, “Our analysis is ongoing but our initial assessment indicates that the impact was limited, none of the impacted accounts had 2FA enabled, and access was obtained via valid account credentials.”
- Two-factor authentication (2FA) is not currently mandatory on Nifty Gateway, but that may be changing. 2FA is an extra layer of security that forces someone to provide two pieces of evidence proving his or her identity when trying to access an online account. Usually it comes in the form of a password and a unique code for one-time use.
- “A few users were targeted and got their passwords compromised,” said Nifty Gateway co-founder Griffin Cock Foster on Twitter. “In the meantime, make sure you have Authy 2fa turned on, it would have prevented this!! We are strongly exploring making Authy 2fa mandatory for anyone who has made a purchase, but no commitments there yet.”
This is a developing story and will be updated.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.