This week we saw an increase in the number and frequency of account takeover attacks (commonly referred to as ATOs) against Nifty Gateway’s users. To be clear, the Nifty Gateway platform remains secure. We would, however, like to use this moment as an opportunity to raise awareness about ATOs within the NFT community.
The following guidance highlights the steps members of our community can take to protect their accounts and shares some of the security features we’ve deployed on Nifty Gateway.
How exactly do ATOs of online accounts occur?
An ATO occurs when an attacker obtains a user's valid email and password, often by breaching other unrelated services and then trying the same email and password combination across a variety of sites, including Nifty Gateway. Therefore, it is important to practice good security hygiene by never reusing the same password for more than one service. This means that the password you use for Nifty Gateway should be unique and not used for any other service.
How can you prevent ATOs?
In addition to never reusing a password, you should always enable two-factor authentication (2FA) on Nifty Gateway and any other service you use. Our customers can reference our website for instructions on how to enable two-factor authentication.
We have also deployed improvements to our platform to further mitigate similar attacks. The most impactful change we made is prompting users to perform email verification before performing sensitive account actions.
In the coming weeks and months, the team plans to roll out further enhancements to help mitigate the impact of ATOs. This includes mandatory 2FA for high risk accounts, additional controls to mitigate potential misuse, and continued focus on raising awareness around account security in the NFT community.
We also recommend users avoid negotiating trades outside of the official Nifty Gateway marketplace. Transactions occurring off-platform present significant counterparty risk and lack the security controls offered by the Nifty Gateway marketplace.
Our goal is to help educate all our users and engage our community wherever you may be on your security journey. We will continue to increase awareness of security best practices, including the risks of password reuse, and the importance of 2FA to the Nifty Gateway community. Coupled with the new controls that are planned, we’re excited to continue to make the platform even stronger for all our users.
Onward and Upward,
Duncan and Griffin Cock Foster
Nifty Gateway Co-Founders