Malicious Non-Fungible Tokens (NFTs)
This whole presentation at Black Hat Europe Arsenal 2023 features a small section of a Capstone Project titled "Web3 Vulnerability Assessment & Penetration Testing." This project was undertaken in collaboration with Ensign Infosecurity as an integral component of the Singapore Institute of Technology's (SIT) Integrated Work Study Programme (IWSP). The project was executed by Jubilian Ho Hong Yi, a final-year student pursuing the Bachelor of Engineering with Honours in Information and Communications Technology (Information Security). The Capstone Project is a major individual project that is to be undertaken by the student that utilises the technical capabilities, professional skills and the academic knowledge obtained during the course of this degree programme. The project has to be of reasonable complexity and allows scope for the student to demonstrate the various aspects of software engineering and information security. As the capstone project will be carried out concurrently with the student’s placements, hosting organisations may also propose capstone projects which may lead to actual industrial usage.
Web3 stands as a dynamic technology harboring significant potential for diverse business opportunities and applications. As web3's technological landscape continues to evolve, malicious actors are similarly driven to explore novel and innovative methods to exploit these technologies. A notable example of such exploitative endeavors involves the realm of Malicious NFTs.
The session at Black Hat Europe Arsenal 2023 examined the evolving Web3 landscape and its profound implications for cybersecurity. Exploring the realm of Web3, including NFTs, decentralised blockchains, and decentralised finance (DeFi). We highlighted both the opportunities and the inherent vulnerabilities demanding cybersecurity attention. Their insights emphasised the critical need for validating website legitimacy before connecting crypto wallets, exercising caution with free/promotional NFTs, and championing data hygiene within blockchain development.
Authors / Contributors:
- Jubilian Ho (Ensign InfoSecurity)
- Seow Chun Yong (Ensign InfoSecurity) - Work Supervisor & Mentor
- William Ye (Ensign InfoSecurity) - Work Supervisor & Mentor
- Woo Wing Keong (Singapore Institute of Technology, Senior Lecturer) - Academic Supervisor