Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security

Banksy Was Warned About Website Flaw Before NFT Hack Scam (bbc.com) 29

Artist Banksy's team was warned his website had a security weakness seven days before a hacker scammed a fan out of $336,000. The BBC reports: On Tuesday a piece of art was advertised on Banksy's official website as the world-renowned graffiti artist's first NFT (non-fungible token). A British collector won the auction to buy it, before realizing it was a fake. A cyber-security expert warned Banksy that the website could be hacked, but was ignored. Sam Curry, a professional ethical hacker from the US and founder of security consultancy Palisade, said he first heard that the site could have a weakness on the social network Discord, last month.

"I was in a security forum and multiple people were posting links to the site. I'd clicked one and immediately saw it was vulnerable, so I reached out to Banksy's team via email as I wasn't sure if anyone else had. "They didn't respond over email, so I tried a few other ways to contact them including their Instagram, but never received a response." Mr Curry's disclosure, first reported by rekt.news was made initially by email on 25 August. The BBC was shown the email thread and has tried to contact Banksy's team several times, with no response.

Mr Curry says the website flaw -- which has now been fixed -- "allowed you to create arbitrary files on the website" and post your own pages and content. The new page, called 'Banksy.co.uk/NFT,' was deleted shortly after the auction, with Banksy's team saying: "Any Banksy NFT auctions are not affiliated with the artist in any shape or form." The British man who won the auction is a prominent NFT collector and Banksy fan known on Twitter as Pranksy. He said he felt "burned" when he was scammed out of nearly $340,000 in cryptocurrency coins, but was relieved when the hacker inexplicably returned most of the money to him by the end of the day.

This discussion has been archived. No new comments can be posted.

Banksy Was Warned About Website Flaw Before NFT Hack Scam

Comments Filter:
  • by 93 Escort Wagon ( 326346 ) on Friday September 03, 2021 @05:10PM (#61760857)

    ... are the primary target demographic for all NFT auctions.

  • by JaredOfEuropa ( 526365 ) on Friday September 03, 2021 @05:13PM (#61760867) Journal

    a prominent NFT collector and Banksy fan

    In other words, a mark. At least he got most of his money back, but even if he hadn't, or if the NFT had been "genuine", the end result would have been the same. He would have ended up with an entry on a blockchain representing... well, not a whole lot. If he plays his cards right, maybe some other mark will buy this NFT as one representing a work of art in its own right. Hey, it's Banksi, so it's all about gimmicks and reputation rather than actual art anyway.

    • by im_thatoneguy ( 819432 ) on Friday September 03, 2021 @06:10PM (#61761029)

      That's in no way different from any other copyright.

      If you pirate an MP3 or buy a license for the MP3 and download it... you end up with the exact same MP3.

      You can also buy a "limited edition" print of a work of art. Nevermind someone could just scan it... and print off a million more. Or a "First Edition" of a book. Same book usually.

      Artificial, endorsed, scarcity for art is nothing new.

      • by JaredOfEuropa ( 526365 ) on Friday September 03, 2021 @06:33PM (#61761107) Journal
        The difference between a print and an NFT is that you can hang the print on the wall, and in the long run I expect that will make all the difference. In contrast, an NFT is like a receipt for a work of art, and a digital one at that. In essence, an NFT is just a crypto coin with a serial number that has been arbitrarily assigned some meaning by an artist. “This coin represents ownership of a link to this painting (no, not the painting itself)”. An artist might just as well auction off physical dollar bills, the serial numbers being associated with his works of art. And if it were someone like Banksi doing it, there would be plenty of idiots buying them.
        • The difference between a print and an NFT is that you can hang the print on the wall, and in the long run I expect that will make all the difference.

          The difference between a physical item and a digital one stored on a distributed blockchain is that the physical item can be destroyed a lot more easily. In the long run, that will make all the difference.

          However, most NFTs are like most art, economically worthless. They have value only when treated like they have value, and this "NFT all the things!" craze will fade and stop perturbing values eventually. It won't be the end of NFTs, just the end of meaningless ones being profitable.

    • by e3m4n ( 947977 )
      future telephone santizers.

      The Golgafrinchan Ark Fleet Ship B was a way of removing the basically useless citizens from the planet of Golgafrincham. A variety of stories were formed about the doom of the planet, such as blowing up, crashing into the sun or being eaten by a mutant star goat. The ship was filled with all the middlemen of Golgafrincham, such as the telephone sanitisers, account executives, hairdressers, tired TV producers, insurance salesmen, personnel officers, security guards, public rela
  • Nope (Score:5, Insightful)

    by Aighearach ( 97333 ) on Friday September 03, 2021 @05:30PM (#61760903)

    "We sent emails to an address, and we posted comments on his publicist's instagram" isn't the same as, "[Person] was warned."

    They tried to contact a famous person, exclusively and casually via the internet, and did not receive any response. That is not the same as, "[Person] was warned."

    • Plot twist, Banksy was pissed about the flaw and decided to white hat hack his own site with a fake Banksy he made himself. The outrage got the problem fixed right away and he returned the money. But that wasn’t the 4th dimensional chess move, Banksy wanted to sell his first NFT without anyone even realizing it had happened while the actual first owner in history throws it away obliviously. Classic Banksy.
    • by Ichijo ( 607641 )

      "We sent emails to an address, and we posted comments on his publicist's instagram" isn't the same as, "[Person] was warned."

      Hmm, which definition of "warn" are you using?

      The definition I'm using uses the word "inform" which means "to give (someone) facts or information." Was Banksy given facts or information?

    • You do realize that Banksy hides their identity, so options are limited to the above sorts of measures, right?

    • What is wrong with using the information given in the "Contact Us" section of a website to warn someone of a flaw in the website? That seems entirely appropriate...

      • No. No it does not seem reasonable at all. On a small website, maybe. But a famous person? Those are usually PR links. You're going to have to either figure out who built the website and contact that company, or figure out the correct address to send a letter to the person's agent. Or otherwise contact their agent.

        And if you don't hear back, you didn't tell them anything yet.

  • "the hacker inexplicably returned most of the money to him" - so cybercrime is so easy now that criminals are engaging in "catch and release" just for the fun of it.

  • Ok, I'm gonna make bank(sy) on my newest invention:

    The digital NFT shredder.

    Look out art world, here I come.
  • Ironically, an NFT with this backstory will probably be worth even more than the hypothetical real thing. "Fake" is quite subjective here.
  • So noble! (Score:2, Insightful)

    by null etc. ( 524767 )

    So let me get this straight. A wealthy patron, who rather than donating to solve the world's problems, essentially wanted to purchase bragging rights to a piece of digital garbage on a half-assed, money-grab website, was spared the public embarrassment of losing hundreds of thousands of dollars, all because the digital thief had some moral code of conduct? That much money could have fed a village in Kenya for a decade. So much for the concept of Robinhood.

  • Great advertisement for the site.

  • From TFA:

    A cyber-security expert warned Banksy that the website could be hacked

    And what makes people think that Banksy or anyone from his team even understood what he was warned about? When someone speaks to you in Greek, it's understandable if you disregard it. Unless you're a Greek, of course.

Enzymes are things invented by biologists that explain things which otherwise require harder thinking. -- Jerome Lettvin

Working...