Fighting cybercrime in metaverse 

As more money enters the metaverse, the more hackers will try to take advantage of everyday crypto users.
Fighting cybercrime in metaverse

The metaverse promises to be a revolutionised digital world unlike any we’ve experienced before. The cybersecurity challenges that come with it will also, likely, be different from anything we’ve seen before because of the explosion of devices and infrastructure that’s going to accompany it. The sudden and significant increase in apps and data is going to expand the attack surface for bad actors by a significant amount. 

As more money enters the metaverse, more hackers will try to take advantage of everyday crypto users. If metaverse platforms fall short on security and privacy before they take off, then it’s going to prevent the technology from being widely adopted. This article predicts some of the major security concerns that the metaverse and web3 is likely to pose. 


According to last year’s Q4 2021 brand phishing report, the metaverse platform Roblox ranked 8th as the most imitated brand for phishing attacks during the quarter. This was the first time a metaverse platform has made it to the top ten of this list. This is especially concerning since 50% of Roblox’s user base is under 13 years of age. 

Subscribe to our Newsletter

Join our editors every weekday evening as they steer you through the most significant news of the day, introduce you to fresh perspectives, and provide unexpected moments of joy
Your newsletter subscriptions are subject to AIM Privacy Policy and Terms and Conditions.

Brand phishing involves bad actors pretending to be partners or representatives of a brand and sending carefully crafted fake emails. The objective is to convince victims of the authenticity of the email so that they click on malicious links or attachments included in it. This opens the path to infiltrating their accounts and system and stealing their personal information or banking credentials. 

As the popularity of the metaverse continues to grow, one can assume that brand fishing attacks will increase in frequency. 

NFT scams

NFTs are central to the function of the metaverse economy, and NFT scams have been everywhere since the start of the new year (when global NFT sales jumped over the $4 billion mark). 

One of the most common NFT scams is Discord hacks, in which fake minting links are posted on the announcements channel of a Discord server (which is a decentralised, online network of chat room servers). The message will offer a deal that seems too good to be true, like claiming a sold-out collection is releasing additional NFTs as a surprise. 

Other times, a fake Discord link could ask for a victim’s seed phrase—which is a sequence of confidential words used to access a crypto wallet. 

Malicious smart contracts 

According to billionaire entrepreneur and crypto proponent Mark Cuban, smart contracts are going to be the most likely source of crypto-related fraud—as well as deliberate omissions, underhanded actions, and lack of clarity from users. 

Since anyone who has the know-how can create a blockchain, there is a danger of bad actors creating intentionally vulnerable smart contracts. The purpose would be to draw victims to enter into smart contracts that can be easily exploited. The blockchain creators would exploit the market by taking control of a large share of the blockchain’s coin supply, thereby artificially inflating the coin’s value as the available supply to other investors drops. They would then put up their holdings for sale before the market can respond. 

A bug in a smart contract is also particularly difficult because transactions on a blockchain can’t be undone. The only solution is to build a new blockchain for users to switch over to. 

Vulnerable AR and VR glasses 

The essential use of VR or AR glasses in any functional metaverse is also likely going to be a significant hindrance to user privacy and security. Not only do these devices collect large amounts of user data (including biometric information), but the metaverse is likely going to increase the modern demand for user data. 

AR devices collect a lot more information on who the user is and what they are doing than any social network or another form of technology. This means that if hackers gain access to the device, the potential loss of privacy would be extensive. At the moment, it’s not that difficult for hackers to substitute a user’s AR for one of their own—since established transmission generation and transmission mechanisms are still in the process of being developed. The potential unreliability of content also makes it possible for hackers to garble a user’s perception of reality by creating fake signs or displays that bait them to perform actions that benefit the hackers. 

VRs collect highly private information regarding the user, such as biometric data (such as retina scans), fingerprint data, face mappings, and voiceprints. Neither VR nor AR tracking data can be made anonymous, because the movements of individuals are completely distinctive. This presents a serious problem if VR devices are hacked. As with AR devices, hackers can inject features into VR platforms that trick users into giving away crucial information—thereby creating scope for ransomware attacks. 

Srishti Mukherjee
Drowned in reading sci-fi, fantasy, and classics in equal measure; Srishti carries her bond with literature head-on into the world of science and tech, learning and writing about the fascinating possibilities in the fields of artificial intelligence and machine learning. Making hyperrealistic paintings of her dog Pickle and going through succession memes are her ideas of fun.

Download our Mobile App

MachineHack | AI Hackathons, Coding & Learning

Host Hackathons & Recruit Great Data Talent!

AIMResearch Pioneering advanced AI market research

With a decade of experience under our belt, we are transforming how businesses use AI & data-driven insights to succeed.

The Gold Standard for Recognizing Excellence in Data Science and Tech Workplaces

With Best Firm Certification, you can effortlessly delve into the minds of your employees, unveil invaluable perspectives, and gain distinguished acclaim for fostering an exceptional company culture.

AIM Leaders Council

World’s Biggest Community Exclusively For Senior Executives In Data Science And Analytics.

3 Ways to Join our Community

Telegram group

Discover special offers, top stories, upcoming events, and more.

Discord Server

Stay Connected with a larger ecosystem of data science and ML Professionals

Subscribe to our Daily newsletter

Get our daily awesome stories & videos in your inbox