Ferrari has announced plans to craft non-fungible tokens (NFTs) based on its cars, and some hackers have wasted little time in taking advantage. A subdomain of the car manufacturer was compromised and used to host an NFT scam several months after the official announcement was first made, but appears to have netted only a few hundred dollars in Ethereum before it was identified and taken down.
Ferrari falls prey to NFT scam shortly after announcing intentions to enter crypto market
At the outset of 2022, Ferrari inked a deal with Swiss blockchain developer Velas Network AG to develop NFTs based on premium vehicles and sponsored racing teams from throughout the company’s history (in addition to sponsoring Velas’ esports team). There has been some buzz about the NFTs, which are still in the works; some enterprising hackers were able to take advantage of this to leverage an NFT scam.
The breach was identified by ethical hacker and bug bounty hunter Sam Curry on May 5, who spotted the NFT scam running on Ferrari subdomain “forms.ferrari.com” and reported it to the company’s security team as well as publicly posting about it on Twitter. The scammers created a fictitious program called “Mint Your Ferrari” touting “a collection of 4,458 horsepower NFTs on the Ethereum network” and were accepting payments to a crypto wallet.
The NFT scam appears to have only been able to secure a little over $800 in payments before being shut down by Ferrari security, according to public records of the transactions tied to the wallet. The attackers, as of yet unknown, appear to have been slowly moving money out of the wallet over a period of days, down to a little over $100 remaining at this time.
Ferrari has simply taken the subdomain offline to thwart the NFT scam, and it remains down at present. A follow-up investigation found that the attackers used a flaw in Adobe Experience Manager to break in.
Ferrari metaverse plans, security reputation unlikely to be impacted by NFT scam
While a compromise based on a known vulnerability is never a good look, Ferrari’s reputation for security is unlikely to take a substantial hit from the NFT scam given that the incident was defused quickly and the amount stolen was relatively trivial. The company has a fairly strong history of cybersecurity given that it is in possession of valuable internal engineering data and technical information, as well as a prestige brand name that can be leveraged in scams such as this one.
The only major incident of this nature for the company on record was a 2007 theft that involved old-fashioned espionage; former high-level Ferrari employees stole information that was passed on to competing racing teams. The McLaren racing team was ultimately fined $100 million for its involvement in the scheme, the largest fine in sports history.
That is certainly the desired outcome for Ferrari, which just announced its plans to develop a Metaverse presence in March. Details are still vague, but Ferrari has announced that it has set up an exploratory department to develop plans for blockchain functions as well as potential gaming and social media elements. In 2021, the company struck a deal with widely used gaming development engine Unreal and introduced one of its cars to the popular online game Fortnite in July of that year, creating a virtual version of the Ferrari 296 GTB that players can drive.
First announced as an initiative by Facebook CEO Mark Zuckerberg in mid-late 2021, the Metaverse is something that the company is all-in on (to the point of rebranding as Meta). Opinions are still very divided on exactly how much impact it will end up having, but some brands are committing to it early. Thus far that has mostly taken the form of virtual shopping experiences and product demonstrations, but some are rushing to partner with video game development companies. All of those things would appear to be a natural fit for Ferrari, which offers an exciting product that most people would love to take for a test drive but very few will ever actually have access to.
Ferrari has licensed its name and vehicles to a number of game developers dating back nearly 20 years, but its most direct involvement with this sort of product would actually make a great deal of sense as something to revive for the Metaverse: the 2010 release “Ferrari Virtual Academy,” which brought players online to play on servers hosted by Ferrari. Since it was online-only, the game became unavailable when it was discontinued by Ferrari and the servers were shut down in 2015. The game allowed players to take a variety of virtual Ferrari cars out to racetracks and compete against other online players for the best lap and race times on a variety of circuits.