Ferrari website hacked, used to push NFT scam that builds on official announcement

Ferrari announced plans to create non-fungible tokens (NFTs) based on its cars, and some hackers were quick to take advantage. An automaker subdomain was compromised and used to host an NFT scam several months after the first official announcement, but appears to have only earned Ethereum a few hundred dollars before it was identified and taken down.

Ferrari falls prey to NFT scam shortly after announcing plans to enter the crypto market

In early 2022, Ferrari signed an agreement with Swiss blockchain developer Velas Network AG to develop NFTs based on high-end vehicles and sponsor racing teams from across the company’s history (in addition to sponsor the Velas esports team). There has been some buzz about NFTs, which are still in the works; some enterprising hackers were able to take advantage of this to take advantage of an NFT scam.

The breach was identified by ethical hacker and bug bounty hunter Sam Curry on May 5, who spotted the NFT scam running on the Ferrari subdomain “” and reported it. reported to the company’s security team and posted it publicly on Twitter. . The scammers created a fictitious program called “Mint Your Ferrari” touting “a collection of 4,458 horsepower NFTs on the Ethereum network” and accepted payments on a crypto wallet.

The NFT scam appears to have only been able to secure just over $800 in payouts before being shut down by Ferrari security, according to public records of wallet transactions. The as yet unknown attackers appear to have slowly withdrawn money from the wallet over a period of days, down to just over $100 remaining at that time.

Ferrari simply took the subdomain offline to thwart the NFT scam, and it currently remains down. A follow-up investigation revealed that the attackers used a flaw in Adobe Experience Manager to break in.

Ferrari metaverse plans, security reputation unlikely to be affected by NFT scam

While a compromise based on a known vulnerability is never attractive, Ferrari’s reputation for security is unlikely to be seriously harmed by the NFT scam, given that the incident was quickly defused and the amount stolen was relatively insignificant. The company has a pretty solid cybersecurity history given that it is in possession of valuable internal engineering data and technical information, as well as a high-profile brand that can be exploited in scams like this. -this.

The only major incident of this nature for the company on record was a theft in 2007 that involved old-fashioned espionage; former high-level Ferrari employees stole information that was passed on to competing racing teams. The McLaren racing team was ultimately fined $100 million for its involvement in the scheme, the biggest fine in sports history.

That’s certainly the desired outcome for Ferrari, which just announced plans to develop a Metaverse presence in March. Details are still vague, but Ferrari said it has set up an exploratory department to develop plans for blockchain functions as well as potential gaming and social media elements. In 2021, the company struck a deal with widely used game development engine Unreal and introduced one of its cars to the popular online game Fortnite in July of that year, creating a virtual version of the Ferrari 296 GTB. that players can drive.

First announced as an initiative by Facebook CEO Mark Zuckerberg in mid-late 2021, the Metaverse is something the company is all about (to the point of renaming itself Meta). Opinions are still very divided on the exact impact this will end up having, but some brands are getting on board early. So far, this has mostly taken the form of virtual shopping experiences and product demos, but some are rushing to partner with video game development companies. All of these things seem like a natural fit for Ferrari, which offers an exciting product that most people would love to take for a test drive, but very few will have access to.

There has been some buzz about Ferrari’s metaverse projects, which are still ongoing; some enterprising #hackers have been able to take advantage of this to leverage a #NFT #cryptoscam. #cybersecurity #respectdataClick to tweet

Ferrari has licensed its name and vehicles to a number of game developers for nearly 20 years, but its most direct involvement with this type of product would actually make a lot of sense as something to revive for the Metaverse: the 2010 version “Ferrari Virtual Academy”, which allowed players to play online on servers hosted by Ferrari. As it was online only, the game became unavailable when it was discontinued by Ferrari and the servers were shut down in 2015. The game allowed players to take a variety of virtual Ferrari cars to race tracks and compete against other players online for the best lap and race times on a variety of circuits.

Leave a Comment

%d bloggers like this: