Fortnite

Crime in the metaverse is very real. But how do we police a world without borders or bodies? – The European Sting – Critical news and information on European politics, economics, foreign affairs, business and technology

Crime in the metaverse is very real.  But how do we police a world without borders or bodies?  – The European Sting – Critical news and information on European politics, economics, foreign affairs, business and technology
Written by ga_dahmani
Crime in the metaverse is very real.  But how do we police a world without borders or bodies?  – The European Sting – Critical news and information on European politics, economics, foreign affairs, business and technology
(Credit: Unsplash)

This article comes thanks to the collaboration of The European Sting with the world economic forum.

Author: Anna Collard, SVP of Content Strategy and Evangelist, KnowBe4


  • 25% of people are expected to spend at least an hour a day in the metaverse by 2026, but this exposes them to a huge amount of crime.
  • Children could be particularly vulnerable to crime, including theft of virtual assets or sexual and racial harassment.
  • The nature of the metaverse means that regulatory attention and a multi-stakeholder approach must be adopted now, as technology rapidly advances.

The concept of a metaverse, in many ways, is not new. Online multiplayer worlds like Second Life have been around for almost 20 years. Modern equivalents like Minecraft and Fortnite boast hundreds of millions of users and huge supporting economies.

In its most basic form, the metaverse describes the concept of a shared, persistent virtual space for meetings, games, and socializing. Gartner estimates that 25% of people will spend at least an hour per day in the Metaverse by 2026.

Driven by innovations in virtual reality, AI, digital currencies, NFTs, and blockchain, defenders of the metaverse see us moving through different and interoperable virtual worlds, taking our avatars and digital assets with us.

Whether blockchain-based technology will form an integral component of the metaverse infrastructure remains to be seen: blockchain and web 3.0 critics have been vocal about their concerns, and even giants like the Microsoft-owned game Minecraft announced that it does not support non-fungible tokens (NFT) nor the adoption of Blockchain technology. Minecraft cited a lack of alignment with the company’s values ​​of creative inclusion, as well as the threat of fraud and other security risks associated with the metaverse.

Regardless of what the underlying infrastructure will look like, the metaverse will be a myriad of technologies coming together like building blocks, each carrying its own risks. Security issues that already exist (scams, phishing, credential theft, tech debt, social engineering, espionage, vulnerabilities, misinformation, to name a few) will follow us into the metaverse. They could even be more harmful.

Crimes in the metaverse

As digital commerce in the metaverse grows in scope and scale, by some estimates, to $1 billion in annual revenue — Financially motivated attacks will increase in frequency and aggression.

These are some of the more obvious security concerns that we need to be aware of right now.

Social engineering

Social engineering techniques, such as phishing scams, are some of the most successful initial attack vectors used by cybercriminals today. Because exploiting the psychological vulnerabilities of individuals is so effective, social engineering will be a major challenge in the metaverse.

People are already being duped by phishing scams selling fraudulent NFTs, Metaverse Land Sales and Other Dodgy Web 3.0 Projects. a recent phishing scam impersonated by Decentralanda popular virtual world based on Ethereum, and tricked users into entering their private wallet keys, allowing scammers to steal users’ cryptocurrency.

In the metaverse, imagine phishing attacks using deep fake technology masquerading as trusted institutions or avatars.

We need standards that allow users to verify the authenticity of the organizations and avatars they interact with, without compromising people’s privacy. Organizations need to consider how to ensure verification of avatar identities and protect against digital identity theft. Users need to be made aware of how to identify social engineering attacks and how to protect the identities of their avatars.

Software and malware vulnerabilities

Malware targeting crypto wallets is already being used to steal cryptocurrencies, tokens, or NFTs from people. Cyber ​​extortion and ransomware are some of the most notorious and lucrative cyber threats. They can take different forms in the metaverse, but they will still be a serious risk.

A high percentage of attacks against current Web 3.0 platforms and DeFi protocols are possible due to vulnerabilities in the underlying software or smart contracts used. For DeFi protocols, in particular, the largest heists, according to Chainalysis Crypto Crime Report 2022they are usually the result of code vulnerabilities.

In addition to the vulnerabilities in the metaverse platforms, we also need to take into account the fact that virtual reality (VR) and augmented reality (AR) wearables are essentially small computers, with a large amount of software and memory that make them into potential attack targets.

Rutgers University-New Brunswick Research for example, it showed that VR and AR headsets could be hacked to steal sensitive information communicated via voice commands, including credit card data and passwords.

Patching bugs and vulnerabilities in platforms, smart contracts, and VR and AR headsets to protect against attacks and malware is an important security consideration.

Risks of immersive content

Trolling and sexual and racial harassment are issues right now across all digital and virtual reality gaming platforms.

This type of behavior has a long history in digital spaces, but the immersion of virtual reality means that it can be devastating to the psychological well-being of the victim. According to Common Sense Media, the risks for children are especially high. Children are likely to explore the metaverse before their parents, potentially exposing them to sexual and violent content without their caregivers’ knowledge.

VR worlds offer a number of tools to combat this, such as personal spaces and muting, blocking, and reporting bad behavior. Educating new users and vulnerable groups, such as children, on how to use these tools is key.

Preparing for the future of cybercrime

Organizations working in the metaverse should collaborate with their security and risk teams early on to identify what might be at stake and where potential vulnerabilities lie.

They must also properly train their developers on these risks and test applications thoroughly before they are released.

End users should be aware that engaging in any new technology makes them a potential target. People should become familiar with the threat of social engineering and common scams, as well as best practices on how to protect themselves, their digital assets, wallets, and identities.

Policymakers also have a key role to play in protecting people from metaverse crime. They must introduce regulations that protect vulnerable groups and consumers without stifling innovation.

We need to define how to enforce ethics, consumer protection and governance and define “virtual law enforcement”. Who can victims call? What jurisdiction applies? What is the resource?

These questions are complex and pressing. The only way we can answer them is by adopting a multi-stakeholder approach and forward-thinking and innovative policy measures that put security first.

About the author

ga_dahmani

Leave a Comment