The growth of the metaverse emphasizes the need to address the cybersecurity challenges posed by this new multimedia environment.

It is increasingly likely that the metaverse will be subject to cyberattacks that pose a real risk to both the companies that choose to be active in the metaverse and the users who access it.

It is estimated that the metaverse will account for one percent of the global economy, which could reach USD8-13 trillion by 2030, according to investment bank Citi[1]. Precisely because of this growth, it is increasingly likely that the metaverse will be subject to cyberattacks that pose a real risk to both the companies that decide to be active in the metaverse and the users who access it.

What is the metaverse?

The metaverse refers to a digital universe that is the result of multiple technological elements that include virtual reality and augmented reality. The idea is that within the metaverse users can access it through 3D viewers, and have “virtual” experiences. In fact, it is possible to create realistic avatars, for example through NFT, meet other users, or perform all those actions that we perform in a “disjointed” way on the Internet in a single platform, being able even to create a real estate market.

Suffice it to say that, the famous Bored Ape Yacht Club brand, already known for the well-known bored monkey collection of NFTs, announced the launch of an original metaverse, Otherside, geared toward gamification with a decentralized structure, effectively forming a link between the metaverse and the real estate market that led to the sale of about 55,000 NFTs, each sold for 305 Ape Coins, making each lot worth an average of USD6,000. This virtual land sale triggered one of the highest spikes in transaction fees on Ethereum.

The metaverse, then, requires the simultaneous use of many technologies where augmented reality, cloud technologies, IoT, and artificial intelligence combine to be functional, and where there is also the possibility of creating a unique economy through cryptocurrencies and NFTs.

Cybersecurity challenges and metaverse 

Given the technologies involved, the risk of being a victim of cyberattacks in the metaverse is very high. Moreover, the simultaneous use of such different technologies, as well as the collection of countless amounts of data, both personal and non-personal, and the use of blockchain, make the use of systems to monitor and prevent cyberattacks highly complex, compared to what happens in the virtual or real world. For example, there are dozens of cases of sale of counterfeit works or products in the decentralized world: a counterfeit product remains on the blockchain for eternity and there are no ways to delete it from the blockchain.

While we assume that phishing activities may experience a sharp increase with the metaverse, it is also possible that:

  • Identity theft: threat actors, through the information found online and in the metaverse, could resort to user identity theft, for example through avatar theft;
  • Cryptocurrency theft: threat actors could take possession of the wallets and access keys of users in the metaverse, performing irreversible actions.

However, the main cybersecurity concern in the metaverse must be directed toward personal data (moreover, as in the real world), which will be the main target of attack by threat actors. Just consider the biometric data released by users to take advantage of devices such as AR/VR, devices that allow to switch from virtual reality (VR) to augmented reality (AR) that use the user’s biometric data to allow access within the metaverse.

Companies will need to prepare in advance to prevent these types of attacks and ensure that their security systems are safe and secure and free of vulnerabilities that could cause serious damage not only the companies’ own economy and reputation but also users. In this context, however, there remains a lack of regulatory regimes that, as soon as possible, should be put in place so as to ensure the protection of the metaverse and its users.