hit counter

Metaverse Threat Prediction: Is it going to be Metaverse?

The term “metaverse” was first used by Neal Stephenson in his 1992 cyberpunk novel Snow Crash. It describes a virtual world that can be explored using avatars and offers players a fully immersive experience. Today we see similar worlds in massively multiplayer online role-playing games (MMORPGs) like Roblox, Minecraft, Fortnite, Second Life and others, but these games are nowhere near the immersive experience described in Snow Crash.

The modern metaverse concept consists of several independent and connected virtual spaces. Therefore, it is impossible for a single company to build the entire metaverse alone. An optimistic estimate would be that the full-fledged Metaverse is five to 10 years away from full deployment. However, we expect the market to see more Metaverse-like applications over the next three to five years. Some already exist, like Decentraland and Crypto Voxels, as well as games like Minecraft and Second Life.

Current Metaverse-like applications are primarily designed for gamers and not the general population. In the future, we expect daily tasks like remote work, entertainment, education, and shopping to be done in next-gen Metaverse-like applications. Of course, many of these applications share cyberspace, and this will eventually transform into a single metaverse as the underlying technology (hardware, software, network infrastructure, and ubiquity) matures. In this shared space, users can easily switch between applications and access the Metaverse using a variety of hardware.

But the metaverse will also attract its own taste of crime. We will examine this in the following blog and accompanying research paper.

But first, what is the Metaverse?

There are many differing opinions as to what it is and how it fits into the bigger picture of the internet. To aid our research, we created a working definition for the metaverse:

The Metaverse is a cloud-distributed, multi-vendor, immersive-interactive operating environment that allows users to access it with different categories of connected devices (both static and mobile). It uses Web 2.0 and Web 3.0 technologies to provide an interactive layer over the existing Internet. As suggested, it is an open platform to work and play in a virtual, augmented, blended or augmented environment. This is comparable to existing MMORPG platforms, but while each MMPORG represents a proprietary single virtual world, the Metaverse will allow players to seamlessly move between virtual spaces along with their virtual assets. The Metaverse isn’t just a platform for human users; It will also be a communication layer for smart city devices, allowing humans and AI to share information.

Essentially, it will be the Internet of Experiences (IoX). However, we anticipate that our definition will evolve as the metaverse concept evolves.

What threats are affecting the Metaverse?

It is difficult to predict cyber threats for a product area that does not yet exist and may or may not exist in the form we envision. With this in mind, we’ve gathered ideas to refine our understanding of the metaverse and identify threats to and within the metaverse.


Much has been said about the use of non-fungible tokens (NFTs) in the Metaverse. NFTs are unique units of data stored on the blockchain that can be sold and traded. NFT data can contain hashes or links to digital files such as text, photos, videos, and audio to verify ownership of digital assets. NFTs regulate asset ownership but do not store assets, exposing users to ransom payments or other threats. If the files are encrypted by ransomware, the owner of the NFT cannot access the files. Worse, if the underlying blockchain is vulnerable to Sybil attacks, the asset can effectively be stolen.

Scammers can also clone an NFT by subtly changing a few bits of data in the “protected” file and essentially selling the same digital assets. The asset servers can also be manipulated, as Moxie Marlinspike showed, by changing the content returned from the URL stored in the NFT.

Another security issue concerns the transfer of assets. Moving digital assets between metaverse spaces can incur costs due to verification and also because incompatible assets need to be “converted” for use on a technologically different platform. Wealth brokers are used for this, but scammers posing as wealth brokers can scam users.

Before best practices and rules are established, virtual trade routes could resemble the Wild West. If deeply rooted in blockchain technology, it will essentially be an unregulated market with no defined government or legal entity to help in case of fraud. Existing attacks such as phishing, drive-by downloads and others can also be more effective due to the sense of trust this interactive space instills.

The Darkverse

Much like the Dark Web, the Darkverse will be an anonymous space for malicious users to interact with. The pseudo-physical presence mimics real spaces used for clandestine meetings, making it suitable for criminals to facilitate their illegal activities. Conversely, it could also be a safe space for free speech against oppressive entities or governments.

Darkverse worlds could be set up to only be accessible when the user is in a specific physical location – this protects closed Metaverse communities. Location-based and proximity messaging will make it harder for law enforcement agencies (LEA) to intercept Metaverse data.

The Darkverse is particularly problematic because serious crimes like child pornography are already a big problem on the internet. These offenses are poorly defined in legal terms and are very difficult to monitor by LEA in virtual spaces.

financial fraud

The high volume of e-commerce transactions in the Metaverse will attract criminals who will try to steal money and digital assets. A new digital economy (using Bitcoin, Ethereum, real money, PayPal, electronic transfers, etc.) will operate in the metaverse, with exchange rates controlled by the free (and possibly deregulated) market. This will be a prime target for market manipulators. A pure Metaverse company, not subject to any jurisdiction, could avoid income taxes. Ponzi schemes and securities fraud can fall victim to Metaverse investors. Intertwined digital currencies, digital assets and fiat money systems may cause collapses like the Terra/LUNA cryptocurrencies in 2022.

Digital currencies are great for receiving money, but if a user gets scammed or there are transaction issues, the issuer faces complex financial issues, possibly at the regulatory level. If a user is scammed or robbed, it is nearly impossible to get help, file complaints, or take legal action when using decentralized digital currencies.

In the Metaverse, we can expect fake endorsements, endorsements, and investments to artificially increase the value of digital assets. For example, the value of virtual “land” is highly dependent on perception, which can be manipulated by many factors.

Social Development

Social engineering describes a set of malicious human interactions designed to trick users into making security mistakes and revealing sensitive information. Scams that use social engineering are more successful when malicious actors have detailed information about their targets. In the Metaverse, operators can perform accurate sentiment analysis using personal information such as eyes, body, voice, motion tracking, etc. This data is all collected and can be stolen or misused.

Criminals or state actors will seek out vulnerable groups of people who are sensitive to certain issues and then drop targeted narratives to influence them. The Metaverse is ideal for criminal deepfakes, as the combination of language and image becomes a powerful expression of opinion (and a tool for manipulation).

Metaverse operators must also be wary of intruders attempting to pose as official avatars to mislead Metaverse users. Deep fakes may not be necessary as an avatar’s assets can be easily collected and cloned. If someone poses as the official avatar skin, they can enter a Metaverse room and wreak havoc, reflecting badly on the impersonated company.

Criminals can also use the Metaverse to pose as doctors and provide false medical advice to patients in return for payment. In broader scams, fake news worlds can be created and used as VR honeypots to gather information, and malicious advertisers can sell trojanized digital products.

The Metaverse transcends physical boundaries, so people will be easily exposed to global scammers and social engineering crimes will be exacerbated.


The next evolution of augmented, blended and virtual reality will be the Metaverse. Through the use of new technologies, it will offer users a fully immersive experience: the Internet of Experiences. The user will get the impression that he is taking part in real events.

The metaverse is an additional Internet layer that aims to provide a connection that is transparent to all devices. However, developers don’t seem to heed the advice of those with decades of experience and design when it comes to security and privacy. Everything should be done to prevent the metaverse from becoming an abusive, dangerous space infested with criminals. Developers should include technical and social safeguards from the start. Without these safeguards, the metaverse will potentially be a more dangerous space than the internet already is: it will be metaverse.

Leave a Comment