Identity theft in Metaverse. What if your avatar is hacked?

8 min read
Identity Theft In The Metaverse

In this blog, you will learn about the risks associated with metaverse, and the safety protocol.

I don’t have a VR headset and I still haven’t bought my NFT avatar yet so why should I care? Well, as someone who raises funds for my own startups (, leads fund-raising activity for fellow entrepreneurs (, and manages investments for my own family office into deep tech startups (deeply risky) ( , I can assure you that it is never too early to learn about mitigating risk. Risk is all about opportunities and threats, real and virtual, success and failure, yin and yang. If you are interested in digital assets, digital success, and how to navigate the Metaverse, then the corollary is that you have an interest in mitigating risk. Mitigating risk is the underlying reason for my involvement as co-founder of Neptune Mutual.

Meta Criminals#

We all know that there is a growing appetite for creating digital assets in the Metaverse, and that these assets have both tangible and intangible value (…brand, image etc.). We also know that whilst blockchain offers many advantages in terms of security, the rise in the use of smart contracts opens up opportunities for embedding code within these contracts that can be used for illicit and illegal activity, or so-called exploits.

In our everyday Universe we read about cyber criminal hacks and exploits on a regular basis; the most recent being Badger DAO that suffered a 120m USD exploit. It seems reasonable to expect, with all the money pouring into Metaverse projects, that cyber criminals will be attracted into this space; one might call them Metacriminals. We should expect our carefully chosen avatar identity to be at risk to Metacriminals, not to mention our portfolio of virtual property, tokens and our other Metaverse assets.

Cyber Crime#

Digital assets are often held by customers that do not want to be identified; combine this with the challenges of demonstrating a loss and the assessment of claims, and you can quickly see that the use of traditional discretionary insurance is both inefficient and unreliable. Add to this the difficulty of defining and communicating what is, and is not, covered by an insurance policy, and you have a recipe for a lot of upset insurance policy holders, hit by the double whammy of loss from a protocol exploit, followed by the realisation that the heavy insurance premiums they had been paying to cover such a circumstance are not going to pay-out to cover their loss.

Referring to the Badger DAO hack and the reaction of the protocol insurer, Stephen Palley, a partner at the law firm Anderson Kill tweeted:

"As someone who spent years suing insurance companies when they failed to pay valid claims, color me shocked, absolutely shocked, that insurance ‘on the blockchain’ is the same old story,”

Neptune Mutual is a startup that is proposing an alternative solution to financial protection against hacks and exploits. Unlike traditional insurance which requires a customer to have suffered a loss to an asset, and then make an individual claim which is then assessed, Neptune Mutual is developing a de-centralised parametric cover platform. With parametric cover, individuals or entities that purchase cover do not need to identify themselves through a KYC process, and they do not need to hold an asset or suffer a loss, and, most importantly, they do not need to make an individual claim in the event of an incident. One can think of parametric cover like a hedging instrument, although in the first version of Neptune Mutual’s platform the principal risks covered will be technical as opposed to financial, that is to say risks of hacks and exploits as opposed to risks associated with price movements or other financial risk.

The nature of parametric cover, including the avoidance of a claims assessment process, make it a scalable and reliable solution for protecting digital assets. For this reason, Neptune Mutual is attracting interest as a solution to protect against Metacrimes.


Companies are already investing heavily in Meta Assets. Adidas, for example, has just spent over 200k USD on Bored Ape Yacht Club #8774, Indigo Hertz.

Investing in static NFTs is just the very start for companies looking to shape their Metaverse brand image. Athlea AI, backed by Mark Cuban, is a company that envisions smart NFTs that can converse and become progressively more intelligent through the use of data analytics and AI. A number of NFT avatars are minted with smart contracts that provide their holders with special access rights to virtual clubhouses.

But what if your smart avatar has had its contracts audited? No need to bother with paying for policies to protect against hacks, right? Well, that would be nice, particularly given the cost of smart contract auditing, but unfortunately recent history suggests that smart contract auditing has its limits. CertiK is a leading smart contract audit firm and just raised 80m USD in a Series B2 round at a valuation of nearly 1 billion USD. There are a growing number of examples of protocols, such as bZx and Lien finance that have been audited by well-known audit firms, but that have, none-the-less, suffered from hacks and exploits. bZx suffered from three different attacks in 2020, the first two involved the use of external protocols whilst the third attack took advantage of an internal protocol flaw causing a loss of 8m USD. Examples such as these suggest that smart contract audits are insufficient, by themselves, to protect your protocol or the assets of your customers.

As NFTs progress in sophistication, it is likely that opportunities for exploits will grow, and we will no doubt see a range of apes, avastars, cats, rats, ducks, and punks being held to ransom in a wave of Metacrime.

There’s More at Stake than Your Intelligent Ape#

…. er yes … like your customers?
An outage blacks-out the virtual world in which your company is active, and your customers’ accounts get emptied; some of them may have chosen to take out parametric cover to protect themselves against this type of event, others may not. What is your contingency plan to restore your customers’ confidence in your brand? Your reputation will be made, or lost, based on what you do to support your customers when their metaworld collapses.

Creating your own cover pool with Neptune Mutual allows you to attract liquidity that can be used to cover both your customers, and your company, should a hack or exploit arise. Once the community has validated that an incident has occured, all cover policyholders are paid without exception: no claims assessment, no discretion, no discrimination and no delay.

Of course the Metaverse will be a multitude of Metaworlds, and this means your Intelligent Ape could be travelling to different worlds across different blockchain protocols: one minute exploring space inStar Atlas (on the Solana blockchain), and the next minute, buying a property in The Sandbox, a virtual world backed by Softbank, running on the Ethereum blockchain.

In this context, how do you protect against risks associated with hacks and exploits when your avatar is literally walking across bridges from one blockchain world to another? This is where the underlying flexibility of the cross-chain solution proposed by Neptune Mutual aligns to the open cross-chain nature of Metaverse. Cover protection is created in dedicated cover pools for specific projects (and blockchains), and in this way it is possible both to ring-fence the different risks associated with different projects and blockchains, whilst policy holders have the option of creating a combination of cover policies to meet the different metaworld projects they are exposed to.


So where does one go in the Metaverse to get financial protection against the risks of hacks and exploits? Neptune Mutual is already working with Metaverse partners to embed its cover protection solution directly into Metaworlds. Back in our Universe in the context of CeFi and DeFi, Neptune Mutual’s solution is already being embedded directly into exchange, custodian and other Neptune Mutual cover partners’ websites using the Neptune Mutual SDK. This white label solution allows Neptune Mutual partners to create their own parametric cover liquidity pools, bootstrap liquidity for these cover pools from within their own community of users, and use this liquidity to provide financial protection to those in the community who take out cover policies directly from the partner website. Cover Creators can both provide liquidity to cover pools as well as take out their own cover policies to provide capital in the event of an incident; this payout could be used to mitigate losses incurred by its clients.

Corporate entities work in a world in which the rules are familiar: IFRS, GRPD, Copyright, SEC/FCA/ESMA, and of course KYC and AML. So how are you going to explain to your company accountants and auditors that you are buying virtual digital assets … with tokens? Boards of Directors govern corporations by taking measured risks. So when you take that step of proposing a marketing strategy to enter the rather unfamiliar space of Metaverse, you should expect the “what if” questions that will surely follow. It is undeniable that Metaverse represents new opportunities, but your Board of Directors will recognise the corresponding risks and want concrete plans to mitigate them. Finding guaranteed methods of protecting your corporates’ virtual assets will be key to building confidence both internally and externally in real world blockchain projects as well as virtual Metaverse projects.

In unfamiliar territory it is important to protect your interests. Paying for protection is easy, but understanding what protection you are actually covered for can be less obvious, as many Badger token owners have discovered as previously mentioned. Neptune Mutual’s parametric cover provides guaranteed pay-out for all cover policy holders in the event that an exploit or hack is validated by the community. In a Metaverse full of risks, guarantees are hard to come by.

So Metaverse may look good, but when things turn bad and ugly, there’s no sheriff to run to. Make no mistake, for corporations, the Metaverse is the Wild West. As a certain Clint Eastwood once [nearly] said:

If you want a guarantee, buy a toaster … [or Neptune Mutual cover].’

So the Metaverse is the Wild West, you have armed yourself with Neptune Mutual parametric cover. You are ready for anything … you know you want to say it:

“… go ahead CyberPunk, make my day”.