NFTs Explained: A Security Perspective

Lately, have become a popular topic of discussion in circles both inside and outside the crypto world.

You may have come across many stories in the news discussing the selling and buying of these digital assets for millions of dollars- including seemingly outrageous items such as the internet meme Nyan Cat, Dragon the CryptoKitty, and the first ever tweet on Twitter.

The peculiarity of these bids brings forward several questions about these digital assets. Is there a reason why people are willing to spend thousands of dollars worth of funds for them? What is the technology behind NFTs that ensures their originality?

Understanding the answers to these common questions is becoming more and more essential as NFTs continue to be a valuable part of the spaces we operate in. Let us try to increase our knowledge about NFTs by starting with the basics.

Breaking Down the Technology Behind NFTs

NFT stands for . This means that unlike physical money or even cryptocurrency, an NFT is one of a kind and can never be replaced or interchanged with another token.

You can mint an NFT by utilizing the standard. This can be understood as the minimum interface a smart contract must implement to allow unique tokens to be managed, owned, and traded. When someone creates or mints an NFT, they execute code stored in smart contracts that conform to this standard while also outlining ownership assignment and the transferability of the NFT when created.

Once the NFT has been created, It needs to be confirmed as an asset on the Ethereum blockchain and updated as an asset on the owner’s account balance. The ownership of the NFT is now verified, making it possible to be traded. The transactions outlining this are then added to a block, which must be confirmed by everyone in the Ethereum network before being added to the blockchain. Once this is done, two results become clear and unchangeable:

After an NFT has been minted, it can be traded with any other asset on the blockchain. Marketplaces like OpenSea facilitate these trades. You can own an NFT by buying it through a transaction made on the Ethereum blockchain. Here, you pay a certain amount of ETH or WETH in return for a digital certificate stating that you are the owner of this particular NFT. Later on, you can sell this NFT to someone else for a different price in the same way, though there can only be one owner of an NFT at a time.

Another important aspect to understand is metadata. Every NFT has a unique identification code as well as some information about the NFT that makes up its metadata.

Metadata can be stored on-chain or off-chain. refers to metadata which is represented within the smart contract which is on the Ethereum blockchain. This representation is preferred when owner of the NFT wants its metadata to stay there permanently regardless of the availability of the platform used to create it. On-chain metadata is also used when it may be necessary for on-chain logic to have access to the metadata to make any modifications.

, as the term suggests, refers to metadata not stored on the blockchain and is instead represented on an external platform. This is usually done when the metadata contains large files such as images or videos which are too large to be stored on the Ethereum blockchain. In this case, centralized servers or a peer-to-peer file storage system called is used.

Why Are NFTs So Valuable?

When a user pays thousands or millions of dollars worth of funds in exchange for a digital asset that seems more or less trivial, the reaction to his purchase is usually confusion. Why pay so much money for something that can easily be viewed, copied, or even downloaded with the click of a button?

The value of NFTs lies in the concept of ownership. Every time an NFT is “bought” or traded for some amount of ETH, the details of that transaction are maintained in a ledger on the Ethereum blockchain. This information, like everything else on the blockchain, is public to all users. It is also immutable, meaning that it can never be altered. Buyers of an NFT gain not just the token itself, but also a clear, unchangeable statement that they are in fact the owners of this NFT. In reality, this is what they are paying for.

Another reason why people may be drawn to buy an NFT is the possibility of earning more by trading it at a later date. Some NFTs have emotional sentiments attached to them, such as NFTs depicting video highlights in NBA history sold on the . In this scenario, you can buy an NFT as an investment, later selling it at a higher price to a die-hard fan of the sport or specific player.

Security Risks Involved

Recently, the discussion on NFTs in media has been largely focused on the astronomical prices they are selling for as users attempt to understand their origin and value. Surprisingly, there is little discourse on the possible security risks that a buyer of these tokens should be aware of before setting out to purchase one.

Theft

The most common security risk associated with NFTs is the possibility of theft. If the account of an NFT owner becomes compromised in some way, the attacker could easily sell the NFT they own to themselves on a separate address. The original owner would have no way of gaining back their asset or even proving that their asset had been stolen.

Vulnerability of Linked NFT Assets

As discussed previously, the storage limitations of the Ethereum blockchain make it so that some owners, particularly those possessing digital art as NFTs do not store their art on the blockchain itself. Instead, they store a link to the asset stored on an external platform. This is a common workaround to this problem, though it is also one of the most risky. If for any reason that platform were to collapse or be compromised, the owner of that NFT would essentially lose their entire asset.

Auctioning of Cybersecurity Exploits

We have seen NFTs for just about everything, including digital art, internet memes, and even real estate. Another clever use of an NFT is creating a token with code that points to a vulnerability of some platform that has yet to be attacked or resolved, known as a . The seller of this NFT is able to make money by selling it to either a potential hacker or someone racing to resolve the issue- whoever pays more.

The Bottom Line

The recent influx of people investing enormous amounts of money into NFTs has made everyone curious about what exactly these assets are as well as the value they contain. There also continues to be extensive debate surrounding this concept, with many skeptics claiming that NFTs were a bubble that would pop sooner or later. Regardless of how lucrative they are, however, it is true that NFTs do possess some security risks worth mentioning. Although not extremely dangerous, it should still be noted that understanding these risks is imperative for all traders intending to step into the NFT marketplace.

References

https://ethereum.org/en/nft/#ethereum-and-nfts

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
BlockApex

We exist to build trust in the web3 ecosystem by cultivating veterans that are experts in security, testing and audits. Visit the website: https://blockapex.io