“Digital Security” Reveals the Vulnerability of NFTs

With unique metadata codes stored on the blockchain, NFTs are a creative way to prove ownership of digital files, and as a result, many NFTs have become unique digital assets with value potential. By the end of 2021, the NFT market size has exceeded $40 billion.

However, as lucrative digital assets, many NFTs contain only a URL to where the actual data is stored, often on a centralized server that is vulnerable to hacking, making them vulnerable to increasingly sophisticated attacks.

Hacked NFTs

About a year ago, hackers attacked Nifty Gateway, one of the most trusted NFT marketplace platforms in the industry. Attackers targeted Nifty Gateway accounts that lacked dual authorization and stole thousands of dollars worth of NFTs. Hackers transfer NFT ownership into their own assets, preventing legitimate owners from taking back their digital assets.

Since that shocking attack, NFT scammers and hackers have become more rampant. The Nifty Gateway digital art theft cost collectors and creators thousands of dollars; the latest attack has cost hundreds of thousands of dollars. As the NFT market grows, so will the losses from NFT scams and attacks.

Last month, attackers stole 245 NFTs worth $1.7 million from OpenSea, another well-known NFT marketplace. Using smart contracts, the attackers transferred NFT ownership from legitimate OpenSea accounts to their own. Since the target of the attack has already signed the contract, the theft becomes a transfer of authorization on the blockchain. Once again, the original owner of the NFT may not be able to take back ownership.

Why are NFTs so fragile?

Crypto enthusiasts tout the inherent security of blockchain, as data that has been entered into a block cannot be changed or deleted. In other words, once a transaction is recorded on the ledger through a smart contract or other means, it is permanent and publicly visible.

Blockchain technology should prove NFT ownership, so how can hackers steal NFTs?

Digital assets become NFTs when minters add their digital asset identifiers to the blockchain. This process is called “minting”. Digital images are not really NFTs until this process happens. But minting NFTs on the blockchain consumes a lot of energy. Miners charge a one-time upfront “gas” fee to cover the cost. Gas fees will fluctuate and may range from 3% to 15% based on a percentage of the NFT’s initial and secondary sale price.

Storing NFT data on the blockchain is expensive, which is why many NFT minters do not put NFTs on-chain. But the future of investment lies in digital assets, minting NFTs on the chain can maximize security, and the on-chain fee should be a cost worth paying.

Why do we need to protect NFTs on the chain?

Imagine buying an NFT, using it as your avatar, and then suddenly finding it disappeared. Where did it go? The marketplace where you purchased this image is closed or has been removed from the marketplace’s website. If you don’t pay miners to mint your NFT, it will be governed by that market.

Regarding the security issues of NFTs, centralized platforms such as OpenSea or Nifty Gateway will be more prominent. In order to interact with digital images, where creators and collectors buy and sell NFTs on these digital marketplaces, what is usually stored on the blockchain is just the image’s identifier, such as its address on the blockchain or the image’s hash, while Not the actual image file.

Digital assets stored on many centralized platforms are only minted at the time of purchase. This method, known as NFT “lazy minting”, is more affordable for NFT creators. At the same time, this approach also exposes digital assets to a huge risk of theft. The real value of NFT comes from its assimilation with the blockchain. The creators of NFTs who submit NFTs without on-chain casting are essentially digital files that are not protected by the blockchain, which poses a security risk for collectors to upload digital files and obtain timestamps on Ethereum or other public chains.

In addition, the “inert casting” of NFT has also exacerbated the plagiarism problem faced by traditional artists. NFT marketplaces that embraced “lazy minting” became a haven for scammers who could steal digital artwork from online galleries, websites, and social media accounts, and then create dozens of copied NFTs just waiting for someone to buy it. NFTs have great potential to protect artwork ownership, but “lazy minting” completely defeats that goal.

Although “lazy minting” has many benefits, including being more affordable for creators and solving the problem of paying high gas fees for NFTs that no one buys, if a hacker steals the data before it’s added to the blockchain For digital assets of value, the savings from “inert minting” may be a drop in the bucket compared to the losses creators may face. Therefore, the upfront cost of storing NFT data on-chain is worthwhile, especially to ensure the provenance of digital asset ownership.

Posted by:CoinYuppie,Reprinted with attribution to:https://coinyuppie.com/digital-security-reveals-the-vulnerability-of-nfts/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2022-03-21 09:12
Next 2022-03-21 09:16

Related articles