New

Hacken is launching a monitoring tool. Get details and join our beta program

More

Guide: Cybersecurity For NFT Projects

Guide: Cybersecurity For NFT Projects
  • Discover
  • cybersecurity
  • guide
  • nft

7 Apr 2022

The popularity of NFTs – Are NFTs mainstream now?

Non-fungible tokens or NFTs have gained considerable popularity in 2021, but before then it was a blockchain technology sitting on the fringes. Due to popular culture, NFTs found their first widespread application as digital certificates of ownership of images and videos which became a craze. At the time of writing one of the most popular NFT collections – Bored Ape Yacht Club – has a floor price of 96.68 ETH or $248,844 USD. The floor price is the lowest amount of money you can spend to become a member of a project (own an NFT) i.e the cheapest option to buy into the project. Famous artwork by Banksy has also been sold as an NFT for millions. 

The NFT use case extends far beyond that of avatars and visual media, but at this stage, they have breached the mainstream because of it. Most people now still don’t know what an NFT is, but many more people at least know of its existence. As a result, the interest in understanding NFTs has been growing. The possible use cases for NFTs have expanded vastly from when they first started gaining popularity. These digital certificates are used from representing in-game items to representing digital credit with which a loan can be taken. However, in terms of security, the learning curve, and accessibility NFTs still have a long way to go. 

What are NFTs?

Traits of Non-Fungible Tokens:

Indivisibility

NFTs were originally created to be indivisible, this means that to own the item you need to purchase the whole item. So when an NFT is purchased it cannot be divided into smaller tokens. 

Recently though, fractional ownership has become a new avenue for NFTs, especially concerning real estate. Fractionalisation refers to multiple NFTs representing multiple ownerships of one thing. An example of fractionalization was the original Doge NFT, which has been fractionalized into billions of tokens, with a total value now over $500 million.

Uniqueness

One of the most important traits of an NFT is its uniqueness. This refers to non-fungibility as an asset that is completely unique and there is no other like it. Fungibility refers to the interchangeability of an asset e.g. a $20 bill is fungible since it can be exchanged for two $10 bills etc. Therefore non-fungibility means something that is both unique and not easily interchangeable. This makes trading NFTs hard and that’s also why the prices tend to be high. 

Uniqueness is also an attribute that plays a crucial part in the determination of its value. An NFTs cryptographic signature is truly what differentiates it from other NFTs and makes users able to locate it between the millions of other NFTs stored on the blockchain. 

Ownership

Since NFTs are born (minted) on a blockchain and their details stored on distributed ledgers, ownership becomes very easy because of its verifiable and immutable transaction history. The creator of an NFT has the permission to transfer their NFT to any account, this could either be a user or a marketplace giving them ownership rites that are documented on the blockchain.

As mentioned above fractionalization is also a method of ownership that makes it easy for multiple people to own one NFT. The mechanisms whereby NFTs define ownership make identifying ownership much easier than in most traditional systems. 

Authenticity

Probably the most important trait of an NFT is the ability to easily determine its authenticity. An NFTs cryptographic signature separates it from all other NFTs and can be used to review all transactions with it since its date of inception. 

For some NFTs that represent real-world assets, this is a game-changer. In the real estate industry assets represented by NFTs can show full ownership history and metadata can be allowed to include all modifications of the property for a full history of damages and alterations. As a result, it ensures better verification of real-world assets during change and exchange.  

Transparency

Since the records of issuing and transferring tokens alongside token activity can be open for public verification, NFTs ensure transparency. Most important of all, the functioning of NFTs as digital wallets on blockchain technology provides the benefit of the trust.

Digital Wallet

To create an NFT a user needs a digital wallet to connect to a blockchain for it to be associated with a blockchain and its distributed ledger. Ledgers that hold transactions are usually public and immutable which speaks to the transparency, ownership, and authenticity of an NFT. 

NFTs are stored in a wallet with the creation of a digital certificate of ownership directly linked to the wallet address upon minting. Typically, just the web address (of the location in which the NFT’s information is stored) is kept on the blockchain. This location pointing to where the NFT is stored is kept on the blockchain and can’t be tampered with. This makes the blockchain extremely reliable. 

Understanding The Different Types Of Non-Fungible Token

Anything can be an NFT, NFTs allow for the digitisation of any physical object through the creation of a digital certificate of ownership saved on the blockchain. This is one of the attributes of NFTs that makes it such a powerful technology that can be used in various use cases. Some of the most common include: 

Artwork

Some of the first NFTs to go out into the mainstream were art NFTs. Traditionally art is sold via an intermediary and one of the only measures to gauge the validity of a piece – without hiring a professional – is by its signature. By using NFTs to secure digital data about their work, including an immutable record of ownership, artists can integrate a way to earn royalties in perpetuity. Artists can use this technology to benefit themselves and not the middlemen. 

In March the artist known as Beeple minted an NFT called “Everyday: The First 5000 Days”. The NFT was sold to Christie’s Auction House for an estimated $60 million. 

Event Tickets

The uniqueness and suitability of NFTs make them a very practical solution for the complications that arise from traditional ticketing. Paper tickets aren’t always very secure and can be faked quickly. Each NFT ticket is unique and identifiable making it nearly impossible to fake. Another common problem is reselling tickets and fences, as soon as a tick has left the supplier the ticket can be resold on the secondary market to anyone this means event organisers don’t know who all the people at their event are. Whereas each NFT is connected to a wallet which can prevent scams. 

Music

NFTs have had a profound effect on the music industry, at this stage as the technology continues to improve and become more popular many of the challenges faced by the industry could be resolved. When comparing the utility of music linked NFTs to a traditional digital records artists can immediately and with very low-cost copyright their music through platforms like Audius. 

Artists can earn royalties in perpetuity by enabling a property that sends the royalty to the artist every time the album is bought or sold on the secondary market. Artists can release exclusive NFTs that allow buyers to access exclusive content – improving customer interaction – with the ID of the NFT. For collectors, special editions can be bought and stored on the blockchain.

Gaming 

In the gaming industry, in-game items can be minted as NFTs and traded between players for real-world money. Enabling players to monetise the time spent in-game. Games like the anticipated Star Atlas aim to have an entire functioning in-game economy where users buy and sell items, resources, and crafting materials to further their conquest in the game. 

Axie Infinity, one of the top NFT games in the space, has uplifted many people in countries like the Philippines by giving them a way to earn money online by playing a Pokemon-like game on the Ethereum blockchain. 

Financial assets

One of the newest use cases for NFTs is the usage in decentralised finance (DeFi). DeFi assets like yield-bearing tokens, liquidity provision tokens, lending, and borrowing collateral are wrapped inside NFTs. NFTs can be used on DeFi protocols as collateral for a loan or they can represent collateral that can be borrowed against. In reality, financial NFTs can range from insurance to bonds, as well as unique token bundles and real-world assets like houses or the deed of a house.

How do I create NFTs?

A short overview of how to mint and list an NFT:

  • First, you have to decide on the digital asset you want to tokenize, this can be a digital image, meme, or audio. Remember that you need to own the intellectual property rites (IP) for the item otherwise, it could land you in legal trouble. 
  • Choose the correct marketplace for your NFT. It’s important to research which marketplace your NFT will perform best, there are many, each with different features and pricing. Some examples are, OpenSea, Rarible, or Mintable. Sign-up is usually free and there are no content restrictions. 
  • Set up a cryptocurrency wallet like MetaMask or Coinbase wallet and connect it to the NFT marketplace and follow the steps to confirm the connection.
  • Mint the NFT. NFT minting is the process whereby the digital piece you created is converted and stored on the blockchain as an NFT that can be sold. Once minted it can never be modified or deleted. Some platforms charge for minting but the marketplaces mentioned above are free however do charge a service fee to sell the item.  
  • Get Ethereum to pay for the listing fee. Platforms usually ask for a one-time gas fee to initialise the wallet and require payment usually in ETH, so make sure you have some in your wallet.
  • Set up the sale process. Depending on the platform users can usually decide between fixed cost, timed auction, or an unlimited auction. Important to pay attention to the price of fees and to ensure the price of the NFT can cover the costs, volatility can also cause spikes in fees. Once the process is finished the NFT will be listed and collectors can purchase it. 

OpenSea is one of the leading marketplaces and sells all sorts of NFTs built on the Ethereum blockchain. There are also NFT marketplaces on the Solana and Avlance blockchains which host many different collections from sports to fantasy games.

How does buying and selling NFTs work?

Users that want to buy an NFTs have a host of marketplaces to choose from, each with its own unique collections. After choosing a marketplace they will need to download a wallet that can communicate with the marketplace and add the required network i.e Polygon, Binance Smart Chain, etc. Users need to fund the wallet with the correct cryptocurrency to buy the NFT and then ensure they know when the NFT will be listed e.g via an auction or art drop. NFTs vary greatly in prices and as a rule of thumb, the stronger and more engaged the community the higher the value of the NFT. 

To sell an NFT the user will need to locate it in their collection and then click sell. Clicking the button will take you to a pricing page where you can choose the conditions of the sale including whether to run an auction or sell at a fixed price. When selling users can choose the crypto they prefer and any additional royalty setting by editing the transaction. Listing NFTs on a marketplace sometimes requires a fee to complete the process.

What can NFTs be used for?

  1. NFT-wrapping: Wrapping an NFT to allow other functionality – an ERC-721 with its own standard (NFT) –  as another token with its own set of standards e.g ERC-20 which enables it to be tokenised and fractionalised.
  2. NFT-bridges: Bridges that enable NFTs to be transferred over various networks since certain marketplaces only support certain networks. By building bridges NFTs can be traded across various ecosystems. For example, NFT Bridge (NFTB) built on the Binance Smart Chain (BSC). 
  3. Minting protocols: Protocols designed specifically to mint and create new NFTs on a blockchain. As discussed in the creation of NFTs above smart contracts can also be utilised by online minting services like Enjin, Forge, Rarible, and OpenSea. 
  4. NFT Marketplaces: Marketplaces dedicated specifically to selling NFTs. For example, Rarible, OpenSea, Foundation, MakersPlace, SuperRare, Decentraland, Flow, and many more. Some marketplaces specialise in sports NFTs like NBA Top Shot and many others and others are more general like OpenSea.
  5. NFT Metaverse: NFTs will undoubtedly play a big role in the metaverse from NFT art galleries to owning real-estate in the metaverse through an NFT. This includes spaces like The Sandbox and Decentraland. 
  6. Games Play-To-Earn: Many of the new Play-to-Earn (P2E) games use NFTs as in-game assets. The most valuable of all is Axie Infinity with a market cap of $42 million. Others include Gods Unchained, SoRare, Splinetrlands, Star Atlas and many more.

NFT Cybersecurity: Vulnerabilities

Challenges for valuation and price discovery

NFT prices are volatile and depend on several factors including:

  • Who the creator is and their field of influence 
  • Scarcity of the NFT
  • Exclusive benefits
  • Size and participation of the community
  • Marketplace

This makes it hard for new users to know what an NFT should be worth, not to mention the steep learning curve to use and understand the technology. Not all marketplaces have mechanisms in place that allow NFTs to realistically discover price. There are many artworks in the space that are overvalued. 

Challenges for asset ownership

Traditional law governing intellectual property issues does not apply to a decentralized blockchain. Before buying an NFT, it is useful to identify whether its seller actually owns the IP or copyright to use it. In some cases, malicious actors can sell photos of NFTs or mint NFT replicas. 

NFTs are also challenging in ascertaining their ownership of the original creator and a collector or as an individual entity who has purchased the “rights” to it. Existing Intellectual Property Rights (IPR) laws may not comprehensively cover the ownership of NFTs and the division of any monetary benefits that they may accrue.

Marketplace security risks

NFT marketplaces are sometimes the targets of hacks and exploits in their smart contracts. Just recently, Opensea was exploited allowing the hacker to get away with $1 million in NFTs. Fake marketplaces also exist. Simply put, these are phishing scams that get users to connect their wallets and enter the private key so they can steal information as well as digital assets in the wallet.

Cybersecurity and identity fraud

Identity fraud can be committed by malicious actors if they somehow – either through malware or phishing – gain access to a user’s crypto wallet. When access is gained hackers are seen as the owner of the wallet on a marketplace, the hacker can now just send assets to other addresses and new marketplaces. This also makes it all but impossible for the true owner to verify authenticity since the records are immutable.

Smart contract risks in NFT

The inclusion of smart contracts in NFTs has brought various benefits and risks. Smart contracts define the way NFTs are circulated between parties and traded on marketplaces. The quality of the code is of the utmost importance since a miss-step could cause an unwanted action to occur i.e an NFT seller losing their assets. Additionally, the smart contract security must be high quality because hackers can exploit even minor errors to steal assets. Hacks on platforms and marketplaces have reached an all-time high in 2021 with $14 billion in digital assets being lost to malicious activities according to Chainalysis Crime report 2022. 

Rug Pulls

Rug pulls have become a common occurrence in the NFT space. A rug pull typically involves a new project that markets an NFT collection, spends a lot of time on marketing, and gets as many investors as possible. By the time the project is supposed to launch the owners of the projects stop all communication and run off with the investor funds. Rug pulls have cost users millions nevertheless, there are things to look for to spot a possible rug pull and to avoid becoming a victim: 

  • The project seemingly appeared out of nowhere.
  • The project team has not revealed their identity and stays anonymous.
  • The project has been funded by a mixer e.g TornadoCash etc.
  • Weak engagement with the community and no regular improvement of the project.
  • The project doesn’t have any audit certificates.
  • Liquidity is unlocked.
  • All liquidity is held by one wallet.
  • Use anti rug pull apps like Rug Doctor and Token Sniffer.

NFT hacks

An NFT as such can’t be hacked because the image isn’t stored on the blockchain, rather it stores an address to where the original image is found usually IPFS. Most hackers that get their hands on NFTs are because of projects’ weak security measures or by hacking a user’s crypto wallet because they don’t implement 2-factor-authentication and additional security measures. According to Hacken, a leader in blockchain cybersecurity, one of the main NFT security risks related to the exploitation of smart contracts is reentrancy attacks. 

How To Secure Your NFTs?

Since NFTs are stored in the user’s crypto wallet much of the security is up to the user to take into their own hands. Users should enable multi-factor authentication whenever possible. The majority of hacks and malware target hot wallets, users that have valuable long-term assets could benefit from storing it in a cold wallet that isn’t exposed to security risks on the internet. 

There are many risks in the form of internet scams and malware. Users should have their computer security up to date – a VPN also doesn’t hurt. Frequenting and downloading from unsecured websites also opens a user up to malware and other viruses that can steal personal as well as wallet information. When on social networks and communication groups, users should always use information from official sources and don’t download applications shared by random people on Discord or Telegram. Crypto cyber sec companies like Hacken also provide various solutions like OneArt a one-stop wallet for NFTs that’s a secure environment for users to manage their NFTs. 

It’s also important to consider the security of the blockchain the NFTs are stored on. Users can verify the security of a blockchain by seeing if they have been audited by a reputable cybersecurity company like PeckShield, Hacken, Utrust, Certik etc. Similarly, users can check if a blockchain’s smart contracts and NFT token have been audited as well.

A general checklist to protect yourself from cyberattacks:

  • Choose a secure wallet,
  • Use a complex password,
  • Enable two-factor authentication,
  • Keep your recovery phrase in a secure place,
  • Back up your wallet regularly,
  • Update your software regularly,
  • Use a secure internet connection.

Conclusion

Even though NFTs and cryptocurrencies are both seen as digital assets, there are some clear cut differences between them. The main difference is that an NFT can’t be traded or replaced by one another, making trading difficult. They can be tokenized like cryptocurrency tokens but not by their default standard. NFTs also have security issues but can be negated by the user playing an active role in their wallet’s security and applying safety practices. Due to their rising popularity, NFTs may still see a lot of growth and many new innovative applications in the crypto space.

share via social

Subscribe to our research

Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email


    Interested in getting to know whether your systems are vulnerable to cyberattacks?

    Tell us about your project

    • This field is required
    • This field is required
      • whatsapp icon WhatsApp
      • telegram icon Telegram
      • wechat icon WeChat
      • signal icon Signal
    • This field is required
    • This field is required
    • This field is required
    • This field is required
    This field is required
    departure icon

    Thank you for your request

    Get security score on

    • certified logo
    • coingeco logo
    • coin market cap logo

    1,070+ projects audited

    companies logos

    Apply for partnership

    • This field is required
    • This field is required
    • This field is required
    • This field is required
      • Foundation
      • VC
      • Angel investments
      • IDO or IEO platform
      • Protocol
      • Blockchain
      • Legal
      • Insurance
      • Development
      • Marketing
      • Influencer
      • Other
    This field is required
    This field is required
    departure icon

    Thank you for your request

    Get security score on

    • certified logo
    • coingeco logo
    • coin market cap logo

    1,070+ projects audited

    companies logos

    Get in touch

    • This field is required
    • This field is required
    • This field is required
    • This field is required
    This field is required
    By submitting this form you agree to the Privacy Policy and information beeing used to contact you
    departure icon

    Thank you for your request

    Get security score on

    • certified logo
    • coingeco logo
    • coin market cap logo