NFTs are as prone to attacks from hackers as any other digital assets. In fact, the famous NFT that sold for $69.3 million was attacked by a white hat hacker who goes by the name Monsieur Personne. He attempted to show that the blockchain technology on which NFTs are minted and stored is not safe.
NFTs are Super Fun, Safe, and Unique – Except They Are Not
NFTs are as prone to attacks from hackers as any other digital assets. In fact, the famous NFT that sold for $69.3 million was attacked by a white hat hacker who goes by the name Monsieur Personne. He attempted to show that the blockchain technology on which NFTs are minted and stored is not safe.
Additionally, there have been several instances where an artist’s artwork has been downloaded/copied (read: stolen) and minted on the blockchain via a marketplace. Before we delve into the specifics of how NFTs are stolen, let’s read a story that attempts to revolutionise the way we look at NFTs.
NFTs are as safe as any other digital asset
On April 4, an unknown vigilante of the crypto world attempted to prove a point that most people had been missing because of the craze around NFTs. He “sleepminted” (a term the vigilante was kind enough to come up on his own) Beeple’s artwork Everydays: The First 5000 Days, which sold for a jaw-dropping $69.3 million, to another user named Arsene Lupin. Our dear Lupin, on the other hand, put the newly minted artwork on sale on Rarible and Opensea. The listings were obviously taken by both the marketplaces, but Monsieur Personne, our vigilante, uncovered a surprising yet unnerving fact about NFTs – that they can be manipulated.
The white hat hacker was kind enough to share that his attack was not “out of malice, but because of my disappointment in NFTs”. He went on to say in this post that he did not like the fact that artists were being given the illusion of the true value for their artwork when they were being comfortably ushered into a Ponzi scheme.
The entire technical process behind how Personne managed to duplicate Beeple’s NFT has been covered already. We are going to try and explain it in simpler terms here.
Step 1: Personne created an Ethereum-based application that gave him the token ID: #40913, which was the one that Beeple’s original artwork had.
Step 2: He created his own smart contract with a “seizure feature.” Through that, he managed to give an impression to websites like Etherscan and Rarible that his NFT was created by Beeple.
Step 3: This false impression is made possible by “dropping” the NFT in Beeple’s account and then taking it out again.
This gave the overall impression that it was indeed Beeple who had put his artwork on auction again.
The attack highlights that NFTs can be duplicated
The whole motive behind this “attack” was to throw light on the fragility of these marketplaces and third-party applications like Etherscan to track and “validate” transactions on its blockchain. Some are prompted to believe that this attack was educational and was done to enlighten us on ways we can follow to safeguard ourselves while minting our NFTs.
On the other hand, there are people who have started to question what they actually own when they make the final purchase for an NFT.
Personne has repeatedly attempted to clarify that all “creative, copyright, and intellectual rights” are still retained by the artist/creator. Therefore, in theory, the artist could ask the owner to not flex it online and even transfer the ownership rights to someone else.
But then, if we as “owners” of the artwork do not own anything, why on earth are we buying NFTs?!
NFTs are not artworks but smart contracts that govern their usage
Before we get into understanding why people value of NFTs, let’s revisit our definition of an NFT. An NFT is essentially a unique token that is hosted on a blockchain. A blockchain is a database where the transaction history of that token is maintained.
What makes NFTs unique are the smart contracts that govern each token. These smart contracts are unique, thus making each token unique.
Now, these smart contracts are where all the magic happens. They essentially have data about what kind of rights the owner has versus the kind of rights the creator has. The owner may/may not have the right to use the artwork for commercial purposes. Moreover, the creator of the artwork may have the right to reproduce the same artwork and sell it again.
Or the artist can even program the smart contract in a way that any successful sale of the artwork returns some part of profit to them. Thus, you see that it is not so much about the artwork itself but what the owner of the art can now do with it that is detailed in these smart contracts.
I can sell your artwork as an NFT on any marketplace
That is absolutely right. If I wanted to make money off your artwork, I would simply download a jpeg file, upload it on a marketplace and act as if I am its creator. I would then mint it on the blockchain and create a record of me being the owner forever.
The artist Derek Laufman found himself caught in a similar problem when he woke up one day to find that his art was being sold as NFTs on the marketplace Rarible. And he is, unfortunately, not the only artist who has been scammed like this. Some people have even taken it on themselves to “tokenize” someone else’s content and then list them on NFT marketplaces.
Remember that NFTs are not actual artworks but tokens that point to those artworks that are further hosted through an IPFS, a peer-to-peer file hosting and sharing system. Sometimes, these tokens could also direct to the URL (on the marketplace) where the “original” artwork is stored. If the marketplace goes bust, the artwork will also be lost.
While many marketplaces do take an effort to set up symptoms that can minimise such theft, several savants of the blockchain technology have said that hackers can still find a way around them. Identity theft is common, and hence hackers can very easily bypass the automated security checks that many marketplaces use.
Conclusion
All of this goes to show that there is no way that NFTs are unique digital assets. In fact, the misconception that they indeed are digital assets is something that has been proliferated by a community of people that hardly put an effort into understanding how it works.
What started as a craze because someone had become uber-rich by selling their artwork became just another opportunity for hackers to make money as well. Although there are artists that are commending the benefits of this technology, some of them are still figuring out ways they can use to safeguard their artworks.