The explosion in NFT and Ethereum smart contracts since 2021 has seen a spectacular rise in interest in the cryptocurrency domain. One immediate and tangible impact is the surge in value of Ethereum by virtue of its acceptance at the ruling auction houses.
The other impacts relating to the environment, the long-term feasibility and potential to disrupt traditional artworld chanenls, remain more elusive to measure in context. These topics continue to dominate discourse on every social media platform from Clubhouse panel talks to Instagram artworld meme pages with a distinctly polarized tribal split between the supporters of the NFT scene and its distractors.
There is a dimension that tip-toes between the planes of the objective and subjective: trust.
A position that is problematic to argue against regardless of whether one is a promoter or detractor: the maturity of the NFT security model and the enormous surge in its use are not presently aligned and there are lessons to be learned over the next year. Let’s remain optimistic and hope that the indie grassroots artists which NFT has enabled to monetize their work remain financially unaffected by technical vulnerabilities.
There is ongoing research and discourse on the security of NFTs, including the artist and collector community and their marketplaces as well as the artworks themselves, all reliant on the underlying principles of Ethereum smart contracts.
Security researchers have been drawn to analyzing how the transactions work in practice.
The standard practice of performing security research on a given technology starts with disassembling it to reach a technical understanding of how the protocols work.
The NFT itself is typically metadata, as opposed to the artwork itself, and fundamentally acts as a signpost towards the location of the artwork content; that signpost is what’s termed “metadata”. The NFT’s metadata resides on the blockchain which is where the integrity of ownership is proven, as opposed to any particular company or website – this is the benefit of the decentralized Web 3.0 model where single points of failure are de-emphasized.
Technical research conducted by Jonty Wareing was published on Twitter (see above image) which indicated that there are NFTs where that signpost does not reside on the blockchain itself but instead points toward the marketplace’s website. This in itself presents a risk to the integrity of the NFT and its proof of ownership for an artwork.
There are hypothetical, future-thinking scenarios where a marketplace could be compromised. The resulting knock-on impact would affect ownership of the artworks associated with it. Examples include the marketplace going out of business resulting in a change of “management” where the marketplace’s domain name is registered by an arbitrary third party – or, most intriguingly and more a more immediate a targeted attack on a marketplace to deliberately tamper with the NFT metadata.
In the event of both a marketplace takeover or takedown, by its domain name being swiped by a third-party or a determined cyberattack to tamper with NFT metadata at the marketplace, the ownership of the artwork itself becomes questionable. The unquestionable integrity of NFT ownership is an essential scaffold supporting the trust in the economic model and in the optimism around Web 3.0.