Are NFTs safe? Uncovering NFT Vulnerabilities and Security Concerns

Alejandra Corbella

NFTs are growing in popularity in the crypto currency space, and as more people adventure in the world of digital art, it is important to understand the risks and opportunities associated with this asset class.  

What is an NFT?

For those who are new to NFTs, NFTs stand for Non-Fungible Tokens, which are unique assets in the crypto world. The term “Fungibility” means that digital assets are equal in value, and they are indistinguishable from each other. For example, Bitcoin is a fungible token because you can spend one Bitcoin, buy another one and you still have one Bitcoin. However, NFT value often depends on many factors, such as minting number, total supply, special traits and community behind the asset. For example, one Crypto Kitty might not be worth the same as another one. The generation of the kitty, minting number, special traits and demand will dictate the price of the NFT.

NFTs have gained an insane amount of momentum in the past year due to their unique quality to attach value to any digital and physical asset while recording ownership in the Blockchain. NFTs also create exclusive communities behind assets and empower investors to create the future of a tokenized economy.  

Just imagine owning your home in the Blockchain or owning a unique avatar in your favorite video game. With NFTs, that could be possible. The growth and ingenuity of NFTs also open the possibilities to trading, staking, and liquidity providing. While NFTs are still a new and growing technology, they are transforming the crypto ecosystem.  Nonetheless, anything that involves money, technology, and humans comes with inherent security risks.  

How secure are NFTs?

When NFTs were first created, there was a unique challenge - images could not be stored in the Blockchain due to storage capabilities. Instead, it was suggested to store an identifier of the image (such as the web address of the image or its hash) in the Blockchain and use the identifier in a third-party platform to view the NFT. That means that when someone buys certain NFTs, they are not buying the actual image, but instead an identifier that could lead to a URL on the internet or to the Interplanetary File System (IPFS). In many cases the IPFS node is run by the company you bought the NFT from, which challenges the idea of true ownership. If the platform you bought the NFT from goes out of business, the NFT might not be accessible and potentially lose all value.  

Another vulnerability of NFTs is similar to any other Blockchain asset - they are built in smart contracts which can be broken, manipulated or exploited. While NFTs are still in their infancy stage, it is important to understand risks associated with NFT ownership and take proper precautions to maximize gains.  

Marketplace Security

NFTs thrive from centralized platforms that allow people to buy and sell digital assets. Centralized platforms like Open Sea and Nifty Gateway own the private keys of all assets on their platform, which means that if their platform is compromised, hackers can steal large amounts of NFTs.  

Earlier this year, several accounts were compromised in Nifty Gateway and the attacker was able to access purchased NFTs, exchange them for other NFTs and sell them for a profit. While money was returned to affected investors, the NFTs were not recovered.  

Even if marketplaces hold strong security measures, individual hacks can still happen due to weak security by platform users. Whether it is weak passwords, no 2FA, or an email scam, users can lose access to their wallets and digital assets.  

Smart Contract Vulnerabilities

Like mentioned before, NFT smart contracts can be exploited to benefit malicious attackers. Crypto Punks, one of the most popular NFT projects in history, was affected by a bug in 2017 that prevented ETH from going into the seller's wallet. The bug allowed the attacker to buy a crypto punk and take the money back from the contract. The project was later re-launched in a different and updated smart contract.

Meebit, a collection of 3D digital avatars also experienced an exploit, where the attacker manipulated the rules of the smart contract to mint several NFTs, revert the NFTs with less valuable traits, and keep a highly valuable Meebit. After spending over $20k in gas fees, he was able to acquire and sell Meebit #16647 for over $700k.  

How Valid Data helps

The risky nature of Blockchain technology shows the importance of doing your own research and taking a close look at asset reliability and security, before investing in any crypto project, including NFTs.  

Valid Data helps investors, exchanges, wallets, and vaults by providing real-time alerts and predictive insights on asset credibility and security. With Valid Data, you can get a quick Valid Score indication, or dig deeper to understand the smart contract vulnerabilities behind any NFT and get alerts for any suspicious activity. This can give you some peace of mind to buy NFTs and other digital assets with confidence.  

Sign Up for free to Valid Data to learn more!

It’s time to Deriskify Crypto!

Uncover risks & opportunities in crypto to maximize your gains.

Valid Data’s real-time and predictive insights are used by Cryptocurrency traders and exchanges, as well as investors and hedge funds, to make better investment and trading decisions, to protect the value of their digital assets, and to capitalize on market opportunities that only Valid Network’s technology can uncover.

Try Valid Data

Other Blogs

Introducing Ethereplay by Valid Network

We are excited to announce Ethereplay by Valid Network, a free community tool to support examining, analyzing, optimizing and securing of smart contract code on Ethereum.

Onboarding blockchain tech? Don’t miss these important facts

Key issues that enterprises must carefully consider and deal with when onboarding blockchain technology

What are CBDC and are Digital Currencies Safe?

Cryptocurrency and DeFi trading platforms have long signified a coming change in the way currency is handled around the world.

Integer Overflow in Ethereum

Many involved in blockchain do not have a full comprehension of the impact of software flaws and how they can enable vulnerability.

Subscribe to our newsletter and get the latest updates every day

Get crypto analysis, insights and updates right to your inbox! Sign up here so you don't miss a single newsletter.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.