NFTs, or non-fungible tokens, emerged in 2015, and since then they’ve become extremely popular. This happened largely because of the nature of the technology: the tokens are unique digital assets recorded on the blockchain digital ledger.
Since blocks within blockchain store information about neighboring blocks, it’s possible to track all the items’ transaction history. The nature of blockchain makes it very hard for threat actors to tamper the files in it, but the technology still does not prevent theft and copyright infringement completely.
The popularity of NFTs keeps growing
Our previous article emphasized that owning an NFT doesn’t make you the copyright owner of a piece of art. NFTs are more about boasting that you have a unique digital copy of an artwork instead of owning it. Sometimes this may not be a problem, as it allows people to feel like being part of something bigger, like in the case with Julian Lennon auctioning tokenized memorabilia of “The Beatles.”
John Lennon’s son describes it as a way to share his family history with people willing to buy the NFTs, presented as an “audio/visual collectible.” Although sometimes physical items may be sold alongside NFTs, in this case, the buyers will not receive a John Lennon’s guitar or any other piece of his art. Instead, they will have a piece of blockchain data recording proving that they own an NFT linked to a .JPG with the item.
In Lennon’s case, there was almost no risk of copyright infringement since the guitars still stay in his possession no matter how many NFTs with their images he is to sell. Unless someone breaks into his house and steals the musical instruments, they are safe. But artists who create solely on digital platforms are concerned with the fact that anything can be tokenized, and their permission is neither required, nor asked for.
Causes for the new tulip mania
In the third quarter of 2021, total NFT market transactions exceeded $9.9 billion, marking an increase by 832% compared to the second quarter. This shows that the market is trending up causing more and more people to experience the fear of missing out (FOMO) and making them rush to tokenize everything on sight. And they care not about the fact that an NFT owner doesn’t own the copyright on an object.
The problem is that a regular copy downloaded from a DeviantArt profile and later sent to anyone doesn’t bring any money, unlike a tokenized one. There are no ways of tracking what people do with regular copies or screenshots of an artwork, and that’s why artists are fine with it, not mentioning free advertising perks. But tokenizing an art piece makes it scarce and allows for selling it as if it were a deficit item.
This is worrying in the sense that a tokenized digital piece of art can be sold with peace of mind, and usually, there is no need to prove that the seller is the one who created it in the first place. This enables thieves to make money on others’ work without the creator’s permission.
The problem is pressing not only to artists who discover images they create on NFT selling platforms, but even to Twitter users. Recently, the account named @tokenizedtweets went on a tokenizing spree marking hundreds of trending tweets as NFTs and selling them on trading platforms. This caused outrage among the users who didn’t want their thoughts and works being used for somebody else’s money-making scheme.
How can NFTs be stolen?
Since blockchain technology operates through interlinked and constantly checked blocks, it would require a mind-boggling amount of computing power to make it possible to hack it. But here comes the main vulnerability that we keep on reminding about when talking about CAD files: good old human error.
Cybercriminals may attempt to compromise online communities like Discord servers to impersonate an admin and lure users into clicking on a malicious link. This technique is called “phishing” and may result in bad actors getting access to your NFT storage to steal and resell its content. This is what happened to Fractal NFT enthusiasts, last December.
Another tactic that threat actors may use is tricking users into providing access to crypto wallets. This is mostly the same modus operandi that old-school telephone bogus callers use: someone messages you directly pretending to be a trading platform support or a would-be buyer, and then talks you into giving up your word seed phrase.
There is also a chance that cybercrooks may steal assets by exploiting cybersecurity vulnerabilities on NFT platforms. But again, it is not about hacking someone’s crypto wallet directly but about interfering with the work of a separate platform to which the wallets are linked.
What to do to protect your artwork?
First of all, take a moment to consider whether you need your art to be tokenized. This does not give you any additional IP ownership to being the piece’s original creator. If you already have a fan base that values and cherishes your work, consider the usual ways of monetizing your work. Use respected platforms that offer you a flexible system of sponsorship and also make it harder for people to steal your art.
If you’ve already tokenized your works, try other means of protecting them, like using cold storage. This is an offline wallet used for storing blockchain-based items, be it a cryptocurrency or an NFT. Unlike hot storage connected to the internet, cold wallets are not, making it a virtual safe for your NFTs.
Hot storage is also known as “a non-custodial crypto wallet” and is protected by a 12-to-24 word seed phrase and a combination of touch/face identification and passwords. The security tips here are the same as with regular passwords: make sure to use a complex combination of both upper and lowercase letters, use numbers and various symbols. Do not tell your word seed phrase to anyone, and do not store it on your PC. Just write it on a piece of paper in an old-fashioned way and hide it somewhere. But make sure to remember where it is now.
Also, use a VPN to hide your IP address and internet traffic data. This will help prevent your identification and thus will provide bad actors with less leverage on your system.
Avoid NFT drops
Avoid NFT drops. Situations when developers promise a lot of stuff and then disappear with the money are quite common there.
And last but not least, try to control your greed and never believe a deal that is too good to be true. As we carry on reiterating, always verify the identity and reputation of the person you are doing business with.