Nonfungible tokens are making headlines across industries. From professional sports teams to entertainment and healthcare, these digital assets known as NFTs are now prompting executive leaders to consider how they might integrate them into their future business strategies.
As with all things digital, however, the question remains: How can organizations protect and secure the use and trading of NFTs? Here’s a quick breakdown of what NFTs are, the opportunities they serve and the key points to consider when safeguarding them.
An NFT is a blockchain-based monetized record of unique noninterchangeable information that represents a piece of digital media or object. NFTs can link to any form of digital asset — digital art, text such as a document, videos, photos, songs or samples, lines of code or artificial intelligence models. NFTs can also represent any physical asset tied to a unique blockchain token.
NFTs can enable organizations to create new business models, extend the value of existing products and services, and enter new markets. They can provide alternative financing at more favorable rates than traditional bank financing, as well as opportunities for trading and investing in a new asset class.
When an organization buys an NFT, it owns the right to digitally interact with the associated digital or physical object but does not own the object itself, unless such ownership is conferred in the end-user license agreement or EULA. Buying an NFT usually means owning a unique ERC 721 token that lives on Ethereum. The token is a smart contract that gives one ownership of digital goods or collectibles, such as a piece of digital art or a digital baseball card.
Users should pay particular attention to EULAs when they acquire NFTs. EULAs are rarely presented or signed, and sometimes the only link between the NFT smart contract and the object it points to is a URL. That means the content stored at the URL can change without the owner knowing about it until after the fact. In most cases, the object and its metadata are stored separately from the purchased NFT because it is impractical and too costly to store the entire digital object on a blockchain.
Five ways to secure an NFT
Along with the market hype, there has been a great deal of skepticism surrounding NFTs, one of which is the underlying risk that the asset can be altered, moved or even deleted after the NFT sale – depending on the rules created under the NFT construction. That has prompted the launch of several projects to test NFT security, which only further raise doubts about legality, value and the like.
Over time, NFT markets will become more transparent and trustworthy. Sellers will eventually have many more easily accessible persistent storage options and, over time, will likely start shifting ownership of storage to buyers. But for now, these basic criteria should be met.
First, sellers should create unique digital fingerprints of digital or physical objects that reside off the blockchain network and store those digital fingerprints on the blockchain for subsequent validation and tracking.
Second, NFTs should be stored using distributed file systems that support persistent storage and secure integration with blockchain networks. This is in comparison to storing NFT objects or files on centralized servers, which creates a single point of failure inconsistent with the principles of democratized blockchains.
Next, buyers shouldn’t assume that NFTs are legitimate just because they are cryptographically secured on a blockchain. There are already reports of “sleepminting” attacks whereby NFTs are minted to a well-known user’s wallet and then transferred to a hacker’s wallet without triggering any of the typical smart-contract security checks.
Hackers are bound to target NFTs more in future as the market becomes more active and lucrative. They are also bound to repeat history and exploit the most vulnerable access points through user account takeovers, exploits of application programming interfaces, exploits of smart contract logic and poisoning of off-chain data. It’s thus recommended that buyers purchase owner insurance to insure against the destruction or disappearance of NFT objects/files.
The growth of NFT commerce has generated many offshoot services, such as secure storage, escrow, insurance and custody services, that support the ecosystem for trading NFTs. These services are mainly offered by niche companies at present, but mainstream players such as insurance companies and banks will likely offer them in future to earn additional revenue.
As such, the last recommendation for securing NFTs is for buyers to engage such services to ensure safekeeping of NFT objects or files over time. It’s recommended that information technology leaders work with their chief financial officers or legal departments to do so.
Avivah Litan is a distinguished vice president analyst at Gartner Inc. focusing on AI and blockchain topics. She wrote this article for SiliconANGLE. Learn more about related security topics and threats at the Gartner Security & Risk Management Summit, taking place Sept. 20-22 in Orlando, Florida.
Image: Marco Verch/Flickr
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and soon to be Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.
We are holding our second cloud startup showcase on June 16. Click here to join the free and open Startup Showcase event.
We really want to hear from you. Thanks for taking the time to read this post. Looking forward to seeing you at the event and in theCUBE Club.