Securing NFT Media: Challenges and Solutions

NFT security is a rising concern, with risks like fake marketplaces and phishing. We compare options for securing NFTs on Ethereum vs Bitcoin.

Over the past few years, NFTs have seen their rise and fall in the complex digital world on the blockchain. However, their growth has also brought bad actors to the forefront, who want to profit from other people's mistakes or just outright steal them. This highlights a critical concern for those who want to secure the media files associated with their NFTs properly.

Let us take a look as we explore these methods and address the challenges that might come up when you want to be the safest in securing your NFTs.

Problems and Challenges in NFT Security

We already know that NFTs represent ownership of digital or physical assets such as art, music, videos, digital collectibles, and have many more use cases.

Wash Trading

Wash trading is the repetitive act of buying and selling an asset among a group of traders in order to create the illusion of market activity and liquidity. By engaging in this practice, wash traders succeed in distorting the real value of some NFTs, which could harm investors by leading them to pay inflated prices.

These 'crypto' acts are nothing new and are similarly categorized as wash trading, falling under the illegal activity of 'market manipulation and insider trading' as outlined in Article 143 of the Financial Market Infrastructure Act (FinMIA).

Rug Pull Scams

Rug pulls occur when the founders of a certain NFT project gain investors' trust with the promise of high returns or 'hype'. Once investors have put in huge sums of money, the founders disappear and leave them behind with worthless NFTs.

Over the past few years, rug pulls have become commonplace in NFT markets and cheated many people out of speculating on NFTs as mere 'jpegs'.

We are aware of the reported Big Daddy Ape Club rug pull and that there are victims involved. We take this attack on the NFT community seriously, and are taking steps to offer all the assistance we can.
— Chris Hart (@hartcb) January 11, 2022

Phishing Attacks

If you are not getting rug pulled, you are getting phished. A phishing attack in the NFT space involves scammers luring users to reveal their private keys and seed phrases by clicking on fake emails, social media channels, and deceptive ads. If you just click on their link and connect your wallet, your NFTs will be gone.

One notable phishing attack targeted the OpenSea NFT marketplace, resulting in a loss of $1.7 million. People who trusted OpenSea also trusted the phishing site mimicking it and lost their beloved NFTs.

As far as we can tell, this is a phishing attack. We don’t believe it’s connected to the OpenSea website. It appears 32 users thus far have signed a malicious payload from an attacker, and some of their NFTs were stolen.
— Devin Finzer (dfinzer.eth) (@dfinzer) February 20, 2022

In today's world, scammers are even using generative AI to develop another form of the phishing attack, 'vishing' (a voice phishing attack). Where they impresionate famous people of our space to win trust and re-direct you to a wrong link.

Counterfeit NFTs

Just like counterfeit money, where they create a similar copy of the original, scammers will try to create an exact match of the visual of an NFT and mint it while posing as a successful brand.

A good example of such an incident occurred when Ryder Ripps and Jeremy Cahen copied the Bored Ape Yacht Club by Yuga Labs and began marketing it. This didn't end well as Yuga Labs sued the two and in October 2022 a district court ruling demanded Ripps and Cahen pay $1.5 million in damages.

Fake Marketplaces

Over the years many marketplaces such as OpenSea and Blur have become big for buying and selling NFTs. There are some reputable exchanges that have passed the test of time, although some of their employees weren't without blame.

However, fake marketplaces also entered the chat and promised similar services but just exit scam and empty users' wallets whenever they get hold of their private keys and seed phrases.

On top of that, various centralized marketplaces like the ones mentioned above store the private keys associated with all assets and NFTs directly on their platforms. As a result, any compromise of these platforms would imply the loss of NFTs, as evidenced by the Nifty Gateway hack of 2021 and the FTX disaster, which left many in tears.

We can say that security challenges like these have raised concerns not only in the NFT space but also among governments who want to protect servants.

NFTs on Ethereum

With the enemy lurking behind every corner, we understand and should address the ways NFTs are 'put' on the blockchain, or how their relation to it can address security concerns for the credibility and long-term adoption of digital assets representing value. We try to understand the main methods how they are secured...

SVG-Based Art

Scalable Vector Graphics (SVGs) is an image format that uses XML (Extensible Markup Language) to describe shapes, paths, colors, and other elements mathematically in a customizable manner. This gives creators the freedom to create engaging and interactive NFTs that can tell stories and offer experiences to collectors.

As a file format, SVG codes are fully stored on-chain as part of the NFT's metadata or smart contract. This gives them immutability, which means resistance to tampering by being on the blockchain. Additionally, on-chain storage eliminates external hosting, which reduces the risk of data loss.

However, file size optimization is a key factor to consider when using SVG, as large file sizes can affect loading times and user experience, and limit the use to only less detailed artwork.

Examples of SVG NTF collections already created include; Pushersleft (ART PONZI), Chaos Roads, OnChainMonkey, and Advent Stars.

InterPlanetary File System - IPFS

IPFS is a decentralized and distributed system for securing storage and access to files, data, applications, and websites. It uses content addressing which detaches data or files from their location.

Through content identifiers (CIDs), these data and files are given a permanent cryptographic hash based on their content. From this, users can retrieve and share files from multiple sources at once in a peer-to-peer way through nodes joined on the platform.

Although IPFS presents all these capabilities, there is complexity in setup which requires expertise, and also its dependence on nodes acts as a limitation when they aren’t available and could test the 'decentralized nature' of the method.

Arweave

Arweave is another blockchain-based data storage method that requires users to pay a single upfront fee before they can upload data.

To achieve decentralization, Arweave uses the following technologies:

Blockweave: A data structure that allows nodes to join the Arweave network immediately, without any waiting period.
Succinct Proofs of Random Access (SPoRA): A unique type of consensus that was added in February 2021 to give miners an incentive to copy data.
Wildfire: An incentive and ranking system for nodes' data retrieval efficiency and network consensus.
Blockshadows: A technology that enables the network to boost its throughput to a theoretical limit of 5,000 transactions per second.

Arweave has risen as an NFT storage system and attracted companies like Meta, which uses it to store digital collectibles from Instagram.

Unfortunately, the upfront payment is a limitation that has led to the network's limited adoption compared to other innovations like IPFS. However, that isn’t all when comparing one innovation to the other...

A Comparison

Feature	Arweave	SVG-Based Art	IPFS
Protocol	Proof-of-Access	The blockchain's mechanism, e.g the Ethereum Virtual Machine (EVM), for Ethereum	Peer-to-peer
Cost	Require users to pay a one-time fee to store data on the network	Payment of gas fees for deployment	No initial fee but may require pinning services
Data permanence	Guaranteed permanent storage of data	Guarantees permanent on-chain storage	Depends on pinning and network participation
Size limit	Limited to 512 MB per transaction	Reduced file sizes, to avoid long loading time	No limit on the size of the data
Complexity	Requires integration with its network	Requires knowledge of SVG creation and smart contract integration	Simple implementation, widely supported
Media Types	All digital media	Vector graphics	All digital media

Although these technologies provided storage mechanisms that offer security for NFTs on Ethereum, new ways have also been found to store NFTs on other blockchains, including the most used and biggest of them all - the Bitcoin blockchain.

NFTs on Bitcoin

When you think about NFTs, they are mostly associated with networks such as Ethereum and Solana. However, if you are a fervent reader of our blog, you would already know that NFTs on Bitcoin have made their introduction. So how exactly is this done?

Ordinals

Developed by Casey Roadmor, Ordinals allow digital artifacts to be inscribed directly onto Bitcoin.

This is achieved through a numbering scheme that assigns a number to each satoshi (sat) on the Bitcoin network, numbered in the order mined. (i.e., the first satoshi mined is the first ordinal created).

From this, each satoshi can be inscribed with data such as texts, videos, or pictures through a Bitcoin transaction. Once it is mined, the inscribed data is permanently stored as part of the Bitcoin blockchain. From this, an array of NFTs have been added to the Bitcoin blockchain to date.

Bitcoin Stamps

Another development with NFTs on Bitcoin is STAMPS (Secure Tradeable Art Maintained Securely). This is a method that involves converting image data into a specially encoded file format known as 'base64'. This allows the image data to be represented in a text format.

The metadata of the original image is then stored within the multi-signature unspent transaction outputs (UTXOs). This is also a way for several NFTs to be minted on the Bitcoin blockchain.

While the above mechanisms enable creating or minting NFTs directly on the Bitcoin blockchain and not on a third party server, they leverage the network's secure and widespread nature. However, creating NFTs on Bitcoin is more 'real' so to speak, but less developed compared to other networks such as Ethereum.

Bitfinity and NFT's

It is exactly for this development that we look out for. One major development behind the surge in NFTs on Bitcoin is Bitfinity, which provides scalability to Bitcoin as a Layer-2 blockchain and brings complex smart contracts to the Bitcoin network.

Bitfinity uses the EVM to bring over the same applications everyone is used to on Ethereum, and is working on an Ordinals bridge that lets non-fungible tokens be created as NFTs directly on Bitcoin while paying cents per satoshi, so to speak.

Although the tokens are created on Bitfinity, they are secured and settled by the Bitcoin base layer through the canisters (smart contracts) built on the Internet Computer.

Final Words

Although many methods that fueled the previous NFT hype were in a way less decentralized than modern methods now, better ways to store and secure NFTs have been found on the Bitcoin blockchain where crypto started.

As the technology matures, the intent of all actors, including the malicious ones who find ways to separate people from their money, needs to be prepared for in every way.

In a situation like this, it is clear there need to be ways found that combat all challenges of securing NFTs in every possible way.

Connect with Bitfinity Network

*Important Disclaimer: The information on this website is provided for general informational purposes only and should not be considered financial advice. While we strive for accuracy, Bitfinity does not endorse and is not responsible for any errors or omissions or for results obtained from the use of this information. Views expressed herein may not reflect those of Bitfinity. External links are provided for convenience and verification of information is recommended before taking any actions based on content found here.