December 07, 2022
The popularity of NFTs (Non-Fungible Tokens) has exploded in the past 12 months with trading volume nearing $11 billion in the third quarter of 2021. However, with investors pouring billions into this new asset class, NFTs have already become a prime target for hackers just like traditional cryptocurrencies. As a result, using weak authentication measures when securing an NFT can be a very costly mistake.
What is an NFT?
A Non-Fungible Token (NFT) is a blockchain-based means of asserting ownership of a unique digital asset. The most popular application for NFTs, so far, has been digital artwork, allowing investors to purchase photos, digital renderings of paintings, and even memes or famous tweets.
Why would someone pay a premium for digital artwork that can be viewed and shared by anyone easily and freely? Because, in the NFT market, value, like beauty, is in the eye of the beholder. There is a certain status that comes along with being the certified owner of a particular piece of digital art or pop culture nostalgia and people have shown that they are willing to shell out hefty sums to do so.
The idea and value behind an NFT is that, unlike just about everything else digital, it is created with distinct identifying codes on the blockchain. This uniqueness and identifiability of a particular NFT creates value for the digital asset as it is now a scarcity.
NFTs are not limited to strictly art and visual mediums, in fact there are currently nine main categories of NFTs: Art, Music, Video Game Items, Trading Cards and Collectibles, Sports Highlights, Memes and GIFs, Domain Names, Virtual Fashion, and Other Online Pop Culture Items (Tweets, Famous Facebook Posts, Etc.). These are by no means the limit of NFTs, recently San Marino released a COVID-19 vaccine passport NFT.
How do NFTs Differ from Traditional Crypto?
Unlike with traditional cryptocurrencies, NFTs do not have a one-to-one exchangeability with one another. One bitcoin always has the same value as another bitcoin and they can be readily exchanged. This very fungibility is the value of traditional cryptocurrencies.
NFTs are built on the same blockchain as cryptocurrencies but their non-fungibility makes them unique. Every NFT is uniquely digitally identifiable by its digital signature. This digital signature cannot be replicated thus ensuring the individuality of the token.
How are NFTs Created?
Creating an NFT does not require in-depth knowledge of coding on the blockchain. First one selects the blockchain they want to issue their NFT on. Currently, Ethereum is the most popular blockchain but others such as Binance and Flow by Dapper Labs are also growing in popularity and have their own compatible digital wallets and exchanges. For this example, we will use Ethereum.
The second step, after deciding which blockchain, is to find a digital wallet that supports Ethereum’s ERC-721 NFT standard. Fortunately, there are several digital wallets available that do, including Coinbase Wallet and Trust Wallet.
Next, one must purchase enough of that cryptocurrency in order to create the NFT on that particular blockchain. For example, it costs USD 50-100 worth of Ethereum to create a NFT on that particular blockchain.
Finally, one needs to connect their digital wallet and upload their chosen image, piece of music, collectible, or whatever they are trying to turn into an NFT to a compatible NFT marketplace and create their NFT. Popular Ethereum NFT marketplaces like OpenSea, Mintable, and Rarible have ‘Create’ buttons that make the actual generation of the token easy.
How are NFTs Bought and Sold?
Depending on which blockchain the NFT is created, that blockchain will have its own ledger, compatible digital wallets, and marketplaces. Certain NFTs are only sold on certain marketplaces or are only compatible with a certain type of digital wallets or can only be purchased with a particular crypto currency.
For example, in order to buy NBA Top Shot packs one must first create an NBA Top Shot account, then open a Dapper Labs digital wallet and use it to buy either USDC stablecoin or another supported cryptocurrency.
Who are Some of the Major Players in NFT Marketplaces?
With the explosion in the popularity of NFTs, a large number of NFT marketplaces have sprung up. These marketplaces cater to specific niches in the NFT market and particular blockchains that they support. Below are some examples of the major players in the market.
OpenSea is the largest and most storied peer-to-peer NFT marketplace around today with over $6 billion in total trading volume. They offer a wide range of NFTs from art to music to collectibles. OpenSea is compatible with MetaMask, Coinbase, Bitski, and several other digital wallets. They primarily transact in Ethereum, US Dollar Coin, and DAI.
Axie Infinity is an NFT based online video game that transacts exclusively in Axies which are pokemon like digital pets that are then used to play the game. Axie Infinity is the second largest NFT marketplace and has a total lifetime trading volume of over $2.1 billion. Axie is not as easy to trade on as other NFT marketplaces and requires users set up a Ronin Wallet to deposit Ethereum and that they buy at least three Axies.
Rarible is another leading Ethereum based NFT marketplace with over $210 million in total all time trading volume. Rarible offers a wide variety of NFTs and is community owned. A differentiating factor is that Rarible offers creators the ability to generate multiple NFTs for the same image. Like OpenSea, Rarible is compatible with several digital wallets and offers a user-friendly experience.
Binance NFT Marketplace is run by Binance, which is the largest crypto exchange. The Binance Marketplace seeks out exclusive partnerships and offerings to offer its user base. They accept Ethereum, BNB, and BUSD and any user that has a Binance account can trade in their marketplace.
Nifty Gateway is an NFT marketplace that was acquired and is backed by the crypto exchange Gemini. They are a highly curated marketplace that is famous for being the first to sell a multi-million dollar NFT. They have offerings from famous artists such as Eminem and The Weeknd. Nifty Gateway requires users first confirm their identity via Stripe.
What are the Security Vulnerabilities in the NFT Market?
Digital assets like cryptocurrencies and NFTs are often targeted by hackers. Exchanges and digital wallets can be a goldmine for bad actors if they can gain access to them. Recently Coinbase announced that 6,000 of their users’ accounts were compromised due to phishing and SIM Swap attacks.
This same vulnerability exists with NFTs since they are stored in digital wallets in much the same fashion as traditional crypto. The reason these hackers were able to access these users’ accounts was due to weak authentication practices such as only securing their accounts with a password.
How to Protect NFTs from Hackers
Securing a digital wallet or any digital asset with a password alone is like leaving the combination on your safe turned to the last number. Passwords are vulnerable to phishing, SIM swap, and account takeover attacks. In the case of Nifty Gateway, hackers were able to gain control of users’ digital wallets and sell their NFTs.
Using a more secure method of authentication, like FIDO2 passwordless authentication can prevent these types of attacks from happening. The FIDO2 protocol is based on private key, public key cryptography.
During registration, the user is prompted to enter their biometric (fingerprint, face scan) that is native to their device. This biometric, which is stored in the secure enclave of the device, combined with the device itself acts as the private key that then unlocks the account. Going forward, the user needs only to use their biometric to securely access their account.
While FIDO2 is a top of the line security protocol that is designed to meet the strictest compliance and security standards, it has historically taken a lengthy 12-18 month build in order to integrate it. The good news is that LoginID offers a suite of SDKs, APIs, and Plugins that make integrating FIDO2 passwordless authentication a far simpler process that can take as little as 15 minutes.
The applications for the FIDO2 protocol are not only limited to passwordless authentication. NFT investors could also benefit from the transaction confirmation with digital signature functionality. In this case, the investor would confirm the purchase or sale of any NFT using their biometric just like when signing in. This creates a digital receipt for the transaction and prevents any hackers from selling NFTs from a compromised account without the account owner's fingerprint or face scan.
Get started for free with LoginID’s FIDO2 passwordless authentication and transaction confirmation with digital signature services.