“What Bitcoin was to 2011, NFTs are to 2021.”
That’s a claim from the highly respected “techno-geek” bible Ars Technica in it’s wonderful explainer on NFTs, or non-fungible tokens. Since cryptocurrencies were, are and will continue to be impactful technologies, surely NFTs are a topic worth exploring.
They exploded into public consciousness this year as pieces of art, albums, photographs and dozens of other assets were sold in NFT form. Some net their sellers huge profits, many more are ignored or overlooked completely.
Naysayers call NFTs worthless figments of our own imagination, apologists hail them as handy tools for eliminating middlemen and empowering creators. One writer has referred to NFTs as, simply, “bragging rights.”
But naturally, at Carbonite + Webroot, we just wonder how they’ll be used and abused by cybercriminals or if they can be irrevocably lost like the password to a crypto wallet.
Before we dive into that, a brief primer of our own on NFTs.
An NFT can be thought of as a sort of digital deed. It is unalterable proof of ownership of a unique digital asset. That’s what the “non-fungible” in non-fungible token means: there’s only one, and it’s completely unique.
NFTs use the same blockchain ledger technology to verify uniqueness that cryptocurrencies rely on to prove ownership. A distributed group of devices does the work to vouch for the authenticity of the token the same way it does for a bitcoin.
Except, whereas each unit of a cryptocurrency is mutually interchangeable (1 Dogecoin always equals 1 Dogecoin, for instance), NFTs are designed to be completely unique. They can be programmed with their own rules and directions for use and behavior—even down to how they produce “offspring” in the case of CryptoKitties.
An often used and helpful analogy is to certificates of authenticity (COA) like those used in the art world. For ages artists have put their own unique stamps on their artwork or issued accompanying certificates to testify to the “realness” of the work. This could be in the form of a simple signature or, in Banksy’s case, written sign-off from the Pest Control Office. Think of an NFT as a digital COA or, arguably, an improvement on the concept since it can’t be reproduced or believably forged.
As with any art, the value of an NFT is in the eyes of the beholder. What’s the point of spending millions to own an original digital asset that’s been effortlessly reproduced a million times? Could one ask the same of the Mona Lisa?
The rise (and fall?) of the NFT
Regardless of your answer to these questions, a community of folks already undeniable place a huge value on NFTs. An April 2021 post on GitHub estimated the value of the “CryptoArt NFT” market to be at least $150 million worldwide.
That’s almost certainly an underestimate, since the most expensive NFT ever sold comes from the art world. It’s a work known as The First 5000 Days by the artist known as Beeple and it’s essentially a $69 million JPEG file.
And NFTs aren’t limited to fine art. The pro sports, music and meme industrial complexes have all entered the business. Even social media posts are being turned into NFTs; the digital certificate for Jack Dorsey’s first-ever Tweet sold for $2.9 million. So, while anyone interested can easily find it online, only a Malaysia-based CEO of a blockchain company can claim “ownership” of the Tweet that started…all this.
Can NFTs hold our attention for long? With absurd amounts of money changing hands over a string of digital characters, a lot of people are already wondering if NFTs are a bubble about to burst. Plenty of pundits were speculating about a bubble in mid to late-April, when sales of NFTs lagged. But as shown by nonfungible.com, a company that tracks the buying and selling of NFTs, they were back to brisk business in early May.
Perhaps NFTs are a bubble positioned to pop. Or maybe their values will vary with the cryptocurrencies in which they are mostly bought and sold. It’s certainly been speculated that they’re driving up the price of Etherium. Regardless, it’s safe to say they’re worth getting to know, because they’ll make headlines for some time to come.
NFT theft and a new brand of cybercrime
Not surprisingly, cybercriminals are already redirecting their efforts to the nascent NFT market. In an extraordinary and revealing Twitter thread, one NFT owner documented the experience of having his tokens stolen from a marketplace for digital art. He’s apparently not alone in this experience.
Even less surprising than the theft are the methods used to do it. It seems phishing for users’ passwords to the sites used to buy and sell NFTs is the main method of compromise. Two-factor authentication for accounts managing NFTs is strongly recommended by marketplaces.
Darkreading.com also notes the importance of closely guarding access keys, which are often the only means of managing an NFT. Once a key is stolen—either by phishing, a keylogger or some other means—there’s very little in terms of a realistic prospect of getting it back.
In terms of valuable digital art, NFT theft amounts to the regrettable loss of investment pieces or perhaps just the “bragging rights” akin to owning an original piece of physical art. But if the role of NFTs as proof of ownership expands into the physical realm, as is already being discussed in the real estate sector, NFT security will become critical. It may even have the power to spawn new industrials and criminal enterprises.
NFTs’ massive price tags and novel technological backing make them attractive target for cybercriminals. If the market for their sale isn’t a bubble, it’s possible that the high-profile art heists of the future may be carried out by hackers rather than the suave con men of Hollywood films, and their tools will be phishing attacks and spyware rather than fancy handheld gadgets.