Security Challenges With NFTs
A NFT or non fungible token is the representation of an asset in a smart contract. There are two immediate security challenges with NFTs that you should be aware of.
You need an application or service called a wallet in order to prove that your own this digital token.
This program helps you interact with the blockchain. It helps you provide which assets you own, conduct transactions, and more.
Remember, the wallet doesn’t store the actual NFT, that’s on the blockchain. It does store the bits required to prove that you own the NFT though.
That makes it a security risk.
If you lose access to your wallet. You could lose all of your digital assets with no way of getting them back. That’s the downside of decentralization.
This means you need to protect your wallet diligently and any system that can access it.
As a digital object, the NFT is really a collection of metadata about an asset.
It contains an “image” field that points to the asset itself. This presents a number of challenges.
As written, the standard doesn’t present any method of validating what’s at the URI. Just the ability to add a name and description.
Who own’s that domain? Who’s running that server?
How do you know it will be up and running in a week? In a month? How about a year or two down the line?
Because the NFT is on the blockchain, there’s no method of updating it. That lack of surety around the URI is a security challenge.
The Way Forward
As part of a smart contract, NFTs have some flexibility. Their current form is a very basic implementation.
Over time, expect improvements to the format that will help address these concerns. We’re seeing the start of that work within smart contracts today.
But until it matures, make sure you understand where that asset actually lives and do you best to lock down your crypto wallet.