Non-Fungible Token (NFT) Explained: A Security Perspective

Apr 16, 2024
5 min
Educational, Educational

Lately, NFTs have become a popular topic of discussion in circles both inside and outside the crypto world. You may have come across many stories in the news discussing the selling and buying of these digital assets for millions of dollars- including seemingly outrageous items such as the internet meme Nyan Cat, Dragon the CryptoKitty, and the first ever tweet on Twitter.

The peculiarity of these bids brings forward several questions about these digital assets. Is there a reason why people are willing to spend thousands of dollars worth of funds for them? What is the technology behind NFTs that ensures their originality? And most importantly, what security risks should I be aware of before I set out to purchase one?

Understanding the answers to these common questions is becoming more and more essential as NFTs continue to be a valuable part of the spaces we operate in. Let us try to increase our knowledge about NFTs by starting with the basics.

Breaking Down the Technology Behind NFTs

NFT stands for Non-Fungible Token. This means that unlike physical money or even cryptocurrency, an NFT is one of a kind and can never be replaced or interchanged with another token. 

You can mint an NFT by utilizing the ERC-721 standard. We can understand this as the minimum interface a smart contract must implement to allow management, ownership, and trading of unique tokens. When someone creates or mints an NFT, they execute code stored in smart contracts that conform to this standard while also outlining ownership assignment and the transferability of the NFT when created.

After creating the NFT, the system confirms it as an asset on the Ethereum blockchain and updates the owner’s account balance accordingly. It verifies the ownership of the NFT, enabling it to be traded. The system adds the transactions outlining this to a block, which everyone in the Ethereum network must confirm before adding to the blockchain. Once confirmed, two results become clear and unchangeable: first, your NFT exists, and second, it belongs only to you.

After an NFT has been minted, it can be traded with any other asset on the blockchain. Marketplaces like OpenSea facilitate these trades. You can own an NFT by buying it through a transaction made on the Ethereum blockchain. Here, you pay a certain amount of ETH or WETH in return for a digital certificate stating that you are the owner of this particular NFT.  Later on, you can sell this NFT to someone else for a different price in the same way, though there can only be one owner of an NFT at a time.

Another important aspect to understand is metadata. Every NFT has a unique identification code as well as some information about the NFT that makes up its metadata. 

Metadata can be on-chain or off-chain.

On-chain metadata

It refers to metadata represented within the smart contract on the Ethereum blockchain. This representation is preferred when the owner of the NFT wants its metadata to remain permanently, regardless of the platform’s availability used to create it. On-chain metadata is also used when on-chain logic needs access to the metadata to make modifications.

Off-chain metadata

It as the term suggests, refers to metadata not stored on the blockchain and is instead represented on an external platform. This is usually done when the metadata contains large files such as images or videos which are too large to be stored on the Ethereum blockchain. In this case, centralized servers or a peer-to-peer file storage system called IPFS (Interplanetary File Storage System) is used.

Why Are NFTs So Valuable?

When a user pays thousands or millions of dollars worth of funds in exchange for a digital asset that seems more or less trivial, the reaction to his purchase is usually confusion. Why pay so much money for something that can easily be viewed, copied, or even downloaded with the click of a button?

The value of NFTs lies in the concept of ownership. Every time an NFT is “bought” or traded for some amount of ETH, the details of that transaction are maintained in a ledger on the Ethereum blockchain. This information, like everything else on the blockchain, is public to all users. It is also immutable, meaning that it can never be altered. Buyers of an NFT gain not just the token itself, but also a clear, unchangeable statement that they are in fact the owners of this NFT. In reality, this is what they are paying for.

Another reason why people may be drawn to buy an NFT is the possibility of earning more by trading it at a later date. Some NFTs have emotional sentiments attached to them, such as NFTs depicting video highlights in NBA history sold on the NBA Top Shot marketplace. In this scenario, you can buy an NFT as an investment, later selling it at a higher price to a die-hard fan of the sport or specific player.

Security Risks Involved

Recently, the discussion on NFTs in media has been largely focused on the astronomical prices they are selling for as users attempt to understand their origin and value. Surprisingly, there is little discourse on the possible security risks that a buyer of these tokens should be aware of before setting out to purchase one.


The most common security risk associated with NFTs is the possibility of theft. If the account of an NFT owner becomes compromised in some way, the attacker could easily sell the NFT they own to themselves on a separate address. The original owner would have no way of gaining back their asset or even proving that their asset had been stolen.

Vulnerability of Linked NFT Assets

As discussed previously, the storage limitations of the Ethereum blockchain make it so that some owners, particularly those possessing digital art as NFTs do not store their art on the blockchain itself. Instead, they store a link to the asset stored on an external platform.  This is a common workaround to this problem, though it is also one of the most risky. If for any reason that platform were to collapse or be compromised, the owner of that NFT would essentially lose their entire asset.

Auctioning of Cybersecurity Exploits

We have seen NFTs for just about everything, including digital art, internet memes, and even real estate. Another clever use of an NFT is creating a token with code that points to a vulnerability of some platform that has yet to be attacked or resolved, known as a zero-day exploit. The seller of this NFT is able to make money by selling it to either a potential hacker or someone racing to resolve the issue- whoever pays more.

The Bottom Line

The recent influx of people investing enormous amounts of money into NFTs has made everyone curious about what exactly these assets are as well as the value they contain. There also continues to be extensive debate surrounding this concept, with many skeptics claiming that NFTs were a bubble that would pop sooner or later. Regardless of how lucrative they are, however, it is true that NFTs do possess some security risks worth mentioning. Although not extremely dangerous, it should still be noted that understanding these risks is imperative for all traders intending to step into the NFT marketplace.


Read More:

How Can A VPN Protect You From Spying?

A Security Framework For Blockchain Applications

Web 2.0 Security Vs Web 3.0 Security: An Innovative Adaptation?

related reports