NFT security at risk as one-third use centralized storage


A new study highlights the weakness of commercial platforms in securing the blockchain.

NFTs are one of the main use cases for blockchain technologies and have been seen as tangible examples of how the tech can be widely used in the future. Collectors of NFTs praise the ease with which they can be bought, sold, and exchanged and the way in which their owners can be kept anonymous, should they choose.

Yet, according to a recent study, not all is as it seems. The supposed anonymity of NFT collectors can quickly be betrayed by the platforms used to buy and sell them. An analysis of the top-selling NFTs available on OpenSea suggests that nearly one in three had their metadata hosted on centralized platforms like Amazon Web Services (AWS) or Google Cloud.

ADVERTISEMENT

Those centralized storage platforms could pose dangers for the holders of the NFTs because of the risks of data breaches and censorship, as well as the willingness of those platforms to accede to government and law enforcement requests to hand over data. As we’ve seen recently with the controversy around the arrest of Telegram founder Pavel Durov, private platforms that are controlled by individuals or companies can quickly and easily become targets for law enforcement, who can compel the release of data under pain of arrest.

Ernestas Naprys Konstancija Gasaityte profile Paulius Grinkevicius Paulina Okunyte
Don’t miss our latest stories on Google News

Following good practices

While one in three NFTs stores metadata on potentially insecure platforms, others follow best practices. A further 38% of those surveyed by the researchers had their metadata stored on the InterPlanetary File System (IPFS), a decentralized storage solution.

Around a quarter of NFTs analyzed had their metadata fully stored on-chain, which is the most secure method of all. On-chain storage is so secure because all metadata is immutably and permanently linked to the blockchain, where it can’t be altered. However, it comes with its own issues. The cost and scalability of doing so are often challenging.

But the reality is that despite the promise of NFTs as being a decentralized technology, many of its most hardened adherents seem to prioritize convenience over security, choosing to use centralized platforms for some of the infrastructure needed.

Why metadata matters

Metadata is a vital part of any NFT ownership because it’s the information that tells the world you are the owner of the items you claim to possess. Without it, NFTs – which have seen yo-yo-ing value over the last few years in line with the broader crypto market – are effectively worthless.

ADVERTISEMENT

But handling and storing that metadata is a burden that some NFT owners seem not to want to have – at least if they’re trying to do it in the most secure, decentralized manner. The rise of centralized platforms in helping store that metadata may be an indication of how NFT adoption is becoming increasingly mainstream, and those with less tech-savvy are starting to use it. Around 4% of Americans are estimated to own an NFT, according to a recent study.

But as a broader range of individuals, who have less tech know-how, start to own NFTs, the wider market has to make difficult decisions about its responsibilities to them and ensure their metadata is safely and immutably stored rather than being reliant on public systems owned by private corporations.

The researchers suggest that there should be the development of a new, easy-to-use storage architecture that incorporates digital signatures to verify ownership, ensuring that only verified owners can access or modify associated metadata.

“By doing so, the NFT ecosystem can preserve the integrity of these digital assets, thereby safeguarding their value and trustworthiness in the marketplace,” the authors argue.