A cryptocurrency entrepreneur recently paid $69.3 million for Beeple’s Everydays: The First 5,000 Days at a Christie’s auction. That record-breaking price purchased a work of art that can be seen only on a computer and the image of which, in large part, is available for use and enjoyment by anyone with an internet connection because the work is a non-fungible token, or NFT. NFTs have quickly caught the attention of the art world and beyond, touching the mainstream with the NBA Top Shot craze and its $250 million plus marketplace for visual highlights of NBA games. The company behind NBA Top Shot, Dapper Labs, recently raised $250 million at a $2 billion valuation. And the larger market for NFTs has grown from $42 million in 2017 to $338 million by the end of 2020. But for intangible assets whose value is largely driven by the creation of an original work only in cyberspace, owners and investors need to think carefully about what they own and how to protect their digital acquisitions.
NFTs are pieces of fine art, GIFs, songs, images, videos, or other digital media that are made into a unique digital token—or “minted”—and verified through a blockchain as the original work of art. A blockchain is a method of digital bookkeeping that “chains” transaction records so that each entry in the digital “ledger” is linked to each entry that came before it. These linkages are achieved using cryptography. In this way, blockchains create an immutable history of all transactions in which any changes to prior records—authorized or not—will become immediately obvious to anyone looking at the ledger. The entire blockchain is distributed to all users, and any modifications must be agreed to by a majority of the network. So each NFT is backed by a public ledger that provides transparency into both title and ownership for each sale and purchase.
For example, NBA Top Shot “mints” certain NBA game highlights into tokens that can be obtained through the purchase of a “pack” containing random tokens, or on Top Shot’s marketplace, where users can buy, sell, and trade their tokens, just like physical trading cards. Similarly, Beeple’s collaged JPG file was “minted” in February as a collection of prior works of the artist. Each encrypted token functions as a certificate of authenticity attaching value to the artwork by making it unique. Anyone can view that token’s history, such as how many times it has been sold, for how much, and by which users.
What an NFT generally does not come with is a physical copy of the work itself (much less any intellectual property rights). The value proposition in NFTs, from fine art to digital trading cards, lies in the ownership interest associated with the minted token itself—the “original” work. Just like physical artwork, owning an NFT demands a higher value than owning a copy the same work, such as publicly available images found on the internet. And with NFTs, there is the added value of the blockchain as a species of provenance that is both self-generating and hard-to-fake.
While NFTs bring a new degree of transparency to the provenance and title chain, it also brings a new set of questions about the essence of the work: what are you actually purchasing when buying an NFT? If the NFT holder reproduces the image in a physical medium, will the physical copy undermine the value of the NFT or yield value on its own? How do you access the digital artwork and how will it be maintained? And critically, as cyberattacks become increasingly prevalent, how can access to the work be appropriately restricted or secured?
Many hear blockchain and think “unhackable” and “secure,” and there is some truth to that sentiment. Blockchains, if executed properly, can provide a very high level of reliability and security because any changes made to the ledger, including changes in prices paid for an NFT or royalties owed, are sent to all users and require substantial computing power, as well as network consensus to change. But the tokens themselves—the “originals”—typically are not maintained on the actual blockchain. Rather, most NFTs exist in the owner’s “digital wallet” on a separate platform. NFT owners need to investigate how secure these platforms are and their history with data security, not to mention compliance with anti-money laundering laws and regulations. Is the entity behind the platform adhering to basic KYC and cyber security practices? Are they backing up their platform in the event it needs to be restored? Conversely, the seller of the NFT may place the responsibility for maintaining the data behind the NFT (think the NBA Top Shot highlight) on the purchaser, in which case that buyer may need to carefully consider the associated risks and costs associated with maintaining the asset itself.
Lapses in basic cyber security practices could have enormous effects on an NFT’s value. Bitcoin Core, a popular bitcoin wallet software, recently identified a bug that could have allowed a hacker to mint unlimited new bitcoins. The bug was patched prior to exploitation, but this type of issue could render NFTs nearly worthless or, at the very least, open the door to disputes over ownership, provenance, and authenticity. Regardless of the legitimacy of such claims, their costs can be substantial for anyone defending ownership, and if an NFT is unscrupulously duplicated, the battle lines will be drawn for costly resolution or litigation. To be sure, NFTs’ cryptographic backbone may shape these disputes in favor of a rightful owner, but old fashioned forgeries such as the Knoedler Gallery scandal—where outright forgeries were sold as authentic works of art for years—may serve as a cautionary tale for how unchecked fraud can create a thicket of disputes and questions for years to come. The Bitcoin Core bug suggests the same sort of fraud could be replicated with NFTs (and potentially unchecked for significant periods of time), making proper cyber hygiene a critical requirement for maintaining the value of digital collectibles.
There is also the threat of outright theft, a risk that was recently realized on an NFT platform called Nifty Gateway. Using compromised passwords of unwitting Nifty Gateway users, hackers were able to transfer NFTs out of the users’ accounts. No matter how secure blockchain and the platforms hosting your NFTs are, there is always the human factor. Phishing scams and other cyber schemes by criminals are pervasive across industries, and the art world is no exception. Cyber risk management is critical: in a case of theft, the benefit of a decentralized, immutable ledger is quickly turned on its head to become a major obstacle to recovering stolen NFTs. And the anonymity associated with blockchain will only exacerbate the problem. This is especially true where an artist’s physical works are tokenized without permission or remuneration, and peddled to the highest bidder.
NFTs are a new and exciting ownership medium for digital artwork, and even the basics of cyber hygiene will be valuable tools for NFT owners—individuals and business alike—in preserving their value. These steps can include education regarding potential threats, such as phishing attacks, requiring multi-factor authentication prior to users accessing their NFTs, and implementing cybersecurity procedures that include routine checks to identify and patch any bugs present on the platform. Mitigating cyber risks will become increasingly critical for buyers and sellers of NFTs as their value continues to be driven by the exclusivity of ownership and certainty of title they purport to offer.