What are the Risks of buying NFTs?

Non-Fungible Tokens, better known simply as NFTs, have quickly become one of the most popular applications of blockchain technology. Though there are a huge number of potential use-cases the focus has been on the speculative trading of NFTs as collectable art, inspired by eye-watering valuations of early collections. Opportunity is, unfortunately, always accompanied by opportunists, so what are the risks of buying NFTs?

CryptoPunks have become one of the most recognisable examples of the NFT genre. Created by Larva Labs in 2017, they are a collection of 10,000 algorithmically generated 24x24 pixel art images featuring profile pictures of punks, apes, zombies and aliens each with unique characteristics. 

In February 2022, Punk 5822 sold for $23.7million, having been bought in 2017 for just $1,641. The stratospheric increase in the value of early NFTs like Punks has fuelled the rapid growth in speculative trading on marketplaces such as OpenSea where users try to create or buy the next big thing. 

Unfortunately, many people are buying NFTs without doing a full risk assessment of what is involved so they have become one of the most popular targets for cybercrime.

What is an NFT?

An NFT is a digital record, like a receipt, proving ownership of something (either physical or digital) such as a collectable item, like the pixelated drawing on a Punk Alien. 

It is a record of when the item was created - or minted to use NFTs unique terminology - how much was paid for it, including previous sales -  as an NFT can be exchanged/traded on NFT marketplaces - and details of any specific attributes.

At this point you might be thinking - so what? What’s the difference between the Punk Alien and any digital image, such as the one at the top of this article, that can be traced to a server located somewhere on the internet? 

What is different about NFTs is the way they are created, and the qualities this gives them. 

Minting an NFT, means creating a new record on a decentralised blockchain, in the case of Crypto Punks this is Ethereum, but NFTs can be minted on other blockchains. 

One of the fundamental qualities of a decentralised blockchain is that the data they hold is immutable; in other words, it cannot be changed. No one can amend the information associated with an NFT, it is a unique unchangeable record.

In comparison to tokens that are intended to be fungible, and exchangeable for items with identical characteristics, non-fungible tokens are designed so that they cannot simply be duplicated and exchanged for an identical item. NFTs reflect ownership of a unique item, as recorded by a blockchain, for which there isn’t an interchangeable equivalent.

There is an agreed programming standard on Ethereum called ERC-721 - emulated by other blockchains - that sets out the parameters to ensure a record is non-fungible, just as there is a standard for fungible tokens - ERC-20.

It is important to distinguish the record from the image, as an NFT doesn’t necessarily represent the item itself. Images can be stored on a blockchain, but an NFT might simply indicate where the item exists, such as the URL of a piece of digital art, photo or the location of a physical asset. This is the same with analogue receipts or certificates of authenticity that prove ownership and provenance of physical collectables - like an autographed album.

The appeal of NFTs is that they are early examples of a revolutionary new technology that is likely to become hugely significant, while at the same time encapsulating the cultural phenomenon that surrounds that technology in artistic form.

What can you do with an NFT?

Though much of the hype around NFTs has focused on creating art that reflects the ethos of the crypto scene, their applications extend far beyond creating cool profile pictures linked to a blockchain.

Enjoy it as any other form of art - Many NFT owners use them as a display of wealth, flexing on Twitter with an expensive NFT as their profile picture. You can also display NFTs publicly in digital galleries or privately in digital frames and as ambient backgrounds on Smart TVs. 

Trade it - NFTs can be traded on marketplaces just like other collectibles with the aim of making a profit. 

Generative art - Artistic NFTs can incorporate generative elements that either respond to time or inputs like weather or create random visual elements.

Ticketing - Given NFTs are unique by nature they can be used as a form of ticketing for events, lotteries or competitions.

Membership badges - Similar to their use as tickets for an event NFTs are being used to gain membership to clubs and communities unlocking exclusive benefits and perks.

Physical property - NFTs could revolutionise the way in which property ownership is recorded removing the need for trusted central registries and replacing traditional property deeds.

In-game items - NFTs have fuelled a rise in blockchain-based games that enable players to earn the value they create. In-game items and gaming characters can be represented as NFTs making them portable and tradeable outside of the game.

Metaverse property - Just as NFTs are being used to represent the ownership of physical property they also enable the ownership and trading of virtual land within the Metaverse.

Music - Many bands have recognised the opportunity to sell their music as NFTs building fan loyalty by incorporating the additional benefits of ticketing, club membership and exclusive experiences.

New types of business models - NFTs can enable users to unlock forms of value that remain locked in traditional business models. Loyalty points, subscriptions or any form of digital value can be traded rather than remaining locked within permissioned systems.

What are NFT buying risks?

Given that a significant number of people buying NFTs are motivated simply by speculation the biggest risk associated is the potential loss in value. 

Risks from loss in value of NFTs

There can be no better illustration of this risk than the sale of the first tweet by Jack Dorsey bought by Malaysia-based businessman, Sina Estavi, for $2.9million in March 2021.

The tweet, simply saying “Setting up my twittr” was sent in 2006, and sold by Dorsey for charity.

The tweet clearly has cultural significance, but it seems it was massively overvalued by Estavi. When he relisted the NFT for sale just over a year later, the highest bid was $6,200 which represents a decline of 99% in value.

The best way to mitigate the risks of paying over the odds is to understand what gives collectable items, such as NFTs, value. Valuing an NFT isn’t a slide-rule process you need to consider scarcity, provenance, utility and demand. 

Though the blockchain allows you to see the sale history of an NFT, previous purchases aren’t always a reliable guide to demand and should be treated with caution. 

The relative anonymity of the blockchain allows unscrupulous sellers to try and inflate the price of an NFT by effectively buying it from themself. Fake provenance can also include NFTs being transferred to influencers, without them even realising, to increase the perceived value of a collection.

In addition to understanding how value can be manipulated, it is important to understand the mechanics of the NFT buying process as that can present significant risks.

Risks from the process of buying & selling NFTs

If you are going to buy an NFT for the first time you should use a reputable marketplace. Scammers will try and convince you to buy or sell NFTs directly, often through Discord, Telegram, Twitter or messaging directly within blockchain-based applications. 

Scammers will use any tactic to pressure you into buying directly but this is likely to end badly. Though buying from a marketplace is safer you still need to understand the process such as the costs of minting, listing for sale, cancelling listings and buying an NFT. Every action must be confirmed on the blockchain and so has an associated charge which will vary depending on the chain used by the marketplace.

In 2021 OpenSea had to change its policy around listing cancellation. Reluctant to pay the charges for cancelling a listing, users were leaving their NFTs available for purchase at a huge discount to the current price, allowing opportunists to snap up bargains.

It is also important to check on marketplaces that the contract address associated with an NFT has been submitted for public inspection on Etherscan or other blockchain browsers. You should see a green tick next to the contract address.

The fact that a contract has been submitted doesn’t mean its contents can be trusted, but it is a minimum requirement for due diligence when buying an NFT.

NFT Legal Risks

Though the concepts behind the blockchain can be tracked back several decades widespread use of blockchain-based applications has only taken off in the last few years. 

The speed of adoption of new use cases, such as NFTs, has left regulators playing catch-up, exposing buyers to significant hazards, the most significant being plagiarism.

Though a non-fungible token represents an immutable blockchain record of ownership of a digital asset, the blockchain doesn’t prove that whoever generated that NFT had the legal right to do so. 

Many artists and photographers are seeing their work copied and minted as NFTs as scammers attempt to cash-in. Given that this kind of crime simply requires a right-click copy/paste, it is very difficult to police but buyers should make every effort to ensure that the seller owns the copyright to an NFT. 

As the number of blockchains that support NFT standards increases there is also a growing risk that NFTs are being minted across multiple chains. Blockchains exist as isolated domains unable to reference data on other chains, so there is no easy way to ensure that NFTs aren’t being created in multiple places in parallel. 

NFT Security Risks

The biggest security risk from buying NFTs comes from attempts by hackers to access your crypto wallet.

The most common type of wallet for buying NFTs is a non-custodial browser wallet like MetaMask. Non-custodial wallets put you in complete control of your crypto assets - including NFTs - but require you to protect a fail-safe called a recovery Seed. 

Should you lose access to your wallet, the Recovery Seed - in the form of 12-24 unique words -  is the only way to regain access. Think of it as a complex password. Hackers will use a range of techniques to steal it and drain all funds from your wallet, including your NFTs.

Social Engineering

There is no legitimate reason why any service would ever ask you to reveal your Seed but hackers will use complex social engineering techniques to convince inexperienced users to reveal it. 

The most common tactic is listening on Social Media and Discord for users needing help buying, selling or transferring on an NFT marketplace or Metaverse games, then posing as a customer service representative eager to help. They will go to great lengths to appear genuine, even creating fake Discord servers.

Malware

Hackers will use malware to directly infect your wallet or to try and gain access to your devices and search for a digital record of your Seed, which is why you should never store it online. 

Hackers will also try and install malware that tracks keystrokes, hoping you will enter your Seed at some point, or intercept information stored in your clipboard to change the destination of an NFT transfer to their own address.

The amount of money that can be made from NFTs has made them the number one target for hackers and scammers. In April 2022, the Instagram account of the Bored Ape Yacht Club (BAYC) was hacked allowing the scammers to post fake ads about an airdrop in a new metaverse project. 

It encouraged users to click a link which took them to a fake version of the BAYC website and pointed them to a transfer process which then stole NFTs valued at several million dollars. 

These kinds of incidents are becoming more sophisticated with an underground market for stolen credentials which can help hackers directly or indirectly engineer access to marketplace accounts, exchanges or wallets, which includes sim-swapping to circumvent text-based 2FA

Rug Pulls

One of the growing threats to buying NFTs is known as a Rug Pull. This refers to an NFT project that makes every effort to look legit. The art might look professional, there may be a website, social media, customer support and influencers, but all this is engineered to give the impression of an NFT project that is committed to creating value for investors. 

In reality, it is a Rug Pull; a sophisticated scam to lure in buyers and then abandon the project when the time is right, selling all assets and disappearing, leaving buyers holding a worthless jpeg.

NFT security risk management

Given the significant security risks associated with buying NFTs it is essential to take your personal information security seriously and to be constantly vigilant assuming every interaction could pose a risk:

• Never ever share your Seed with anyone
• Don’t store your Seed online
• Automatically update your browser & operating system
• Always enable 2FA for account-based services using an App not text messages
• Use a unique email address just for crypto activities and nothing else
• Use strong passwords that are unique to each site
• Frequently review/revoke contract permissions in MetaMask
• Consider using a backup mobile just for crypto activity
• Don’t identify yourself as an NFT owner on social media
• Use a good anti-virus software; run regular scans & constantly update the virus library
• Bookmark the official websites on services you regularly use

.

Pros and Cons of Buying NFTs

Though the risks above might have out the fear of God into you it is worth balancing out the pros and cons of buying NFTs before deciding whether it is something you want to pursue.

Pros

• The application of NFTs is expanding across different industries and use cases so understanding how they work is a valuable skill; play-to-earn, move-to-earn, the Metaverse, the opportunities are endless.

• The number of people who own NFTs is still tiny so you are still early. With the right amount of research on Twitter and Discord it is possible to invest in NFTs with significant upside, but be realistic with your expectations.

• Owning NFTs can bring you joy and opens up access to thriving communities of like-minded individuals that can expand your horizons.

• There are an increasing number of DEFI services that allow you to unlock the value of NFTs without selling them, by using them as collateral (based on Floor Price) for loans. 

Cons

• The NFT scene is like the Wild West with far more bandits than sheriffs. If you aren’t prepared to apply effective security practices you should expect the worst.

• The huge increase in value of a small number of NFT collections has sparked an avalanche of NFT spam and cooling in the overall market that could see the majority of NFT investors losing money.

• Most NFTs have no more utility than a free jpeg so you might be left wondering what you paid €1,000 for.

• Making money from trading NFTs is no different to any other form of investment with access to information key. Those that know don’t tell, and those that tell don’t know. 

Having read through the dangers associated with buying NFTs you may feel that they are simply not worth the risk. The reality is that the risks associated with NFTs are the same for crypto in general. The most effective way to mitigate the risks of buying NFTs is through education. 

Educate yourself about crypto custody and information security best practices. Understand what an NFT is and what might give it value, rather than being swept up in FOMO. 

NFTs are an exciting new application of blockchain technology, not a get-rich-quick-scheme. Think about NFTs in terms of the utility they might provide or the simple enjoyment of owning a cool piece of art, rather than how you might flip them for a fast profit.