NFTs & Cybersecurity: Just How Safe Are They?

NFTs & Cybersecurity 

With NFTs continuing to make headlines as the latest cryptocurrency trend, their vulnerabilities in cyberspace are also making news. Below we explore these NFTs cybersecurity concerns.

What is an NFT?

NFTs, or non-fungible tokens, are unique digital assets, including jpegs and video clips, that are represented by code recorded on the blockchain, a database and banking center for cryptocurrency. Each NFT can be bought and sold, just like a physical asset, but the blockchain allows for ownership and validity to be tracked.

A .gif of Nyan Cat sold for $600,000 as an NFT. Unlike Bitcoin or Ethereum, cryptocurrencies that can be used to buy NFTs, NFTs are not interchangeable, or “fungible.” This means that even though they are worth money, they are not considered money. You can’t go to a store and buy a shirt with a shirt, right? But you could sell that shirt elsewhere because it has monetary value. That’s essentially what NFTs are.

Do you truly own an NFT?

When you buy an NFT from one of the many NFT marketplaces out there, you’re paying for a token that represents a unique item. In other words, you’re paying for an extremely small digital record (likely only a few bytes in size, which often contains a URL or a serial number) that’s sent to your address on the blockchain. That’s it.

Having ownership of this token means you can prove that you own a specific item and that the item you own is authentic—kind of like a certificate of authenticity. If you own that NFT, nobody else can own it, unless you sell (or give) it to them. Owning an NFT is analogous to having possession of the deeds to a house. The deeds are a record of ownership, not the house itself. Similarly, an NFT is a record of ownership or authenticity of an asset, not the asset itself.

Inherently, NFTs are nothing more than this. When you buy, you have the token or NFT, you are able to display the token and show you own the token, but you don’t actually own the copyright. Whereas if you buy a physical painting, you have just bought the painting and not the copyright to that picture. The NFT, whatever that may be, is not yours to own the copyright or make copyright decisions on.

Some investors believe that NFTs will be like collecting fine art. NFTs have made the news in recent months because of the high dollar price tags being purchased for something that has no tangible value. One example of this is the JPEG that sold for $69 million. The file made by Mike Winkelman, aka “Beeple”, sold a JPG file titled Everydays – The First 5000 Days. The JPG is a collage of every image that the artist has posted online since 2007.

Although their popularity has increased in recent months, NFTs are nothing new. According to Podnar, colored coins (a small denomination of a Bitcoin) which came out in 2012, were the very first NFTs.  In 2017, when the value of cryptocurrencies like Bitcoin and Ethereum first began to climb, there was a speculative craze for Dapper Labs’ CryptoKitties, blockchain-certified images of cats, the rarest of which sold for more than $100,000.

NFTs Cybersecurity Concerns

With all the attention currently on non-fungible tokens (NFTs), there may be a new, darker side emerging – the auctioning of cybersecurity exploits.

According to the online art community, Hypoallergenic, One man had his Nifty Gateway account compromised and his entire NFT collection cleared out in a matter of minutes. The hacker transferred his NFTs to another account and used his credit card on file to purchase more than $10,000 worth of Nifty’s daily “drop,” which they also transferred; then, they sold the stolen NFTs via the messaging app Discord.” This large investment was stolen out of Miraflor’s account without his or Nifty Gateway’s knowledge.

Hypoallergenic states that the fraudulent charges to his credit card company were able to get his money back. According to Nifty Gateway policy, any purchase made using their credit card is able to be refunded. Many other platforms like Foundation, super rare, and MakersPlace require the use of cryptocurrency according to Hypoallergenic. But when he reached out to Nifty’s support team regarding the stolen NFTs, he was told they could not transfer the digital tokens back to him. Transactions cannot be reversed on the blockchain, and per Nifty’s Terms of Service, Miraflor’s NFTs now legally belong to the users who purchased them fair and square — even if they were bought from a hacker.

Making a large investment is risky enough without the added risk of having it stolen from you. Keeping your devices up-to-date, being cautious of malware, staying on guard from phishing are just a few things you can do to help mitigate your risk of being hacked.

Want to learn more about how to protect yourself from malicious actors? Visit us at