Research Summary - Understanding Security Issues in the NFT Ecosystem

@Idara_Effiong I think this is a good overview of the benefits of cold storage, but do you think you could elaborate on it a little more? In particular, does cold storage address the 13 issues that the studied identified?


Despite the fact that NFTs are becoming more and more popular, it’s critical to comprehend their security concerns in light of recent hacking instances. It’s very necessary to Learn more about the specific difficulties, dangers, and security issues that NFTs are now facing. These security issues can be grouped under the following headings:

Issues with Asset Ownership:

The development of NFTs opened up fresh opportunities for changing established asset ownership precedents. However, one of the most significant NFT flaws calls into question the fundamental idea of actual ownership in NFTs. The storage capacity issue was the main difficulty at the time NFTs were being developed. Images could not be stored on the blockchain as a result.

Instead, the blockchain would keep a record of the image’s identification, which may be either the image’s hash or its web URL. If you wanted to see the NFT on a different platform, you would have to utilize the identification. Therefore, a person buying an NFT wouldn’t be buying the actual image. Instead, they are paying for the identification, which directs them to a URM online. Additionally, the identification can point to the Interplanetary File System (IPFS).

It’s crucial to keep in mind that the organization from which you purchased the NFT would be managing the IPFS node while thinking about IPFS. So, in situations when the platform minting the NFTs goes out of business, you can plainly see one of the major NFT weaknesses. You would lose access to the NFT in such circumstances, or the NFT may lose value.

MarketPlace Security Threats:

Despite having a blockchain-based foundation, NFTs rely on centralized systems to enable user interaction with digital assets. For purchasing and selling NFTs, you may discover a variety of centralized platforms like Nifty Gateway and OpenSea. However, these centralized systems give rise to one of the most serious security issues and NFT vulnerabilities.

The private keys connected to all of the assets on centralized platforms like Nifty Gateway and Open Sea are kept. As a result, any platform compromise would inevitably result in the loss of NFTs. An illustration of how attackers were able to take advantage of this weakness is the March attack on Nifty Gateway. Despite being able to collect the victims’ money, they were unable to do so with the NFTs, creating a significant danger. In the other side, there is a case to be made for strict security controls on NFT exchanges. Strong security measures used by the market may not be sufficient to overcome NFT security concerns when using centralized markets, nevertheless. Many more security holes in NFT markets may have been revealed by platform users. Users may lose their precious NFTs for a variety of reasons, including using weak passwords or not using two-factor authentication.

Smart Contracts risks:

The most essential component of NFT architecture which are smart contracts, are also the main source of security vulnerabilities with NFTs. In fact, two important aspects of the current NFT industry are the hazards associated with smart contracts and the worries about NFT maintenance.

The impact of the risks associated with smart contracts on NFT security is demonstrated by one of the recent incidents involving an attack on the well-known DeFi protocol, Poly Network. Due to weaknesses in smart contract security, hackers were only able to steal close to $600 million during the attack. It’s interesting to note that Poly Network is not the only example demonstrating NFT weaknesses and security issues.

Internet safety and identity theft

The potential for identity fraud and cyber security problems are the next serious entry among NFT security concerns. Cryptocurrency frauds are among the main cyber security vulnerabilities with NFTs that have been seen. An instance of such a danger may be seen in a high-volume email scam.

The overwhelming number of emails that users are receiving about shady behavior in their Crypto accounts appear to be coming from Crypto company. Users are instructed to open an email attachment that contains a request for their password for login and account verification. Such frauds may result in the credentials of a user on an NFT platform being compromised. Such NFT flaws might be used by malicious parties to install malware like remote access Trojans on a user’s computer.

In conclusion,

It be seen clearly that NFTs represent a wise growth in the field of digital assets. They bring the practical aspects of blockchain technology combined with the advantages of uniqueness and improved control over digital assets. However, the security issues and NFT vulnerabilities that are frequently found might seriously hinder their implementation.

Contrarily, it is wholly irrational to discredit NFTs just because of their weaknesses and security flaws. I believe that we all should really seek for solutions that can provide us a clearer understanding of NFT smart contract vulnerabilities. We may also rely on tools to notify us of any suspicious activity in our accounts or on NFT markets. We need to truly Learn more about NFTs to better understand their weaknesses.


Hi @LTTOguns , thank you for this beautiful research summary, in this paper, I will comment on vulnerabilities and security issues associated with NFT and its solution. Firstly, there are many NFT vulnerabilities and security concerns that might miss your attention amidst all the noise around NFTs. My view here is help you discover some of the prominent vulnerabilities and security risks associated with NFTs and solution.

So by a way of introduction, NFTs is an acronym for Non-Fungible Tokens, which refer to a group of unique assets in the domain of crypto. It is an ownership record, stored on a blockchain (such as the Ethereum blockchain). While digital items, such as pictures and videos, are the most common assets traded as NFTs, the sale of physical assets, e.g., postal stamps.

They are different from tokens with “fungibility” or the tokens which are equal in value. The popularity of NFTs has skyrocketed in recent times with their unique traits for associating value to any physical or digital asset. You can think of NFTs as tokens representing physical or digital assets on a blockchain network.

There are Several NFT marketplaces (NFTMs), which are OpenSea, Rarible, and Axie, emerged in recent years to facilitate buying and selling NFTs

From this paper, it is clear that NFT security concerns are inevitable aspects, just like anything that involves technology, humans, and money. So, let me quickly look at the dark side of NFTs for identifying the pitfalls in the emerging technological intervention.

NFT Vulnerability and Security Concerns


This is one of the big issues with NFTs, as nothing prevents an impostor from “tokenizing” and selling someone else’s art, while the creator remains oblivious of the fraud. With the current state of affairs, the onus of verifying the token is on the buyer. Unfortunately, this is not always easy.

Identity fraud

Cases of artists having their work sold by others as an NFT without permission have significantly risen. Many scam artists have set up unauthorized customer support channels and social media accounts that pretend to be the real NFT exchange artists and sell fake NFTS with their names. They also end up stealing customer information and compromising their accounts.

Commercial center & Security Dangers

NFTs depend on blockchain innovation, they rely upon centralized platforms, which assist individuals with associating with advanced resources. One of the formidable NFT vulnerabilities and security concerns emerges due to these centralized platforms. I think solid safety efforts by the commercial center probably won’t be sufficient for addressing NFT security issues in using centralized marketplaces. Platform users might be responsible for exposing many other vulnerabilities in security of NFT marketplaces. Feeble passwords or the absence of two-factor verification can be a portion of the purposes behind which clients can lose their important NFTs.

Asset Ownership Difficulties

The emergence of NFTs opened up new possibilities for changing traditional asset ownership norms. However, one of the most serious NFT flaws calls into question, is the concept of actual ownership in NFTs. The most pressing issue at the time of NFT development was the lack of storage capacity. As a result, storing photos in the blockchain was impossible. On the contrary, the image’s identification would be stored in the blockchain, which may be the picture’s hash or its web URL

Smart Contract Dangers

Smart contracts are the most fundamental aspect in the design of NFTs and are the reason for prominent NFT security issues. As a matter of fact, smart contract risks and the concerns of NFT maintenance are notable factors you can identify in the existing NFT market.

One of the recent incidents involving an attack on a renowned DeFi protocol, Poly Network, shows the effect of smart contracts risks on NFT security


  • Identity Verification: Art in the physical world has been used in money laundering schemes. NFTs might make this process easier, as trades are executed by anonymous users, and there are no physical artworks to be transported. Identity verification is the first step to deter such criminals. So there is the need of identity verification.
  • The need to use a unique password for your account: To create a unique and strong password, use special characters, upper case, lower cases, and combination digits. In NFT or any website, do not use two or more similar passwords in which most of their characters are the same.
  • Avoid cold emails and downloading files from strangers: It is best not to interact with email or QR codes sent by a stranger since they are known to contain harmful malware or viruses. It may lead to a stranger stealing your password or mirroring your screen and later compromising your account by stealing your NFT or identity.
  • Smart contracts transparency: many enterprises use smart contracts in their daily operations because they prefer smart contracts which enforce and build trust in blockchain technology. It is required that before deploying the project, assess the code and analyze and detect any flaws or threats. Taking help from a smart contract audit company ensures that your smart contracts are secure and bug-free.
  • Prevention is always better than cure.


It is unreasonable to dismiss NFTs only due to their security concerns and vulnerabilities. As a matter of fact, we should look for solutions that can help obtain a better impression of NFT smart contract vulnerabilities. Furthermore, one can also depend on tools for alerts about any suspicious activities on NFT marketplaces. Despite the threats, people have created NFTS across the world. Many industries and even artists are hopping into the business to gain from this booming market. The NFT space is fast-changing. With over $4.8 billion sold on OpenSea, the NFT market will boom and grow to greater heights. The future of NFT is full of possibilities, and the market will grow exponentially.


Summary writer @tolulope made a research summary on the topic “understanding the issues in NFT ecosystem”.

the post explains:

  • Security in the NFT marketplaces and the broader NFT ecosystem through a comparative, in-depth analysis of top NFT marketplaces.
  • also examines thirteen critical security, privacy, and usability issues that * were discovered, These issues include counterfeiting, lack of seller/buyer verification, and a lack of transparency among many others.
    Top discussion .
  • username @rlombreglia commended the author’s work but had a few questions in mind, he asked; “security issues involving privacy, usability, and security are prevalent across the NFT ecosystem and yet we also learn that the top three NFT had a trading volume of over USD 10B in September 2021 alone. How do you account for the willingness of investors to accept insecure systems and fraudulent behavior? Is it simply greed and FOMO ratcheted up by NFT marketing, or are there other issues in the ecosystem itself? Do we need governmental regulation and oversight to prevent people from literally being robbed by high-tech charlatans?

check these tags to find similar summaries:DeFi, security and NFT


@Paul, In response to your questions, a cold wallet is used offline for storing bitcoins or other cryptocurrencies. With a “cold wallet,” also originally known as “cold storage,” the digital wallet is stored on a platform not connected to the internet, thereby protecting the wallet from unauthorized access, cyber hacks, and other vulnerabilities that a system connected to the internet is susceptible to. Here is an [article] (Cold Storage: What It Is, How It Works, Theft Protection) from Jake Frankwnfield which I think will give more insight into Cold Storage.

I think the best way to store NFTs offline is by purchasing a cold storage hardware wallet and transferring the digital assets there. By remaining offline, the wallet will keep away hackers and keyloggers who can’t do much to gain access. Cold wallets are the most secure of all wallets. They are similar to a USB drive or a hard drive. Just consider a home or a bank safe where you would keep your valuables. Technically speaking, when you keep you private keys in a hardware wallet not connected to the Internet, it is called a cold wallet.

That said, when you make a transaction from your cold wallet, although it is connected to the Internet, the signing of transactions is done in your device. This signature then allows you to assign ownership to the recipient of a crypto transaction. Essentially, you can store your private key in a regular USB, but a dedicated hardware wallet is more secure and durable.

You can use multiple hardware wallets to spread your private keys. This will ensure that even if your main hardware wallet gets lost, you still have a backup. The last resort is the recovery phase, it’s a string of 12-24 words. It is your private key in mnemonic form.

Says Vikram Subburaj, CEO, Giottus Crypto Platform: “Cold wallets are definitely secure, because they are not connected to the Internet, i.e., their keys are not exposed to virus or malware attack.Also, every hardware wallet comes with an ID and password for added security, thereby addressing some if not all the 13 issues that the study identified. I hope this suffices.


This summary is really insightful

Taking your digital assets offline can mitigate the risks that come with putting your crypto on an exchange.

Moreover, I think the only downside of cold storage is that your assets are less liquid and harder to trade quickly since you have to go through various protective steps to access your funds.

1 Like

You’re spot on @Raphking. I’m glad you found my comment insightful.

Yes, As with everything, cold storage comes with its own distinctive set of advantages and disadvantages. A [publication] ( from CNBC confirms your assertion that the downside of cold storage is that your assets are less liquid and harder to trade quickly since you have to go through various protective steps to access your funds. But if you juxtapose the pros and cons of cold storage as it relates to the identified 13 issues as security, privacy, and usability concerns in the NFTMs, then you’d see that the advantages outweigh the disadvantages hence my comment to store your NFT is in a cold-storage hardware wallet like Ledger providing a layer of security against the evolving threats emerging from being connected to the Internet.


@LTTOguns Thank you very much for this fantastic summary.

Legitimacy is one of the big issues with NFTs, as nothing prevents an impostor from “tokenizing” and selling someone else’s art, while the creator remains oblivious of the fraud. With the current state of affairs, the onus of verifying the token is on the buyer.
this is not always easy.