Can the Weaknesses of NFT Technology Be Fixed?

A certain degree of magical thinking surrounds the non-fungible token, or NFT. The community involved in the NFT-buying frenzy of early 2021 believed that the blockchain technology used to make NFTs instilled them with infallible benefits. NFTs were supposed to be a tamper-proof ledger that authenticated and defined original digital works, which could offer artists royalties as the work was traded in perpetuity. But now it’s clear that the technology used in this $2.4 billion industry is poorly constructed and can’t deliver on its promises.​

One of the main issues with the technology behind NFTs is the way that the digital artwork is stored. A typical NFT is split into two separate entities, the smart contract or ERC-721 standard, which is stored on-chain, and the digital artwork. Storing files on-chain is prohibitively expensive due to their size, so the smart contract merely references the artwork with a URL that points to it.​

“[An NFT is] like a glorified receipt,” Kelani Nichole told ARTnews in a phone call. In 2013, Nichole founded Transfer Gallery, which specializes in computer-based artworks. After years of working with digital mediums, she’s shocked that a standard like ERC-721, which is still in its infancy, has enjoyed such massive participation so quickly. Using URLs as a primary mode of accessing the artwork is incredibly risky. ​

“The [NFT marketplaces] become the point of dependency. So were they ever to go away, were their servers to go down, were their IPFS nodes to go under, the content that you paid lots of money for would no longer be accessible.” The InterPlanetary Filing System (IPFS) mentioned by Nichole is a common safeguard. The distributed server hosts each URL on other computers connected to the network, so if the issuing domain goes down the file can still be retrieved from other nodes. But many factors can lead to broken URLs even if this preventative measure is employed.​

In fact, URLs stored on and off IPFS were breaking with such frequency that the platform checkmynft.com was invented. On checkmynft users can plug in the relevant NFT contract address and token ID to check the status of the URL. In March, checkmynft found that works by Grimes, DeadMau5 and Steve Aoki weren’t loading even though they were stored using IPFS. The files were eventually made accessible after buyers and the artists noted the absence.​

The problem could stem from the lack of value that NFT marketplaces put on the files themselves. Ryoma Ito, cofounder of MakersPlace—the platform that minted Beeple’s NFT Everydays: The First 5,000 Days (2021), which sold for $69 million at Christie’s—told ARTnews that the file isn’t really what constitutes the value of the NFT: “In many cases you could probably just find these files anywhere across the Internet anyways.” Yet the selling point of the NFT is that it can make a digital artwork valuable by defining a specific file as the original. Asked if collectors should take any precautions to protect expensive digital assets, Ito said it depended on whether the issuing platforms use IPFS. If not, the owner should upload the file on IPFS. Especially “paranoid” users could save the image to Google Drive or DropBox, Ito suggested.​

Nithin Palavalli, CEO and founder of the blockchain service and security company RubiX, disagrees. In a phone interview, he said current storage options are not sufficient. Palavalli and his team invented a new kind of consensus mechanism—the model through which transactions are verified on the blockchain—that allows users to store large amounts of data on-chain. Though on-chain storage can’t guarantee permanent accessibility (what can?), it is considerably more secure than a platform or IPFS storing URLs. An asset stored on-chain is much better protected from hacking, Palavalli claimed. ​

“Your NFT has to be stored somewhere at the end of the day, usually on a centralized cloud server like Amazon’s,” he said. “If the centralized server gets hacked there is a high chance that all of the NFTs stored there are at the mercy of the hacker, so if there are 1 million assets in one place that’s a financial incentive for a hacker to come and exploit the security loopholes. But at RubiX, 1 million assets are stored on-chain and spread across 1 million different nodes so there’s less financial incentive for a hacker.”​

The loss of the file might not be so crushing for users who consider the smart contract, and not the file, the valuable portion of the NFT. But RubiX works with artists to create one-of-a-kind high resolution files that only the NFT owner can access using biometrics. They developed several decentralized security protocols as part of their blockchain security offerings in partnership with the Microsoft Intelligent Security Association, and these solutions turned out to be applicable to the NFT market. This level of thorough technological development was not included in NFT platforms when they were built at lightning speed to capitalize on the NFT boom.​

The concept of the NFT was first proposed in 2014 by Anil Dash and Kevin McCoy to help artists monetize their digital work as it proliferates across the internet, usually without credit or compensation. But despite the purported immutability of blockchain ledgers, smart contracts are more vulnerable to theft and forgery than many assume. And because of how lucrative NFT trading can be, there is further incentive for hackers to take advantage of weak spots. Furthermore, blockchain was supposed to ensure perpetual royalties for artists as digital artworks are traded, but even this benefit doesn’t always come to fruition when NFTs move from one marketplace to another.​

Intellectual property lawyer Jeff Gluck says that because there are no centralized standards for minting, artists end up getting cheated out of their royalties. “The minting process is inconsistent and fragmented, every marketplace operates differently and this creates the opportunity for counterfeit fraud and transactional fraud,” Gluck explained in an interview. A smart contract from Nifty Gateway, for example, “doesn’t know how to respond or react to a transaction that happens in OpenSea because it’s been programmed, some would say deliberately designed, to only function within the borders of the marketplace,” he continued. ​

To remedy this problem, Gluck founded CXIP Labs, a start-up offering smart contracts that can communicate with any marketplace’s protocol. If an NFT minted through CXIP is uploaded onto a new platform, then the royalty agreement will be processed. CXIP’s smart contracts are also editable, so if a new marketplace comes onto the scene, the NFT will be updated to read that platform’s language. ​

Forgery is another potential pitfall. Provenance of an NFT is typically assigned to the crypto wallet used to mint a particular NFT. Though the ERC-721 standard is supposed to be tamper-proof, the standard can be customized so that a hacker can mint a work through somebody else’s wallet and then transfer it back to their own. Hacker Monsieur Personne exposed this loophole when he forged Beeple’s Everydays in April 2021. He downloaded the file of Everydays from the Christie’s website, minted it through Beeple’s wallet, and listed it for sale on an NFT platform. ​

On his website NFTheft, Monsieur Personne posted an article titled “Why I did what I did.” “Talented and sophisticated creators are being used for their creations without any possibility of providing the necessary security for their artwork,” he writes. “There are no rights or protections preventing the theft and mis-use of their art.” He’s not wrong. ​

As Gluck mentioned in a previous interview with ARTnews: “If you don’t register your work, you have no opportunity to legally enforce your rights against someone who is using your work without permission. You can’t walk into a courtroom and say, ‘I put this on the blockchain, I can enforce my rights,’ because it’s not recognized [as proof of ownership].” This is why CXIP also offers a copyright service for their clients.​

In the end, selling and preserving digital artworks using the time-tested know-how of digital preservationists and the galleries that work with them may prove to be more reliable than any startup. ​

Transfer Gallery’s Nichole has devised, along with her team, methods for preserving digital works. “The complexity of maintaining these kinds of works is beyond what one needs for a painting or a print,” Nichole said. “All conservation of time based media essentially focuses on the artist’s intent, so a conservator will go deep into the process with an artist and talk about things like the environment that they used to build their work: ‘Did you make this on Windows or a Mac OS? What versions? If you’re using a program like Unity, which version are you on? Which libraries are you looking at?’ We’re indexing a full environment, often taking a disk image of the computer. We talk to the artist about the way they use software and about how they want their work displayed.”​

Currently, most NFTs are either still images or looping videos that typically haven’t entered an exhibition space, and are instead displayed on the selling platform or social media. But Transfer Gallery often exhibits pieces whose presentation is more complex, and helps the artist discover how their work might be experienced outside the bounds of their laptop. “A lot of the work that Transfer Gallery does is [bringing] those works into the gallery and so we do a lot of exhibition design experimentation because a big part of the care is figuring out how [a work] is meant to be presented,” Nichole said. ​

At the height of the NFT boom, Transfer Gallery decided to stage an NFT exhibition, “Pieces of Me,” which opened on April 1 2021 and will run indefinitely. The show was organized to highlight how NFTs do not represent the standard for selling and preserving digital artworks. ​

In the smart contracts for the exhibited NFTs, the gallery wrote in plain text that the asset defined in the contract, or the URL leading to a file of the work, was merely a display copy of the work. A collector who buys the work receives a package that includes instructions for exhibition and care, and details the owner’s rights and obligations. “The NFT is just one display asset made available online, it’s for the public, it’s a receipt. However, to really own the work you have to retrieve the full archival package,” Nichole clarified. ​

Whereas NFT platforms function as nearly context-free auction sites, the Pieces of Me exhibition introduces curatorial considerations that underscore the Gallery’s deep engagement with the work. The offerings are split into eight highly evocative categories, such as “Don’t Look Down, Don’t Look Back: Each of the pieces in this room is a warning” or “Blow It All: All of the pieces in this room declare that self-sovereignty is their prerogative.”​

No entity—be it an NFT marketplace, a cutting-edge start-up, or a gallery—can assure that a digital artwork will survive forever. But Transfer Gallery offers a model for an ecosystem that truly values computer-based work as art, and will continue to do so until the end.​