NFTheft In The News
It is a pleasure for me to see people talking and discussing the issues and problems that I am trying to draw attention to.
Here are links to some of the first articles that have been written by others on this topic.
- Artnet - The Gray Market: How a Brazen Hack of That $69 Million Beeple Revealed the True Vulnerability of the NFT Market (and Other Insights)
- Nifty News - The $69 Million NFT Art Thief
- Hacker News - A new $69M NFT was sleepminted (discussion)
From the discussions on social media (mainly Twitter), I have noticed a common argument or position being pushed and argued by some. And since I really don't want to have to repeat myself, I decided to provide a more detailed answer and explanation here.
To me it seems that a lot of people did not understand what I am trying to draw attention to, I want everyone to carefully examine the minting of the original/first version of #40913 Beeple NFT. It baffles my mind how everyone is so quick to try and make a smart dismissing comment on this topic, that they completely miss the entire point of this. The NFT was minted by/from a random, unknown, third-party wallet! There is absolutely no verifiable way to prove that this was in fact minted by Beeple directly. The very first link of the authenticity chain is broken in the first step. That's why I find it almost hilarious when someone comments that the #40914 NFT is obviously fake because the from address in the minting process does not match Beeple's wallet address. Guys, open your eyes! Like 80% of all NFTs have a different from address in the minting process! This is what I am trying to draw attention to. Why is this even allowed? How are all these companies making claims of using the blockchain to make the most secure NFTs when they can't even initiate a minting process correctly? I'll tell you why, it's because they don't care. At one point these companies decided that their word and promise means so much, that they don't even really need the blockchain to back them up.
Some have made claims that the wallet is not important in these situations, that it's really all about the smart contract itself, as long as you trust it, it's all good. No, that's not how any of this works. Blockchains were deployed to provide accountability and transparency. The whole reason they are there is so that we don't have to trust anyone. What history has taught us is that sooner or later, all power turns bad eventually. The other problem with this approach is that the vast majority of NFT users are not really tech-savvy. They do not possess the capabilities to properly read, analyse, and understand smart contracts. They rely purely on the marketplaces and service providers to inform them of the validity or invalidity of a certain NFT.
And in regards to the comments that wallets are not a big deal and are not even that important in the first place. Umm, there's a reason your wallet is the most important thing when it comes to crypto. It's a secure and un-hackable (so far) piece of tech that stores your crypto and NFTs. There is no better way to verify a transaction than with a wallet. And for anyone making claims that they change their wallets often, well then use a public key or something. But it is imperative that every minted NFT is signed with the wallet or with a key at least.
Lastly, the thing that everyone points out without fail is that the transfer transaction was not initiated by Beeple, thus it is easy to identify the NFT as a fake/fraud. Again, I implore everyone to do some very basic research on other transfers before making such a comment. A very large percentage of NFT transfers are not initiated by the NFT owner themselves but rather by a third-party wallet. This is partly due to the fact that proxy wallets are used on marketplaces or because this type of transaction is executed on the back-end through an API request.
I am very happy that there is a discussion on this topic. I am even happy to see doubt, criticism, and arguments. But please please please, do some basic research before making stupid un-based comments. I am getting tired of having to provide corrections.
And please understand one very important thing, every time we decide that something is not important enough, and that there is no problem that it is being omitted, a new attack vector opens up for potentially malicious/fraudulent activity.
- Monsieur Personne