Understanding Security Issues in the NFT Ecosystem

by   Dipanjan Das, et al.

Non-Fungible Tokens (NFTs) have emerged as a way to collect digital art as well as an investment vehicle. Despite having been popularized only recently, over the last year, NFT markets have witnessed several high-profile (and high-value) asset sales and a tremendous growth in trading volumes. However, these marketplaces have not yet received much scrutiny. Most academic researchers have analyzed decentralized finance (DeFi) protocols, studied attacks on those protocols, and developed automated techniques to detect smart contract vulnerabilities. To the best of our knowledge, we are the first to study the market dynamics and security issues of the multi-billion dollar NFT ecosystem. In this paper, we first present a systematic overview of how the NFT ecosystem works, and we identify three major actors: marketplaces, external entities, and users. We study the design of the underlying protocols of the top 8 marketplaces (ranked by transaction volume) and discover security, privacy, and usability issues. Many of these issues can lead to substantial financial losses. During our analysis, we reported 5 security bugs in 3 top marketplaces; all of them have been confirmed by the affected parties. Moreover, we provide insights on how the entities external to the blockchain are able to interfere with NFT markets, leading to serious consequences. We also collect a large amount of asset and event data pertaining to the NFTs being traded in the examined marketplaces, and we quantify malicious trading behaviors carried out by users under the cloak of anonymity. Finally, we studied the 15 most expensive NFT sales to date, and discovered discrepancies in at least half of these transactions.


page 4

page 9


Empirical Review of Smart Contract and DeFi Security: Vulnerability Detection and Automated Repair

Decentralized Finance (DeFi) is emerging as a peer-to-peer financial eco...

Smart Contract and DeFi Security: Insights from Tool Evaluations and Practitioner Surveys

The growth of the decentralized finance (DeFi) ecosystem built on blockc...

Demystifying Scam Tokens on Uniswap Decentralized Exchange

The prosperity of the cryptocurrency ecosystem drives the needs for digi...

An Empirical Study of DeFi Liquidations: Incentives, Risks, and Instabilities

Financial speculators often seek to increase their potential gains with ...

DRAINCLoG: Detecting Rogue Accounts with Illegally-obtained NFTs using Classifiers Learned on Graphs

As Non-Fungible Tokens (NFTs) continue to grow in popularity, NFT users ...

A Blockchain-based Carbon Credit Ecosystem

Climate change and global warming are the significant challenges of the ...

Flash Crash for Cash: Cyber Threats in Decentralized Finance

Decentralized Finance (DeFi) took shape in 2020. An unprecedented amount...

Please sign up or login with your details

Forgot password? Click here to reset