NFTs Are a Privacy and Security Nightmare

Credit to Author: Eric Ravenscraft| Date: Tue, 05 Apr 2022 11:00:00 +0000

To revist this article, visit My Profile, then View saved stories.

To revist this article, visit My Profile, then View saved stories.

Venmo's baffling decision to turn payments into a social media feed, where public transactions are the default, has rightly been met with criticism. But at the very least, it's always been possible to make Venmo transactions private. Now, imagine a financial system that's not just public by default, but can't ever be made private, and nothing can ever be removed or deleted.

That's how crypto works. And for years, it's been too seldom recognized as an issue—in large part because systems like Bitcoin, Ethereum, and other crypto platforms are technically “anonymous.” More specifically, unlike a bank or financial app, you don't have to attach your real name, address, or other identifying information to a wallet. Sure, everyone can see what a random wallet is doing, but they don't necessarily know who is doing it.

NFTs, however, radically undermine this already tenuous anonymity. 

With any new technology, one supposedly beneficial trait often comes at the expense of another. For example, one way to describe an immutable blockchain that contains a public record of every transaction is that it’s a transparent way to maintain accurate records.

Another way to describe it is as a low-privacy environment that gives, among others, law enforcement access to the transaction history of the entire network—as was the case when the US Department of Justice arrested two individuals accused of stealing $4.5 billion worth of cryptocurrency. Said assistant attorney general Kenneth A. Polite Jr. at the time, “Today, federal law enforcement demonstrates once again that we can follow money through the blockchain.”

Crypto wallets may be pseudonymous, but many exchanges have Know Your Customer protocols and collect tons of other data on users. Moreover, transactions necessarily require sharing your wallet with another party. As software engineer Molly White wrote, once someone knows your wallet address, privacy can be difficult, if not impossible to maintain: “Imagine if, when you Venmoed your Tinder date for your half of the meal, they could now see every other transaction you’d ever made—and not just on Venmo, but the ones you made with your credit card, bank transfer, or other apps, and with no option to set the visibility of the transfer to ‘private.’”

The primary way to combat this public scrutiny is with obfuscation methods like using unique wallets for each transaction, or employing a tumbler or mixer service. The latter combines many people's money into one pool and then redistributes it so as to obscure which money is going where. While this process itself isn't inherently illegal or even suspicious, you'd be forgiven for thinking it sounds a bit like money laundering, because sometimes it's used for exactly that.

These techniques are by no means foolproof, but even if they were, it's a cumbersome layer of work that simply doesn't scale. An obsessed crypto investor with plenty of time on his hands might learn how to manage a dozen crypto wallets, a wallet manager, a mixer, and every other tool needed to stay anonymous. But that's work the average person simply can't be expected to do on their own.

A key component to keeping crypto activity anonymous is to avoid tying transactions to any identifying information. Which means NFTs, by their nature, can fundamentally undermine this goal. The idea behind NFTs is that they are fundamentally unique, identifiable tokens. And while they don't work quite the way advocates say they do, it's still technically true that no individual NFT can be duplicated.

This means that, if a user ties an NFT to any part of their online or IRL identity—say by using an NFT as a profile picture on Twitter or maintaining a profile on an NFT marketplace—it becomes trivially easy to find out what else their wallet has been up to.

This doesn't even require using a specific app or service. For example, when Jimmy Fallon showed off his Bored Ape on TV, that made it very easy to find Jimmy Fallon’s wallet address and see what other transactions his wallet has been involved in, including a user sending him 1,776 Let's Go Brandon tokens.

While knowing who bought which JPEG might not seem like a major deal, it becomes a critical issue as crypto advocates push the idea of using NFTs for home ownership, medical records, and social media. A single wallet—or even a network of wallets that are not adequately obfuscated—could act as a giant bucket of personal data that not only can't be kept private, but can't be deleted from the blockchain.

Not only are transaction histories public for every wallet address on platforms like Ethereum—the largest NFT platform today—but it’s possible to send NFTs to any address, regardless of whether the recipient approves the transaction. For example, in December 2021, rapper Waka Flocka Flame found a number of NFTs he hadn’t purchased appearing in his wallet.

Since blockchains are immutable, append-only records of transactions, tokens dropped into a user’s wallet can’t just be deleted. Instead, they have to be “burned.” Burning is a type of transaction where an NFT (or any other token) is transferred to an address that no one owns and can’t be accessed, effectively making it impossible to recover. This, of course, comes with transaction fees.

Removing anything from your wallet—including spam, unsolicited dick pics, or harassing images or messages—can’t be done without shelling out money. So, for example, if Jimmy Fallon wanted to get rid of those 1,776 Let’s Go Brandon tokens (a transaction someone paid $30.25 worth of ETH to conduct), the only way to remove them is to pay a similar transaction fee to send the tokens somewhere else. And that fee applies per transaction.

Moreover, NFTs aren’t strictly limited to static links. Every NFT is governed by a “smart contract.” These contracts are essentially small containers for code that developers can build mini applets in. This is what enables things like royalty payments, but the code inside can be anything, including misleading scams or even malware.

One high-profile scam involved a play-to-earn game modeled after Netflix’s Squid Game. The project leaders sold Squid tokens, which rose by nearly 23 million percent in less than a week, but the smart contract forbade selling any Squid tokens without also burning a number of Marbles tokens, which players were meant to earn in the game. The project collapsed after a week, before the game even launched, and after the creators disappeared with the money, leaving the Squid tokens worthless.

Since Marbles tokens can’t be earned, users who bought the Squid tokens can’t sell them, even as a novelty. According to the rules of the smart contract that governs Squid tokens, they will likely remain in investors wallets forever. 

The immutable nature of the blockchain also means that patching code is essentially impossible. The point of the system is to maintain an unchangeable, append-only record, so the only way to update smart contracts—which again, are just code that is susceptible to human error and exploitation—is to replace them entirely with a new contract and migrate old tokens to it.

This happened recently with the Sandbox, a game world that sells NFTs of virtual land. A vulnerability in the previous smart contract could’ve made it possible for an attacker to burn another player’s NFT without permission from the owner. To resolve this, the Sandbox issued a new smart contract and directed users to migrate their land tokens.

However, since every transaction on the Ethereum blockchain costs fees, someone has to pay for every part of this process. The Sandbox has offered to pay the gas fees for all of its users who must now migrate to a new smart contract, but not every project would be willing or able to do so.

There are countless alternative crypto platforms and services that share some flaws with the most common platforms like Ethereum today. Some might be fixable, but for now the most common players and tools have critical flaws when it comes to basic privacy and security that have gone far too often overlooked. 

https://www.wired.com/category/security/feed/