![](\"https:\/\/media.wired.com\/photos\/624b7b34a288ab4bb7de3714\/master\/pass\/NFT-Privacy-Security-1317721353.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Eric Ravenscraft| Date: Tue, 05 Apr 2022 11:00:00 +0000<\/strong><\/p>\n Eric Ravenscraft<\/a><\/span><\/span><\/p>\n To revist this article, visit My Profile, then View saved stories<\/a>.<\/p>\n To revist this article, visit My Profile, then View saved stories<\/a>.<\/p>\n Venmo's baffling decision<\/span> to turn payments into a social media feed<\/a>, where public transactions are the default<\/a>, has rightly been met with criticism. But at the very least, it's always been possible to make Venmo transactions private<\/a>. Now, imagine a financial system that's not just public by default, but can't ever be made private, and nothing can ever be removed or deleted.<\/p>\n That's how crypto works. And for years, it's been too seldom recognized as an issue\u2014in large part because systems like Bitcoin, Ethereum, and other crypto platforms are technically \u201canonymous.\u201d More specifically, unlike a bank or financial app, you don't have to attach your real name, address, or other identifying information to a wallet. Sure, everyone can see what a random wallet is doing, but they don't necessarily know who<\/em> is doing it.<\/p>\n NFTs, however, radically undermine this already tenuous anonymity.\u00a0<\/p>\n With any new technology, one supposedly beneficial trait often comes at the expense of another. For example, one way to describe an immutable blockchain that contains a public record of every transaction is that it\u2019s a transparent way to maintain accurate records<\/a>.<\/p>\n Another way to describe it is as a low-privacy environment that gives, among others, law enforcement access<\/a> to the transaction history of the entire network<\/a>\u2014as was the case when the US Department of Justice arrested two individuals accused of stealing $4.5 billion worth of cryptocurrency. Said assistant attorney general Kenneth A. Polite Jr. at the time<\/a>, \u201cToday, federal law enforcement demonstrates once again that we can follow money through the blockchain.\u201d<\/p>\n Crypto wallets may be pseudonymous, but many exchanges have Know Your Customer protocols<\/a> and collect tons of other data on users<\/a>. Moreover, transactions necessarily require sharing your wallet with another party. As software engineer Molly White wrote<\/a>, once someone knows your wallet address, privacy can be difficult, if not impossible to maintain: \u201cImagine if, when you Venmoed your Tinder date for your half of the meal, they could now see every other transaction you\u2019d ever made\u2014and not just on Venmo, but the ones you made with your credit card, bank transfer, or other apps, and with no option to set the visibility of the transfer to \u2018private.\u2019\u201d<\/p>\n The primary way to combat this public scrutiny is with obfuscation methods<\/a> like using unique wallets for each transaction, or employing a tumbler or mixer service<\/a>. The latter combines many people's money into one pool and then redistributes it so as to obscure which money is going where. While this process itself isn't inherently illegal or even suspicious, you'd be forgiven for thinking it sounds a bit like money laundering<\/a>, because sometimes it's used for exactly that.<\/p>\n These techniques are by no means foolproof<\/a>, but even if they were, it's a cumbersome layer of work that simply doesn't scale. An obsessed crypto investor with plenty of time on his hands might learn how to manage a dozen crypto wallets, a wallet manager, a mixer, and every other tool needed to stay anonymous. But that's work the average person simply can't be expected to do on their own.<\/p>\n A key component to keeping crypto activity anonymous is to avoid tying transactions to any identifying information. Which means NFTs, by their nature, can fundamentally undermine this goal. The idea behind NFTs is that they are fundamentally unique, identifiable tokens. And while they don't work quite the way advocates say they do<\/a>, it's still technically true that no individual NFT can be duplicated.<\/p>\n This means that, if a user ties an NFT to any part of their online or IRL identity\u2014say by using an NFT as a profile picture on Twitter<\/a> or maintaining a profile on an NFT marketplace<\/a>\u2014it becomes trivially easy to find out what else their wallet has been up to.<\/p>\n This doesn't even require using a specific app or service. For example, when Jimmy Fallon showed off his Bored Ape on TV<\/a>, that made it very easy to find Jimmy Fallon\u2019s wallet<\/a> address and see what other transactions his wallet has been involved in<\/a>, including a user sending him 1,776 Let's Go Brandon tokens<\/a>.<\/p>\n While knowing who bought which JPEG might not seem like a major deal, it becomes a critical issue as crypto advocates push the idea of using NFTs for home ownership<\/a>, medical records<\/a>, and social media<\/a>. A single wallet\u2014or even a network of wallets that are not adequately obfuscated\u2014could act as a giant bucket of personal data that not only can't be kept private, but can't be deleted from the blockchain.<\/p>\n Not only are transaction histories public for every wallet address on platforms like Ethereum\u2014the largest NFT platform today\u2014but it\u2019s possible to send NFTs to any address, regardless of whether the recipient approves the transaction. For example, in December 2021, rapper Waka Flocka Flame found a number of NFTs he hadn\u2019t purchased appearing in his wallet<\/a>.<\/p>\n Since blockchains are immutable, append-only records of transactions, tokens dropped into a user\u2019s wallet can\u2019t just be deleted. Instead, they have to be \u201cburned.\u201d Burning is a type of transaction where an NFT (or any other token) is transferred to an address that no one owns and can\u2019t be accessed, effectively making it impossible to recover. This, of course, comes with transaction fees<\/a>.<\/p>\n Removing anything from your wallet\u2014including spam, unsolicited dick pics, or harassing images or messages<\/a>\u2014can\u2019t be done without shelling out money. So, for example, if Jimmy Fallon wanted to get rid of those 1,776 Let\u2019s Go Brandon tokens (a transaction someone paid $30.25 worth of ETH to conduct), the only way to remove them is to pay a similar transaction fee to send the tokens somewhere else. And that fee applies per transaction.<\/p>\n Moreover, NFTs aren\u2019t strictly limited to static links. Every NFT is governed by a \u201csmart contract.\u201d These contracts are essentially small containers for code that developers can build mini applets in. This is what enables things like royalty payments, but the code inside can be anything, including misleading scams or even malware.<\/p>\n One high-profile scam<\/a> involved a play-to-earn game modeled after Netflix\u2019s Squid Game<\/em>. The project leaders sold Squid tokens, which rose by nearly 23 million<\/em> percent in less than a week<\/a>, but the smart contract forbade selling any Squid tokens without also burning a number of Marbles tokens, which players were meant to earn in the game. The project collapsed after a week<\/a>, before the game even launched, and after the creators disappeared with the money, leaving the Squid tokens worthless.<\/p>\n Since Marbles tokens can\u2019t be earned, users who bought the Squid tokens can\u2019t sell them<\/a>, even as a novelty. According to the rules of the smart contract that governs Squid tokens, they will likely remain in investors wallets forever.\u00a0<\/p>\n The immutable nature of the blockchain also means that patching code is essentially impossible. The point of the system is to maintain an unchangeable, append-only record, so the only way to update smart contracts\u2014which again, are just code that is susceptible to human error and exploitation\u2014is to replace them entirely with a new contract and migrate old tokens to it.<\/p>\n This happened recently with the Sandbox, a game world that sells NFTs of virtual land<\/a>. A vulnerability in the previous smart contract could\u2019ve made it possible for an attacker to burn another player\u2019s NFT without permission<\/a> from the owner. To resolve this, the Sandbox issued a new smart contract<\/a> and directed users to migrate their land tokens.<\/p>\n However, since every transaction on the Ethereum blockchain costs fees, someone has to pay for every part of this process. The Sandbox has offered to pay the gas fees for all of its users who must now migrate to a new smart contract, but not every project would be willing or able to do so.<\/p>\n There are countless alternative crypto platforms and services that share some flaws with the most common platforms like Ethereum today. Some might be fixable, but for now the most common players and tools have critical flaws when it comes to basic privacy and security that have gone far too often overlooked.\u00a0<\/p>\n