Are Your NFTs Safe? How to Protect Digital Assets From Disaster

As FTX NFTs and other closed platforms showed, an on-chain token doesn't always mean the art is secure. But there are ways to protect NFTs.

By Mason Marcobello

12 min read

In the ever-volatile world of NFTs, collectors have spent years amassing fortunes in generative art and unique digital assets—only to face the possibility of losing it all in an instant.

Picture the ensuing chaos when, instead of a cascade of bids in one's inbox, a message from a major marketplace announces that it’s filing for bankruptcy, rendering NFTs on the platform "inaccessible once the site shuts down." Customer support only offers generic canned responses, and users are left frantically searching for solutions.

It might seem far-fetched, but we’ve seen multiple recent examples: the shutdown of FTX NFTs and social token and NFT platform Rally only further exposed the shaky trust assumptions plaguing NFTs. And that’s not even considering the ever-present threat of hacks and exploits that have swiped countless valuable NFTs from unsuspecting holders.

“This year will be the biggest year for hacks in history,” Sebastien Badault, VP of Metaverse at Ledger, told Decrypt. “We can say this every year for the rest of our lives, and it will be true. We've seen some of the industry's pioneers get hacked recently and lose their lifelong-built collections." 

In response to these risks, a growing number of blockchain companies are now developing solutions to safeguard collectors' assets. While servers like InterPlanetary File System (IPFS)  or fully on-chain collections may be viewed as bastions of data storage, that isn't always the case. IPFS or centralized services such as Amazon AWS demand ongoing fees from users, and their existence hinges upon proper maintenance.

In the ever-evolving landscape of Web3, one sobering truth remains: assets connected to blockchains are never completely secure.

NFT storage challenges

According to a January 2022 analysis by YourNFTS and later verified by ClubNFT Head of Data Science Nick Hladek, roughly 10% of NFTs were stored on-chain, with another 40% of NFTs on private servers and the remaining 50% on IPFS. This is a problem for several reasons.

First, if the artwork tied to the NFT is stored off-chain on servers operated by the marketplace, then should said marketplace collapse, it’s likely that any servers they operate or pay for will as well. Consequently, once the server is turned off, the NFT won't point to an artwork or file but a broken link. Such was the case with  FTX NFTs and other platforms like Ascribe, RARE Art Labs, Editional, and Digital Objects that closed following the crypto crash of early 2018.

As around 40% of NFTs on Ethereum are stored off-chain (relying on external servers), the potential for them to break could have an overt negative impact on the NFT market, considering the sizable investments made, which accounted for almost $25 billion in sales last year alone.

Although platforms like IPFS are a better option for collectors to manage and store their assets, it is also not without risk. For instance, if nobody pays to pin the images on IPFS, then the system will eventually remove them in a periodic cleanup to reduce redundant data.

Due to this, collectors need to either take on the responsibility of pinning their own NFT files to IPFS or back them up locally to restore them in the future, if needed—or both. But as these methods require a more technical skillset, the average collector rarely invests the time needed to pin their NFTs or create a backup.

According to an independent academic paper published in 2021 by UC Santa Barbara, "3.91% of the assets (images) and 9.04% of metadata records hosted on IPFS" between June and December of that year disappeared. An updated analysis is underway for assets bought and minted in 2022.

Despite these issues, the research paper also noted that IPFS remains a far better choice than private servers. Conversely, the paper found that lost NFTs not on IPFS represented "a staggering $160,761,805 in revenue from 118,294 transactions." The findings suggest that using IPFS to host NFT assets and metadata is still the most viable option for creators and collectors.

It’s not just about Ethereum NFTs, either. While Bitcoin-based Ordinals are stored entirely on-chain, NFT-like assets on other Bitcoin-backed chains aren’t necessary protected.

"The risk of losing NFT media applies to all NFTs, regardless of chain, if the media isn't stored directly on the chain the NFT was minted,” Joe Looney, creator of the Rare Pepe Wallet on Bitcoin-based protocol Counterparty, told Decrypt.

What can be done?

Jason Bailey, a.k.a. Artnome, is a leading figure in the NFT sector. His early articles on NFTs from 2017 and 2018 were an entry point for many artists and marketplaces, including KnownOrigin, and his collaboration with CryptoPunks creator Larva Labs to launch the now-valuale Autoglyphs generative art project in 2019 further established his expertise.

Bailey recently shared his concerns about a potential NFT marketplace consolidation with Decrypt. In addition to the potential closing of marketplaces following a broader market collapse (as seen in 2018-2019), Bailey also believes that many startups emerge to compete for market share when there is a degree of innovation.

Eventually, however, one or two of those startups dominate and the rest either shut down or get acquired by the larger company. Bailey likens this trend to how people mostly just go to YouTube for videos instead of dozens of websites, or to Amazon for online shopping.

"We are already seeing NFT marketplaces shut down, with the NFTs minted on those platforms breaking," Bailey said. "For example, the FTX NFTs all broke when FTX shut down, and this is just the start. We expect to see many more marketplaces follow."

However, various solutions and alternatives are emerging to address and solve these problems. Some of the more prominent examples include: 

ClubNFT

Given his first-hand experience losing valuable assets with RARE Art Network and the awareness of risks in the industry, Bailey co-founded ClubNFT in 2021 with engineer Chris King. It’s a company building leading tools to protect the longevity of NFTs stored on IPFS. Since launching its backup tool in June 2022, ClubNFT has backed up more than 6,000 collections, over 800,000 NFTs, and nearly 3.5 million IPFS files. 

As per its mission to help protect artists and collectors from marketplace dependency for the safety and preservation of their NFTs, ClubNFT also offers a free analysis tool for collectors to find where their NFTs are stored. It provides an “X-ray view” that shows where all the files for your NFTs live, and it can also create a free backup to protect IPFS NFTs.

Outside of Ethereum, there are also solutions for NFTs on other blockchains like Tezos, thanks to a recent partnership between ClubNFT and fxhash. Founded in November 2021 by generative artist and developer Baptiste Crespy, also known as ciphrd, FXHash is an open platform for anyone to create, collect, and curate code-based Tezos-based generative art.

Over 1.2 million unique generative art NFTs have been minted and collected on the platform to date, with more than 20,000 projects created by generative artists. Ciphrd emphasized the importance of providing accessible tools for generative art creation and collection, and highlighted how the backup service integration is natural as it gives fxhash “a high degree of redundancy and ultimately protects irreplaceable digital artworks." 

"We are doing everything we can to try and educate and protect collectors ahead of marketplace collapses,” Bailey added. “However, I think once people see how simple it is to use our tool to protect their collections, they will wonder why they didn't do it sooner.”

Arweave

Another go-to solution for permanently storing files is Arweave. Founded in 2017 by Sam Williams, Arweave is a decentralized storage network that aims to provide a permanent and low-cost storage solution for data.

It uses a novel approach called "blockweave," which combines the principles of blockchain and a proof-of-work model to create a secure and efficient storage system. It works by storing data across a distributed network of nodes, similar to other decentralized storage networks like IPFS.

However, unlike IPFS, Arweave ensures permanent storage by using a consensus algorithm designed to continuously mine new blocks and attach them to the end of the "blockweave." This approach ensures that—at least in theory—once data is on Arweave, it cannot be deleted or altered, even by the network operators.

One of the unique features of Arweave is its "pay once, store forever" model. Users pay a one-time fee to save data on the network, which is then permanently stored and accessible for as long as the network exists. This model eliminates the need for users to pay recurring fees for storage, and provides a cost-effective solution for long-term data storage.

However, like IPFS, the reality of the situation is more complex. Arweave relies on several factors remaining constant to keep stored data safe, including a stable value for its token and the profitability of running an Arweave node. One of the more significant issues with Arweave is that users have no control over the safety of their stored data.

Since Arweave is a blockchain and the data is integrated within it, a backup would not be helpful as the transaction ID—rather than a verifiable hash of the file—is used to access the data. If the data is lost on Arweave, then it cannot be reuploaded to the same transaction ID and the link will be permanently broken.

Akord

Despite the potential risks, many users still opt for Arweave as their go to perma-web solution. That said, given the slight technical barrier for people to pay and store their files on the Arweave blockchain, more user-friendly options like Akord have emerged to simplify the experience.

Simply put, Akord is a protocol for secure storage and publishing on Arweave that lets people easily create vaults and public or private folders for file storage on Arweave, with an initial 500MB worth of free data.

One of the main features of Akord is manifests, which help to map user-friendly names to files and contents within a user’s vault. Similar to the simplicity of an ENS domain for Ethereum wallets, manifests use a more intuitive name (e.g., /foldername/myphoto.jpg) a long hash to refer to a file. Although they can be used to store metadata for NFTs, their primary purpose in Akord is to facilitate easy information management and help better organize stored data.

Filecoin

Filecoin is a cryptocurrency that incentivizes a global network of computer operators to provide a decentralized file-sharing and storage service. It aims to become the fastest and cheapest way to store data on the internet while avoiding censorship from governments or other actors.

Filecoin operates on top of IFPS, with the main difference being that IPFS itself does not offer any revenue for miners. Filecoin, on the other hand, costs money to use but can also generate revenue for miners. Similar competing protocols include Storj and Siacoin.

"It is difficult to explain the significance of content addressing to the market,” Protocol Labs Director of Engineering Jimmy Lee told Decrypt, but once people realize that there is a unique signature for all of their data and there is a way to ensure that people don't get tricked when they query for it, you can start to see people making sense of it.”

Lee emphasized the importance of backing up digital art and ensuring that it can't be lost. He believes that decentralized storage networks solve this problem, offering fault-tolerant and hack-resistant storage with a global network. As with people who take significant measures to protect their physical collectibles, he said that the same should be done for digital collectibles.

"If you knew there was a public decentralized storage network with over 4,800 network operators in over 20 countries providing an open source solution to this problem,” he said, “why wouldn't you back up your data there and everywhere else? Why trust a traditional cloud service that has no incentive to tell you how things really work?"

He added that Filecoin can support up to 20 exabytes of storage capacity, and offers the ability to replicate NFT data across machines all over the world. While it may not be as large as the centralized Amazon AWS, which can support over 400 exabytes, Filecoin offers a decentralized solution for securing files.

"I'll know exactly which machines they are on, and I can ensure that the data will never be lost,” he added. “I can't think of a better way to protect something digital I care about.”

Get crypto news straight to your inbox--

sign up for the Decrypt Daily below. (It’s free).

Recommended News