Are NFT's Hackable? The answer may surprise you.

Are NFT's Hackable? The answer may surprise you.

Please ignore the clickbaity title, the more technically correct question is: Are NFT's not-verified on the blockchain?

Answer: Yes*

*its complicated, let me explain

Cool... but.

...Wait... what are NFT's? actually

Simply put: NFT's are a number that unquqly repersents your piece of art.

Thats it.

Its a number.

nft ownership is owning a number that points to something.

But wait whats the problem here? I thought you said NFT's were hackable..

To explain: Bear with me for a Small detour, to explain what Hash functions are...

Hashing functions

Are a way to uniquely identify pieces of data, like a password, or a cat gif, etc..

this is a hash function, it's a math function, that takes in data, and spits out a unique number that represents the input data.

The input doesn't have to be text, it can be anything, for example, a gif of Nyan cat

What does this have to do with my nyan cat gif nft?

Well actually alot.

A hash function would allow computers to varify if someone changed the url your nft points.

Question: Are nft's valided by using hashes of your image stored on the blockchain?

Short answer: NO

Long answer: No, the block chain does not store a hash of your image or data, it only has a link to the actual photo or data you want.

Key point:

What a link points to can be changed!

The big question is:

Who validates that the nft is the original?

Answer is Nobody does.

Same thing happens in the art world. a art expert is the source of truth.

When researching this question it led me to go look up the technical documentation for what defines a nft

To quote the spec for nft's

Source: EIP-721: ERC-721 Non-Fungible Token Standard

Take note of : The URI MAY be mutable

The URI MAY be mutable (i.e. it changes from time to time).

This is important, that means the blockchain is not actually verifying unique photos/data, it's just verifying that the token (aka number) is valid and unique...

This is the format for the data for a nft it has a json field of data for the nft. which here would be a image url that can change.

But why?

Here's why the image is not a hash stored in the block chain, the reason is its too expensive to do so.

Alternatives considered: put all metadata for each asset on the blockchain (too expensive), use URL templates to query metadata parts (URL templates do not work with all URL schemes, especially P2P URLs), multiaddr network address (not mature enough)

They use the word '(too expensive)' meaning its takes too much work to varify that images, thus its not verified at all. 😨😱💀

In a article by Nicholas Juntilla called The Importance of Image Hashes for Authenticating NFTs they make this statement

"Most of the big marketplaces, OpenSea, Rariable, Mintable, Nifty Gateway, do not save any hash or any identifiable information about an NFT so what you own is a token with a vague generic URL."


BTW, OpenSea is the largest nft platform. hmm. scary.

But is it really that big of a issue?

Well maybe. the issue is what server the url is pointing to.

If a att/acker has access to the server, they can change the nft's data, and no platform or blockchain is the wiser.

What does it mean to own a NFT?

Its buying the wright to say, I own that painting. Which is not the same as 'ownership' of a physical object

Like yes, you "own" it. but what does this asset class actually?

Hacker can change where theurl points too

Why do people buy traditional art?

Because we believe its valuable. Belief + scarcity = value.

Thanks for reading 😎


by oran collins

If you want to help me out and give some donations here's my monero address: 432ZNGoNLjTXZHz7UCJ8HLQQsRGDHXRRVLJi5yoqu719Mp31x4EQWKaQ9DCQ5p2FvjQ8mJSQHbD9WVmFNhctJsjkLVHpDEZ I use a tracker that is pravicy focused so if you block its cool, im big on blocking stuff on my own machine. im doing it to see if anyone is actualy reading my blog posts...:)