research-article

Open access

Understanding Security Issues in the NFT Ecosystem

Authors:

Giovanni VignaAuthors Info & Claims

CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security

Pages 667 - 681

https://doi.org/10.1145/3548606.3559342

Published: 07 November 2022 Publication History

PDF eReader

Abstract

Non-Fungible Tokens (NFTs) have emerged as a way to collect digital art as well as an investment vehicle. Despite having been popularized only recently, NFT markets have witnessed several high-profile (and high-value) asset sales and a tremendous growth in trading volumes over the last year. Unfortunately, these marketplaces have not yet received much security scrutiny. Instead, most academic research has focused on attacks against decentralized finance (DeFi) protocols and automated techniques to detect smart-contract vulnerabilities. To the best of our knowledge, we are the first to study the market dynamics and security issues of the multi-billion dollar NFT ecosystem.

In this paper, we first present a systematic overview of how the NFT ecosystem works, and we identify three major actors: marketplaces, external entities, and users. We then perform an in-depth analysis of the top 8 marketplaces (ranked by transaction volume) to discover potential issues, many of which can lead to substantial financial losses. We also collected a large amount of asset and event data pertaining to the NFTs being traded in the examined marketplaces. We automatically analyze this data to understand how the entities external to the blockchain are able to interfere with NFT markets, leading to serious consequences, and quantify the malicious trading behaviors carried out by users under the cloak of anonymity.

Supplementary Material

MP4 File (CCS22-fp0082.mp4)

This talk is about the systematic study of the emerging Non-Fungible Token (NFT) ecosystem that we conducted on 8 top NFT marketplaces. We first identify three actors in the ecosystem, and then present security and privacy issues and design weaknesses involving all those three actors. In this talk, we explain how we perform both qualitative and quantitative analyses. First, we discover the issues by interacting with the marketplaces, and then quantify the prevalence of those issues by sourcing trading data from the marketplaces. Many of the issues that we identified could lead to potential financial losses. This talk only scratches the surface by explaining a handful of the issues we found. To understand the threat landscape in-depth, please check out our paper.

Download
17.99 MB

References

[1]

The 15 most expensive nfts ever sold. https://decrypt.co/62898/most-expensive- nfts-ever-sold.

Abstract

Supplementary Material

References

Cited By

Index Terms

Recommendations

Stakeholders and Value in the NFT Ecosystem: Towards a Multi-disciplinary Understanding of the NFT Phenomenon

Characterizing the Solana NFT Ecosystem

Scoring model for NFT evaluation

Comments

Information

Published In

Sponsors

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

PDF

eReader

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations