NFT is a privacy and security nightmare

- Advertisement -


Venmo’s obscure solution turn payments into social media feedwhere public transactions by defaulthas met with criticism. But at least it was always possible make Venmo transactions private. Now imagine a financial system that is not only public by default, but can never be made private, and nothing can be removed or removed.

Content

- Advertisement -

This content can also be viewed on the website originates from.

- Advertisement -

This is how crypto works. And for years, this was too rarely recognized as a problem, in large part because systems like Bitcoin, Ethereum, and other crypto platforms are technically “anonymous.” In particular, unlike a banking or financial app, you do not need to attach your real name, address, or other identifying information to your wallet. Of course, everyone can see what a random wallet does, but they don’t necessarily know who does it.

However, NFTs radically undermine this already insignificant anonymity.

Public blockchains are a low privacy environment
- Advertisement -

In any new technology, one supposedly useful feature is often achieved at the expense of another. For example, one way to describe an immutable blockchain containing a public record of every transaction is that it is a transparent way. keep accurate records.

Another way to describe this is as a low privacy environment which gives, among other things, law enforcement access to transaction history of the entire network— as was the case when the US Department of Justice arrested two people accused of stealing $4.5 billion worth of cryptocurrencies. This was stated by Assistant Attorney General Kenneth A. Polite, Jr. at that time“Today, federal law enforcement is demonstrating once again that we can track money through the blockchain.”

Cryptocurrency wallets may be pseudonyms, but many exchanges have Know Your Customer Protocols and collect tons of other user data. Moreover, transactions necessarily require the sharing of your wallet with another party. As a software engineer Molly White wroteonce someone knows your wallet address, privacy can be difficult, if not impossible, to maintain: “Imagine if you, when Venmo called your Tinder date for your half meal, now they could see all the other transactions you ever made, and not just on Venmo, but those you’ve made with your credit card, bank transfer, or other apps, and without the ability to set the visibility of the transfer to “private.”

The main way to deal with public attention is obfuscation methods For example, using unique wallets for each transaction, or using serving glass or mixer. The latter pools many people’s money into one pool and then redistributes it to hide which money goes where. While the process itself is not illegal or even suspicious, you are forgiven for thinking about it. a bit like money launderingbecause sometimes it is used for just that.

These methods are by no means reliable, but even if they were, it’s a cumbersome layer of work that just doesn’t scale. An obsessive crypto investor with plenty of free time can learn how to manage a dozen crypto wallets, a wallet manager, a mixer, and all the other tools needed to stay anonymous. But this is a job that the average person simply cannot do on their own.

NFTs completely destroy the illusion of privacy

A key component of maintaining the anonymity of cryptoactivity is to avoid linking transactions to any identifying information. This means that NFTs, by their very nature, can seriously undermine this goal. The idea behind NFTs is that they are fundamentally unique identifiable tokens. And while they don’t work quite like the advocates sayit is still technically true that no single NFT can be duplicated.

This means that if a user associates an NFT with any part of their online or real life identity, let’s say using NFT as a Twitter profile picture or maintaining a profile on the NFT trading platform— it becomes trivially easy to find out what else their wallet was doing.

It doesn’t even require the use of a particular app or service. Like when Jimmy Fallon showed his bored monkey on TVwhich made the search very easy. Jimmy Fallon wallet address and see what other transactions did his wallet participate inincluding user sent him 1776 Let’s Go Brandon tokens.

While knowing who bought which JPEG may seem unimportant, it is becoming a critical issue as crypto advocates push the idea of ​​using NFTs to home ownership, medical recordsand social media. A single wallet or even a network of wallets that isn’t sophisticated enough can act like a giant bucket of personal data that not only can’t be kept secret, but can’t be removed from the blockchain.

Modern NFT platforms lack basic security features

Not only are transaction histories publicly available for every wallet address on platforms like Ethereum, the largest NFT platform today, but it is also possible to send NFTs to any address, whether or not the recipient approves the transaction. For example, in December 2021, rapper Waka Flocka Flame discovered several NFTs that he did not buy. appears in his wallet.

Because blockchains are immutable and transaction records are add-only, tokens dumped in a user’s wallet cannot simply be deleted. Instead, they need to be “burned”. A burn is a type of transaction in which an NFT (or any other token) is transferred to an address that no one owns and cannot be accessed, effectively making it impossible to recover. Of course, comes with a transaction fee.

Removing anything from your wallet, including spam, unsolicited member photos, or harassing images or messages– you can not do without laying out money. So, for example, if Jimmy Fallon wanted to get rid of those 1,776 Let’s Go Brandon tokens (a transaction for which someone paid $30.25 worth of ETH), the only way to remove them would be to pay a similar transaction fee to send the tokens somewhere. anything. more. And this fee is charged per transaction.

Moreover, NFTs are not limited to strictly static links. Each NFT is governed by a smart contract. These contracts are essentially small code containers in which developers can create mini-applets. This is what makes things like royalty payments possible, but the code inside can be anything, including a misleading scam or even malware.

One high-profile scam included a “play to earn” game modeled after a Netflix game. squid game. The project leaders sold Squid tokens, which rose in price by almost 23 million percent in less than a week, but the smart contract prohibited the sale of any Squid tokens without burning some of the Marbles tokens that players were supposed to earn in the game. Project broke in a weekeven before the game was launched and after the creators disappeared with the money, leaving the Squid tokens worthless.

Since Marbles tokens cannot be earned, users who buy Squid tokens can’t sell themeven as new. According to the rules of the smart contract that governs Squid tokens, they are likely to remain forever in investors’ wallets.

The immutable nature of the blockchain also means that fixing the code is next to impossible. The gist of the system is to support an append-only immutable notation, so the only way to update smart contracts – which, again, are just code subject to human error and exploitation – is to completely replace them with a new contract and migrate old tokens to it.

This happened recently with Sandbox, a game world that sells NFT virtual earth. A vulnerability in a previous smart contract could allow an attacker to burn another player’s NFT without permission from the owner. To solve this problem, sandbox released a new smart contract and instructed users to transfer their land tokens.

However, since every transaction on the Ethereum blockchain requires fees, someone has to pay for every part of the process. The Sandbox has offered to pay gas fees for all of its users, who must now migrate to the new smart contract, but not every project will be willing or able to do so.

There are countless alternative crypto platforms and services that share some common disadvantages with the most common platforms today, such as Ethereum. Some of these can be fixed, but at the moment the most common players and tools have serious flaws when it comes to basic privacy and security that is all too often overlooked.


More Great WIRED Stories

.


Credit: www.wired.com /

- Advertisement -

Stay on top - Get the daily news in your inbox

DMCA / Correction Notice

Recent Articles

Related Stories

Stay on top - Get the daily news in your inbox