Identifying Security Risks in NFT Platforms

This paper examines the effects of inherent risks in the emerging technology of non-fungible tokens and proposes an actionable set of solutions for stakeholders in this ecosystem and observers. Web3 and NFTs are a fast-growing 300 billion dollar economy with some clear, highly publicized harms that came to light recently. We set out to explore the risks to understand their nature and scope, and if we could find ways to mitigate them. In due course of investigation, we recap the background of the evolution of the web from a client-server model to the rise of Web2.0 tech giants in the early 2000s. We contrast how the Web3 movement is trying to re-establish the independent style of the early web. In our research we discover a primary set of risks and harms relevant to the ecosystem, and classify them into a simple taxonomy while addressing their mitigations with solutions. We arrive at a set of solutions that are a combination of processes to be adopted, and technological changes or improvements to be incorporated into the ecosystem, to implement risk mitigations. By linking mitigations to individual risks, we are confident our recommendations will improve the security maturity of the growing Web3 ecosystem. We are not endorsing, or recommending specifically any particular product or service in our solution set. Nor are we compensated or influenced in any way by these companies to list these products in our research. The evaluations of products in our research have to simply be viewed as suggested improvements.