Protecting Your NFT Art Collection From Fraud And Platform Failure

The way Bailey describes it, “I was telling everyone the amazing thing about ‘art on the blockchain’, which is literally what we called it back then instead of ‘NFTs’, is that you don’t have to depend on anyone but yourself. If you’re the collector, and you get this token and the art, if the marketplace goes under, you’re gonna be fine. It’s kind of this idea of ‘self-sovereignty’ that’s borrowed from cryptocurrency.”

But with that ownership comes the responsibility of making sure your collection is safe. “The assumption that a lot of us made was that everything was on the blockchain, that the art was actually on the blockchain. And it somehow had that decentralized, you know, provenance and permanence associated with it. And that was a mistake. Actually, it turns out that a lot of the time, about 90% of the time, the art is not on the blockchain.”

King explains what ClubNFT considers a “well-formed NFT”. Not only does it contain a cryptographic signature proving that the artist is the on-chain creator, but it also contains a cryptographic “hash” or “checksum” of the work itself rather than a URI.

The hash is a string of seemingly random letters and numbers that acts as a unique “fingerprint” of the work itself; by running the work through an encryption algorithm like SHA-256 you’ll always get the same string. The probability of two files resulting in the same hash is so close to zero that it can be safely ignored. What this means is that we can prove the NFT corresponds to a specific work: if Jason Bailey’s XCOPY NFT had a hash of the work, it would still meaningfully “point to” the work even though the Ascribe server is down. It would still be less valuable than if the Ascribe server was up, but it would serve its purpose. The hash is much more useful, however, if the work is stored on IPFS.

IPFS is a decentralized file-sharing network like BitTorrent. If someone on the network is storing a copy of an NFT’s artwork and has it “pinned” such that it’s available for others to access, there’s an image matching the NFT’s checksum that can be downloaded to view the piece.

If you want to help protect your NFT artworks that are stored on IPFS, you need to download a “perfect” copy of those files. This means that the checksum of your copy would match that of the original artwork, the one stored on the NFT. That’s quite hard to do without some technical knowledge, and in any case, it’s time-consuming, which is why ClubNFT offers a service to automate all of that. This gives NFT collectors, whether museums or a general audience, a way to “give back” to the IPFS ecosystem by hosting their own copies if they’d like.

For most NFT collectors and marketplaces, IPFS is a robust solution that moves some of the storage overheard away from marketplaces and towards this decentralized network. It’s why marketplaces like KnownOrigin and SuperRare store all minted works on IPFS. But OpenSea, the biggest NFT marketplace by far, stores minted works on their own server as Ascribe did.

If a museum tries to “collect” an NFT from OpenSea, they could run into problems archiving that work according to their own best practices. They might have to work directly with the artist to source the work in its original resolution and file format, maybe several formats if it’s a complicated 3D piece. From there, archivists can work on additional steps like creating redundant copies on specialized hardware.

But even if the work is hosted on IPFS, museums are still going to need to track down an archival-quality copy. The IPFS-based platform SuperRare, for example, imposes a 50MB limit on file uploads. That might be sufficient for most viewing situations, but museums are going to want an uncompressed copy for the archive that could be gigabytes in size.

The other important aspect of protecting an NFT collection is wallet security. While an institution might be able to run its own IPFS node or its own instance of a blockchain, wallet security is one area where institutions are on the same playing field as individual NFT collectors. The same best practices apply in both cases.

As Jason Bailey explains, “a lot of people when they go to buy NFTs, they take the very same wallet that has all their cryptocurrency and all their NFTs in it. And they go and interact sometimes with marketplaces they’ve never seen before. And when you do that, often people just click ‘yes’ on the things that pop up when they try to buy an NFT, and you can accidentally sign away the opportunity for people to take all of your collection and all of your money. And there’s a simple solution, which is just to have a second wallet that you use to buy and you just keep a little bit of money in there, and you use that to buy and then your main wallet is the one that you keep all your collection. And so you’re never exposing that. You wouldn’t take your entire life savings, put it into a bunch of garbage bags, drag it a block away to buy one bagel, and just hope that no one mugs you, right? You keep that stuff somewhere safe, you take out a small amount of money, and you put that in your wallet to go buy a $5 bagel and if someone mugs you, they get your $5 and not your life savings.”

Related posts:

The founder of a seed-stage startup recently asked me, “Harry, do you agree startups should always raise more money than they think they’ll need?” My answer — raise the amount you need. The runway is…