Skip to main content
Post image

How we make sure our NFTs are secure

Conventionally, malicious actors have multiple ways of tampering with NFTs. It is vital to develop technology which prevent these kinds of tampering and thus secure the tokens themselves as well as confirm their ownership.  

SECURE TOKENS 

1. NFTs can only be as secure as their underlying technology.  

Algorand has chosen a fast but very secure consensus mechanism: It uses a decentralized Byzantine Agreement protocol that leverages pure proof of stake (Pure POS). This means that it can tolerate malicious users, achieving consensus without a central authority, as long as a supermajority of the stake is in non-malicious hands. This consensus protocol is very fast and requires minimal computational power per node, giving it the ability to finalize transactions efficiently. 

Further, Algorand does not fork, thus guaranteeing that every transaction on the blockchain is final. This adds a level of security and stability that doesn’t exist on Bitcoin or Ethereum. 

  

2. NFTs are only as secure as their definition.  

On most blockchains, NFTs are defined by their interface. That means that the level of security is extremely low because the implementation is not standardized, and the contracts are not peer reviewed before use. This gives malicious actors a large amount of attack vectors. NFT contracts can, for instance, contain code that allows specific accounts to control them. They can even contain malware and attempt to steal cryptographic currencies stored in the same account as the NFT. Also, NFTs on most chains can simply be dropped into an account, creating new opportunities for spam and online harassment. 

To prevent this, we are using Algorands Layer-1 NFT implementation, and consequently, the behavior of our NFTs on Algorand is defined by a standard implementation that cannot be tampered with. Rather than writing a program to control the lifecycle of an NFT, we configure it. NFTs on Algorand cannot simply be dropped to an account. Instead, the account needs to initiate a transaction to accept them. 

  

SECURE OWNERSHIP 

NFTs are simply a token on a chain that has been created by someone claiming to have ownership of the media the NFT represents, and the intellectual property that underlies it. 

There is currently no technical means of proving ownership. It is thus vitally important that the implementation provides opportunities for that ownership to be checked manually by a prospective owner. 

For this reason, Kollektor.io is adding two innovations to the NFT space to make it easier to check the claims of ownership: 

1. De-Anonymization of creators 

Typically, blockchains use accounts to identify its users. These accounts are often represented as long hash values, and while they are easily trackable, they are anonymous, or rather pseudonymous. Every creator can have one or several accounts, as can every malicious actor. It is thus crucial to bind the identity of the creator to the account. This is why we document the ownership of artists’ social profiles using the W3C standard of verifiable presentations

 2. Documentation of the creative process 

Kollektor.io is a member of the Creative Rights Initiative. Its mission is to identify who created an artwork, what tool was used to create it, and what interaction the artist had with the tool. Spearheaded by Wacom, CRI will enable NFT collectors to understand how exactly a media file was created, thus making simple copy-and-paste forgeries impossible.