Do you know where your NFT art is stored?
This year, we’ve seen NFTs reach new record trading volumes in May, followed by a crash that had some declare their death. This is nothing new for savvy crypto enthusiasts. Any Bitcoiner will have been confronted with the notion of Bitcoin being dead at least once. It has become so common of a theme that there is even a website tracking all the supposed deaths.
The last time we checked, Bitcoin continued to be alive. A similar thing happened with NFTs this year. While the crash might have looked bad in early June, NFT trading volumes recovered, and interest picked up again towards the end of the year, with USD volume spent on NFTs peaking at the end of August at $1.6 billion.
With increased NFT sales, more and more investors hold the non-fungible tokens. Maybe if you’re reading this you are among those who bought an NFT.
Have you ever checked where your actual artwork — be that a jpeg, or an entire video — is stored? Because it matters, quite a lot as an artist, and NFT creator neitherconfirm proved in March. He listed 26 NFTs for sale on OpenSea, the digital nft marketplace. A few days later he “pulled the rug” on his collection.
Rug Pull: describes a malicious act in which developers of a crypto project abandon it, and escape with investors’ funds. With the emergence of DEXs (decentralized exchanges) they’ve become more common, as developers can list their token without any prior verification, or quality control.
When buyers went back to enjoy their art, all they found were images of rugs. The artist had changed the images associated with each token from the original artwork to pictures of carpets. Neitherconfirm took to Twitter that he had pulled the rug, and nobody got hurt. He also shared that the majority of the proceeds would be going to charity.
While it’s reassuring that no one got hurt in this case, it’d be naive to think that more malicious actors won’t repeat something like this.
The point neitherconfirm was trying to drive home is that “All discussions about the value of NFTs are meaningless as long as the token is not inseparable from the artwork itself.”
NFTs have great potential. Yet, diligent DYOR is essential, just like when buying into a cryptocurrency.
This includes researching where the artwork you’re buying is stored.
While NFTs are decentralized and have the associated benefits of being tamper-proof and accessible, it ultimately comes down to how they are stored. Imagine the above happened to you, and even though you had bought an artwork of your favorite crypto influencer, all you see now is a rug. You’d be furious, and you’d have experienced what introducing an element of centralization in the decentralized ecosystem can do.
When the digital art you purchased is stored on a centralized server, the link to that can easily break when the company hosting the server moves to another domain, or if they shut down. As a centralized entity, they might also get hacked, and attackers could steal the expensive 3D image of a rabbit.
Currently, marketplaces like OpenSea leave it up to creators to pick where they host images. The example metadata in their documentation even refers to the Google API.
Relying on Google Cloud to keep your NFT available seems inconsequential at best, and puts it at the risk of all the downsides that come with centralization.
If you’re using OpenSea or other nft marketplaces, the best way to find out where your NFT lives is to check under details. The metadata will provide you with all the clues you need, as well as the actual link to where your NFT can be found.
When you stumble across Metadata that is centralized, you might have to reassess the risk of losing access to your NFT. While centralized according to OpenSea means that the creators don’t have access to make changes, it does not guarantee availability in the long run, nor protect from hacks.
As a side note, you might want to start wondering, how decentralized Polygon is, if you followed the recent controversy around their Hard Fork.
In other cases, you might find that the Metadata is frozen. When you come across such an NFT, the metadata is stored on IPFS, the interplanetary file storage. A click on the hyperlinked “frozen” will open up an IPFS location.
IPFS is a protocol for file sharing and storing data on a decentralized peer-to-peer network. Anyone can start providing storage on IPFS by simply downloading the desktop software. Content is broken down into pieces, encrypted, and stored across nodes in the network. For retrieval, IPFS relies on encrypted hashes linking to the content pieces.
In theory, a file hosted on IPFS will remain available, even if one of the nodes goes offline. However, you have to distinguish between data available through a public gateway and a private one in practice.
Public vs Private gateway
Data hosted through a public gateway will likely be available regardless of which nodes are online. However, when hosted through a private gateway, the availability of the data depends on the private entity keeping it online. To give an example, Beeple’s artwork that sold for $69 million “Everydays: The First 5000 Days” is referencing metadata hosted through a public gateway. Yet, the data for the reference to the image is stored through MakersPlace’s private gateway — so if they decided to stop operating, the owner will still have access to the metadata, but no longer to the image file. And it’s questionable if a token referencing an image that’s not accessible anymore still is worth $69 million.
The questions surrounding storage overall arise because block space on popular chains is expensive, and hence not cost-effective for particularly big files. Some NFT projects such as artblocks have still chosen to put the entire data relating to a token, including its metadata on-chain, allowing for the purest form of ownership.
What does all this mean for NFT enthusiasts?
There are various companies building decentralized storage offerings for NFTs to help collectors maintain access. Yet, even without relying on yet another party to keep one’s NFT image files available, it’s worth checking for where these files are stored in the first place. NFTs linking to centralized storage are ticking time bombs, and there isn’t much an owner can do.
The metadata is intrinsically linked with the NFT and can’t (shouldn’t) be changed. Therefore, one potential solution would be for NFT marketplaces to allow NFT owners to burn and re-mint the token; referencing an IPFS public gateway. So far we’ve not seen any marketplaces go down that route.
For anyone owning an NFT linking to a file in IPFS, the best way to keep one’s files available at all times is to run an IPFS instance from their own desktop.
Moving forward, we’re likely to see issues with storage become a topic of conversation as soon as owners realize that some of their image files aren’t available anymore. There are already various cases of NFT artworks on NiftyGateway not being available.
Lastly, another thing to keep in mind when purchasing NFTs is the blockchain they live on. If the network itself is controlled by just a few entities, it might be time to question if you truly own the NFT.