- Most NFTs don’t really permanently live on a blockchain.
- The content and metadata that an NFT represents are stored separately from the NFT smart contract itself.
- It's on you, the NFT buyer, to take steps to protect and store your NFT.
Remember when musician 3LAU sold an NFT album for $11 million on the Gemini-run marketplace NiftyGateway? It might seem like forever ago, but it was at the beginning of March.
And now it’s missing.
To be sure, you can still find a copy of it on NiftyGateway, but the actual NFT asset is no longer discoverable online. It exists only on a centralized provider, a business that could eventually go bust as so many businesses eventually do.
Welcome to the world of non-fungible tokens, where permanent rights to digital assets can be bought and sold for millions of dollars, but the assets themselves are just a few missteps away from becoming worthless.
Where do NFTs live?
To understand how an NFT can “disappear,” it’s necessary to understand a bit about what an NFT is—and what it isn’t.
When we talk about NFTs, we’re usually talking about tokens created using Ethereum’s ERC721 token standard (although other blockchains have since adopted a similar standard). It was a way of creating smart contracts on the Ethereum blockchain for what are essentially deeds. Those deeds could represent physical property, such as houses or artwork, or they could represent virtual collectibles, such as digital trading cards or a video clip of an NBA highlight.
Notice that the deed can be to something physical. Thus, the NFT (in most cases) is actually only the smart contract; the content and metadata are stored separately from the thing itself, mainly because it’s either too large or onerous to store on the Ethereum blockchain.
“The contract is a different thing than the data,” Sam Williams, founder of decentralized storage network Arweave, told Decrypt in an interview. “And that means the contract can still exist while the data disappears.”
While many say Protocol Labs’ InterPlanetary File System (IPFS) is a silver bullet solution to guard against this, Williams said that’s not how IPFS works. “IPFS is just saying: ‘Once you have the link, once you have the content ID [CID], you will always be able to find the data if the data is there.’”
IPFS, he said, is “a system of addressing data, but not storing data.” Williams said storage is more of what Arweave does. His company bills itself as a “global, permanent hard drive”; it has found added utility amid the boom in demand for NFTs.
Ian Darrow, operations lead at Protocol Labs’ Filecoin project, responded to Decrypt, “It's definitely true that this isn't—and nothing is—a magic box that your stuff gets stored there and you never have to think about it again.”
How can an NFT disappear?
This might come as a shock, but once you buy an NFT, you have to make sure it’s being taken care of.
“If you went to Sotheby’s and bought a painting, you wouldn't expect that after you bought the painting, Sotheby’s is also providing climate-controlled storage for you for the next 100 years,” said Darrow.
The folks at CheckMyNFT, an NFT resource site, told Decrypt via direct message that there are several ways a purchased NFT could get lost or changed. For starters, the token with the smart contract might not link directly to the asset. Or the asset could be on a centralized provider such as Cloudinary, which NiftyGateway uses, that could eventually shut down. And the NFT could merely link to a URL, “which means that whatever is stored from that URL can be changed.”
Filecoin’s Darrow agreed that’s bad practice: “It’s just really fairly irresponsible to use an HTTP URL as the canonical reference for an NFT.”
I just pulled the rug at my NFT collection on @opensea . Nobody got hurt.
It is pretty easy to change the jpg, even if it does not belong to me or it is on auction. I am the artist, my decision, right?
A thread from somebody making his living with art irl about the value of NFTs. pic.twitter.com/LNAZqPpDMZ
— neitherconfirm (@neitherconfirm) March 9, 2021
According to CheckMyNFT, storing the asset as an IPFS hash is better, because “at the very least the hash acts as an immutable fingerprint and with it you can verify the integrity of the metadata.”
However, the file can still become “unavailable” if the asset is stored on IPFS and the only node storing it is disconnected from the network. “When you ‘upload’ to IPFS there is no guarantee that your data is replicated,” CheckMyNFT said. “Essentially what happens is that you tell other nodes that you are storing data at this address but that is it. Only if other nodes are interested in that data will there be replication.”
And then there are the personal security measures that should be standard practice by now for everyone, but still aren't, like using two-factor authentication (2FA) for logging in to internet portals. Last week, when several NiftyGateway users reported that their NFT collections were missing, NiftyGateway said it wasn't a hack of its platform, but a direct accessing of those users' specific accounts.
We encourage our users to enable 2FA that we provide on the platform and never reuse passwords. We have seen some reports that NFTs involved in these account takeovers were sold in transactions negotiated over Discord or Twitter.
— Nifty Gateway (@niftygateway) March 15, 2021
What can you do about it?
To make the most of IPFS, Filecoin’s Darrow recommends “pinning” data to IPFS. “It's taking that content hash and saying, ‘I'm going to keep storing this file, I'm going to make sure that it's available, anyone that can talk to me on the IPFS network will be able to get this file from me.” Several services do this for you, including Pinata and Infura. (The latter is funded by Ethereum studio ConsenSys, which also funds an editorially independent Decrypt.)
CheckMyNFT recommends going a step further and using IPFS2Arweave.com, which both pins the NFT and stores the data on Arweave, where people can store data for 200 years upfront for around $0.05 per megabyte and then use the interest they earn toward future storage.
“This creates a sustainable system where you can put large amounts of data into a blockchain and have it replicated, basically indefinitely, for thousands and thousands of years at minimum,” said Williams.
But Arweave and other solutions aren’t automatically any more permanent than NFTs. Filecoin's Darrow says NFT platforms should tell customers how long the assets will be stored, and what additional steps they can take to store it themselves. "IPFS has really moved away from the permanent storage, 'permanent everything’ branding, because it’s just a very hard guarantee to make.”
Update: This article was updated to clarify that some NFTs can live on-chain.