The blockchain has frequently been hailed as the future of art commerce, offering a way to ensure a work’s authenticity while creating an unalterable digital record of provenance on a public ledger. But recent reports of hacking on Nifty Gateway, a popular marketplace for non-fungible token (NFT) art, have raised questions about potential security flaws in the system. Several users have taken to social media in the last few days to claim they had NFTs stolen on the platform, with little recourse to get them back.
One of them is media strategist Michael Miraflor, who tweeted this weekend that his Nifty Gateway account had been compromised and his entire NFT collection cleared out in a matter of minutes. The hacker transferred Miraflor’s NFTs to another account and used his credit card on file to purchase more than $10,000 worth of Nifty’s daily “drop,” which they also transferred; then, they sold the stolen NFTs via the messaging app Discord.
Among the NFT works taken from his collection was an open edition piece by Major League Baseball player-turned-artist Micah Johnson, who made headlines when a group of NFTs representing one of his painted sculptures sold for $1 million in just one minute on Nifty.
Miraflor reported the fraudulent charges to his credit card company and was able to get his money back. (Nifty Gateway allows users to make purchases using their credit card instead of the Ether cryptocurrency that other platforms like Foundation, SuperRare, and MakersPlace require.) But when he reached out to Nifty’s support team regarding the stolen NFTs, he was told they could not transfer the digital tokens back to him. Transactions cannot be reversed on the blockchain, and per Nifty’s Terms of Service, Miraflor’s NFTs now legally belong to the users who purchased them fair and square — even if they were bought from a hacker.
Works by other high-profile crypto artists, like Trevor Jones, have also been stolen and resold in the same way, according to an ongoing list of the thefts created by Twitter user @KeyboardMonkey3, who estimates over $150,000 worth of NFTs have been stolen.
NFTs are unique digital files that can represent works of art and other collectible assets and are inscribed on the Ethereum blockchain. A growing number of artists have embraced the technology, which allows creators to sell their work without the help of a gallery as well as track and often earn a percentage on resales.
Miraflor says he started collecting crypto art because he liked the idea of supporting artists, many of whom had difficulties monetizing their work within the traditional art market.
“The sad thing for me is that I dove into exploring NFTs because 1) I love the idea of artists being compensated for resales in perpetuity and 2) it ostensibly solves provenance issues in the art space,” Miraflor told Hyperallergic. “I’ve lost a COA [Certificate of Authenticity] before, so know the headache that comes along with that.”
“I’m still optimistic on the long-term potential of NFTs to support artists and collectors, but I’m going to be a lot more mindful of security and platform terms of service moving forward,” he added.
A Nifty Gateway spokesperson told Hyperallergic that the company has seen “no indication of compromise” on its platform.
“The Nifty Gateway team is communicating with a small number of users who appear to have been impacted by an account takeover. Our analysis is ongoing, but our initial assessment indicates that the impact was limited, none of the impacted accounts had 2FA enabled, and access was obtained via valid account credentials,” they said.
2FA is short for “two-factor authentication,” a common form of online security that requires users to provide a second login credential, in addition to their username and password, in order to access their account. Nifty encourages users to enable the 2FA options provided on the platform and never reuse passwords.
In addition, the spokesperson said, users should purchase NFTs on the official Nifty Gateway marketplace. In many of the recent account takeovers, the stolen NFTs were sold in transactions negotiated outside of the platform, on Discord channels or Twitter.
One victim of a theft on the platform, Cranford Stoudemire, said he was able to get all of his stolen NFTs back except for one, a piece by artist Kode Abdo. Stoudemire caught the account being hacked as it was happening, in time for Nifty Gateway to lock down the secondary account where his NFTs were being kept. The company was able to transfer the works back to Stoudemire before they were resold in an unofficial marketplace.
Nifty Gateway has not responded to Hyperallergic’s inquiries regarding the exact number of incidents or the total value of NFTs stolen. But for some, the hackings have exposed holes in a technology often touted as a foolproof record of ownership.
“If art can be stolen with zero verification and the solution is ‘just don’t buy stolen art’ then you’ve kinda ripped away the curtain and exposed the scam,” wrote Twitter user @bach_tigh. “There’s no ownership, just made-up paperwork.”
In his new works, Gober pulled me into another world, one that was both illuminated by natural light and full of cold shadows.
What’s difficult, perhaps impossible, to show in art is the experience of what passes beyond all comprehension.
At this free online summit, hear from architects Tadao Ando and Lesley Lokko; artist Himali Singh Soin; author Amitav Ghosh; design studio Formafantasma; and more.
Testament at Goldsmiths College asks: Can any monument be removed of its tarnish?
Hiding in plain sight, the box obscures a vast legacy of inequality without undoing it. It removes the most visible source of conflict without addressing the root causes.
This immersive video installation utilizes waterscape scenes to speak about concepts such as existence, intimacy, healing, and aquatic ecology.
Unveiled as a part of the Prospect.5 triennial, the bronze is one of five new works that suggest new approaches to public statuary.
X-ray imaging revealed the hidden wounds on Yves Tanguy’s 1930 masterpiece, which was slashed violently during an attack on a Paris arthouse theater.
Curator, educator, and transdisciplinary artist Jova Lynne is coming from MOCAD to lead Temple Contemporary exhibitions and public programs.
Their portraits will be included along with those of Venus and Serena Williams, José Andrés, Clive Davis, and Marian Wright Edelman.
Since 2017, the Gordon Parks Foundation has awarded annual fellowships to 10 artists in a range of disciplines.
To understand contemporary art, it is necessary to investigate the connections that are sometimes omitted or undervalued in art history.