Recently, the music band Kings of Leon sold one of their albums as an NFT at $50 each. They made $2 million. Twitter CEO, Jack Dorsey, sold his first tweet as an NFT for $2.9 million and donated the proceeds to charity. Will Smith and Michael Jordan have both invested in the NBA Top Shot developer, which offers NFTs as digitally licensed collectibles. Sorare raised over $500 million as one of the most-funded NFT projects to date, featuring fully licensed cards of soccer players from around the world.
Clearly, NFTs are creating a lot of buzz lately.
What’s a Non-fungible Token?
To understand a non-fungible token (NFT), let’s start with a fungible token. A fungible token is a digital asset. It’s secured by blockchain technology, and it’s interchangeable. Bitcoin is a well known fungible token. One Bitcoin is equal in value to any other Bitcoin. In contrast, a non-fungible token is unique. One NFT is not equal in value to any other NFT.
A good comparison could be the difference between a $20 bill and an original painting. The $20 bill is interchangeable with any other $20 bill. In contrast, the original painting is unique. Even if the artist attempted to make an exact copy, there would be differences. Its value is dependent on what someone — an art collector or the artist’s mom — is willing to pay for it.
NFTs don’t have a traditional value associated with them. They are worth what someone is willing to pay. And they are uniquely coded so that they can’t be replicated. NFTs are also secured by blockchain technology. One way to see the difference is in the tokens used — ERC-20 for cryptocurrencies and ERC-721 for NFTs — but more on that later.
NFT Use Cases
We can further understand NFTs by learning about some of the current use cases for NFT and tokenizing assets. Below are areas where the ownership of NFTs guarantees your unique ownership of a variety of assets, from gaming and digital art to fantasy sports applications. Blockchain opened up the collectible marketplace to more security and digital scarcity; only time will tell how much it will also grow within the gaming ecosystem and other industries.
The internet and cats go together like bread and butter, so it’s not surprising that a popular use of NFTs involves cats on the internet. Cryptokitties is a game that uses one-of-a-kind digital cats. On their site, you can collect and breed cryptokitties, your digital pets. Breeding creates new, unique cryptokitties. They even have puzzles and games to play in their “KittyVerse”.
Larva Labs created Cryptopunks in 2017, which consisted of 10,000 unique characters distributed for free. Today, these characters are sold and purchased on the Cryptopunks website and also available in NFT marketplaces like OpenSea. Larva Labs claims that Cryptopunks is “the project that created the modern CryptoArt movement," and they have good reason to boast: one of the most expensive characters to date sold for over $7 million.
Fantasy sports is a massive online market. NFTs have jumped into the fantasy sports market with Sorare, where you can purchase licensed football (soccer) cards, each one backed by an ERC-721 token. These are officially licensed with the football clubs; the cards are collectible and limited, and include super rare cards. You build and manage your squad by creating your line-ups from your cards, select a captain, and earn points based on actual match performances, just like other fantasy sports.
All three of the examples above are platforms built specifically around non-fungible tokens. A lot of other NFT action happens in marketplaces like Rarible, OpenSea, SuperRare, and the invite-only Nifty Gateway.
NFT marketplaces offer a fascinating tale of how a digital artist can see the value of their work skyrocket. Mike Winkelmann is the digital artist known as Beeple, and prior to NFTs the most he’d sold a print for was $100. That changed in October 2020, when he sold his first series of NFTs, “with a pair going for $66,666.66 each.” That’s a big jump from $100. But he saw an even bigger jump in March 2021. That’s when the bidding ended on his digital work of art, “Everydays - The First 5000 Days,” offered through Christie’s.
It sold for $69 million.
Do NFTs Matter for Businesses?
If you’re familiar with the buzz about NFTs, perhaps you weren’t surprised by the amount of money people are investing in these digital assets. Or perhaps you were blown away. As NFTs become mainstream, they’re selling for more money. Does this new digital asset matter for your business?
The business applications are still evolving. The obvious industries to get involved with NFTs are music, artists, game designers, and collectors. Creators have an opportunity to receive more direct payments and simply make more money, as we’ve seen with Beeple.
But other companies are finding unique ways to use NFTs, and their uses are likely to grow. There’s a possibility that non-fungible tokens could expand to tokenize more real-world assets such as transactions, contracts, and even real estate. Some of this has already started. Additionally, NFTs can create a way for your business to make an impact on your brand through unique experiences, and increasing both awareness and interest.
Did you hear about the Taco Bell GIFs? Their NFTs sold out in minutes. Would you rather get a gordita or a GIF from this fast food joint?
For that unique brand experience, creating NFTs might make a lot of sense.
How To Make An NFT
If you want your company to join the NFT experience, you'll start by “minting” something. Perhaps you have your own great set of GIFs. To create an NFT for each GIF you'll need a unique ID, a name and description, and a place to host each image file online, most likely using the InterPlanetary File System (IPFS). It might not sound too complicated, and you can find the code online necessary for setting up the NFT, but there’s a cost involved.
You must pay fees — also called “gas” — to the network in order to write on the blockchain any code, smart contract, data or transaction. Once you’ve paid the gas and minted your NFT, likely with one of the NFT marketplaces, the next step is selling, which is also done through the marketplaces. You can list your asset for the price you think someone will buy it. Hopefully, you make a profit. And in that smart contract, you can even code your NFT such that the original artist gets a royalty when it’s resold.
Risks of NFTs
The biggest risk with NFTs is speculation. The money for some of the mentioned NFT examples looks impressive; that’s why they make the news. But even the expensive Beeple purchase is only worth what someone else is willing to pay, so perhaps the buyer who put down $69 million could never find someone else willing to pay that high. NFTs are speculative assets, so their value will rise and fall in price.
Another risk of NFT is getting hacked, which remains a risk for any and all online activity. Users have reported losing NFTs in their marketplace accounts after getting hacked. In response to some reports of this happening on their site, Nifty Gateway replied that “it looks like a hacker got this user’s password or gained access to their account another way.” They urged users to set up two-factor authentication for better security beyond a username and password.
Another risk of NFTs is simply the risk of losing the asset, or losing your blockchain wallet. There’s some rather jaw-dropping online stories about individuals who lost their access to their cryptocurrencies wallets, unable to remember the password to get into their digital money. Losing access to a blockchain wallet is also a risk with NFTs, as are simply losing the NFTs altogether. Let’s say you purchased digital art as an NFT, but the seller didn’t host it with a reliable host. If the hosting service takes it down, how do you get your art back? This is why it’s more and more common to see IPFS, which is a peer-to-peer network for storing and sharing data using a distributed file system. It’s part of the sharing economy, which means it’s not dependent on one hosting service. Explaining all that goes into IPFS, however, could be its own lengthy post.
What are security best practices for NFTs? It’s a new space. A lot of money is involved, so naturally, scammers and hackers want to exploit it. Here are some tips to stay as secure as possible:
- Use a hardware wallet — don’t just use a web-based wallet, such as Metamask, on its own.
- Set up two-factor authentication.
- Make sure you use the correct website, & beware of phishing scams.
- Never share your private keys with anyone.
- Do your due diligence that the NFT seller is legitimate.
- Do your due diligence that the asset is actually owned by the seller.
In addition to these common sense steps, let’s understand a bit more about tokenization.
You Can Break Down an NFT into Two Sections:
- Blockchain: Handles the minting and bookkeeping of NFT and makes sure that the metadata of the NFT is immutable and secure by replicating it across thousands of computers/nodes around the world.
- NFT data: This is the asset. The majority of the NFT data must be stored off chain but must be secured also, such as using IPFS, as mentioned above.
So what exactly gets written to the blockchain? It helps to understand the ERC-721 token, which is the smart contract. With ERC-721, you create a unique token ID to a token, while ERC-20 (used to mint fungible tokens) doesn’t offer this token ID functionality. Other examples of ERC-20 tokens include reputation points in an online platform, skills of a character in a game, lottery tickets, financial assets like shares in a company, or an ounce of gold. As Ethereum puts it in their developer docs: “1 Token is and will always be equal to all the other Tokens.”
In contrast, ERC-721 tokens include a uint256 variable called tokenID. You can then append a metadata JSON schema to the ERC721 token to include name, description, and the URL of the asset. All of this is then stored on the blockchain, with its strong security based on one chain linking to the next and so on, meaning you can’t delete something out of the chain. When you sell your NFT, it adds a new link to the chain.
A NFT Uses a Smart Contract, Which is a Computer Program That Meets the Following:
- Can execute a contractual agreement between two parties
- Turing-complete (“if, then, else” to put it simply)
- Autonomously executed (no 3rd party needed and once deployed, can’t stop execution)
- Executed in a virtual machine (such as Ethereum Virtual Machine EVM)
- Parties remain pseudonymous
- Transparent and fully auditable
Certificates and Online Security
Think of the ERC-721 tokens like digital certificates that identify assets, distinguishing one from another and confirming the ownership. Certificates are important security must-haves for online security.
Did you know that OpenVPN Access Server manages its own public key infrastructure (PKI) that includes multiple certificates, key pairs, tokens, and parameters? We don’t mess around with security either. As a final note, here’s a glimpse into the certificates involved in our enterprise VPN, Access Server, and their purposes:
|Certificate Authority (CA)||The root certificate of the PKI. Server certificates and client certificates are signed with this. Clients receive a copy of the public part of the CA certificate to verify the validity of the server certificate. The server in turn verifies the validity of the client certificates.|
|Server key pair||What provides the proof of identity for the server, and what the OpenVPN daemon runs on. The private key and public key stay on the server, and the server sends the public key to clients for identity purposes.|
|Client key pair||A private key and public key generated for each new user account. The client has a copy of its private key, and the public key that is in the connection profile. The public key is sent to the server for identity purposes.|
|Diffie Hellman parameters||A cryptographic key used to establish a shared secret between two parties that can be used for encryption. This is part of the handshake process for setting up a secure encryption key between server and client.|
|TLS auth HMAC key||TLS authentication managed by OpenVPN that works like a software firewall. Inbound and outbound packets must be signed with this shared key, which is known by servers and clients. Packets not signed by this key are dropped.|
|TLS Crypt key||TLS crypt works like TLS authentication but adds on top of that encryption of the control channel. With TLS crypt v2, each client has its own key for this encryption instead of one shared key for all.|
|Session token HMAC key||HMAC key session tokens used to validate clients connecting to a cluster. All servers that share the same HMAC key can accept a session token generated by another server with that same key. A client that has authenticated with one server can reestablish a new session automatically with any other server in the cluster.|