A Guide to NFT Platform Security

  • Consensus Security: the difficulty of stealing assets by attacking the platform’s nodes/validators (e.g. through a 51% attack)
  • Bridge Security: the security of the mechanism for moving assets to and from Ethereum. This is usually the larger concern, as compromises generally put user funds directly at risk

Ronin

Consensus Security

Bridge Security

Polygon

Consensus Security

The top 7 validators are staking 1,540,761,159 of 2,307,879,127 staked $MATIC (~67%)

Bridge Security

Immutable

Consensus Security

Bridge Security

Solana

Consensus Security

Optimism

Consensus Security

Bridge Security

Security Beyond Core Platforms

  • Wallet Security: how are user keys stored? What would be the impact if this storage system were compromised (e.g. a custodial wallet provider, a bad version of a native wallet app, a bad dependency in a browser extension)?
  • Metadata Security: how is asset metadata (including images) stored? If this metadata was altered or replaced due to a compromise, what would be the market impact?
  • Project Security: projects on any platform usually retain some admin keys for their project. What would happen if those keys were compromised? Does your project have active monitoring for breaches? Does your platform support best practices for key management?
  • Treasury Security: most platforms will have substantial reserves of their token (e.g. for use in rewards or grants). How are these funds held? How are transfers from the treasury authorized and executed? What would be the impact of a compromise?
  • Marketplace Security: how do marketplaces which support this protocol protect users from malicious transactions like copycat projects?

--

--

--

Powering the next generation of web3 games on Ethereum L2. https://www.immutable.com/

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Split Internet Tunnelling with SSH Proxy

Hacking Is Necessary For This World

{UPDATE} 우리말 퀴즈 Hack Free Resources Generator

Remove Loadstart.biz Redirect Virus — Loadstart.biz Redirect Virus Removal Guide

The Truth Behind Hunting Pedophiles On The Dark Web

Teddy Cash is Live

Managing an Information Technology Department in the 21st Century

Israeli-linked cyber offensive firm Cytrox targeted an investigative journalist of CNN Greece

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Immutable X

Immutable X

Powering the next generation of web3 games on Ethereum L2. https://www.immutable.com/

More from Medium

Serum Partners with Burnt Finance to Launch Debut NFT Collection

Oxygen_Staking is now Live. Generate up to 15% pa passive income on OXY

NEAR Hacker Houses: Starting in 🌴MIAMI🌴

Understanding token Security, Fungibility, and distribution