Debuted as part of an ongoing project titled NFTheft, sleepminting serves as a benevolent but alarming crypto-counterfeiting exercise. It aims to show that an artist can be made to unconsciously assert authorship on the Ethereum blockchain just as surely as a sleepwalking disorder can compel someone to waltz out of their bedroom while in a deep doze.
Personne may have found a way to dynamite this argument for much of the art NFT market. Sleepminting enables him to mint NFTs for, and to, the crypto wallets of other artists, then transfer ownership back to himself without their consent or knowing participation. Nevertheless, each of these transactions appears as legitimate on the blockchain record as if the unwitting artist had initiated them on their own, opening up the prospect of sophisticated fraud on a mass scale.
To prove his point, on April 4, Personne sleepminted a supposed “second edition” of Beeple’s record-smashing Everydays: The First 5,000 Days, the digital work and accompanying token that sold for a vertigo-inducing $69.3 million via Christie’s less than a month earlier. (My emails to Beeple and his publicist about the situation went unanswered.)
In our ensuing email exchange, Personne claimed he then gifted the sleepminted Beeple (Token ID 40914, for the real crypto-heads) to a user with the suspiciously appropriate handle Arsène Lupin, an homage to the famous “gentleman thief” created by Maurice Leblanc and recently reincarnated in a hit Netflix show. (Personne denied he was Lupin to the blog Nifty News.) Lupin then turned around and offered the sleepminted Beeple for sale on Rarible and Opensea, two of the largest NFT marketplaces—both of which eventually deactivated the listings. (Neither Rarible nor Opensea replied to my emails seeking comment.)
Why publicize any of this, you ask? Personne essentially sees himself as a so-called white hat hacker, meaning an ethics-driven coder who exploits technological flaws strictly to demonstrate how they can be fixed. He is a staunch believer in the potential of NFTs and crypto. However, he believes major “security issues and vulnerabilities” in smart contracts have been glossed over to make way for the gold rush. He also claimed to have launched the NFTheft project only after the crypto-community largely ignored or derided his attempts to spark earnest conversation.
“The goal I want to achieve with this is to take the most expensive and historic NFT, and show that if it is not protected, how can we guarantee that any NFT is safe from intentional malice, fraud, forgeries, theft, etc.?” he wrote.
Although the sleepminting saga is hairier than a Haight-Ashbury commune, I think we can chop through the overgrowth using two questions with serious stakes for different participants in the NFT market.
1. What does sleepminting tell us about the technological vulnerabilities of art-related NFTs?
Short Answer
The main smart contract driving the market might not be smart enough to secure the frenzied level of buying and selling we’ve seen in 2021.
Longer Answer
What’s clear is that Personne is exploiting a flaw in the standard ERC721 smart contract, which is used by the overwhelming majority of art-related NFTs transacting on the Ethereum blockchain. But it is not an easy-to-see flaw, and the effect is not being faked by Photoshop wizardry or some other non-crypto chicanery; the sleepminted Beeple really is minted in Beeple’s wallet, it really is transferred elsewhere afterward—and both of those transactions are memorialized forever on the blockchain.
by Tim Schneider, ArtNet | Read more:
Image: Beeple, Everydays – The First 5000 Days NFT
