Saturday, April 24, 2021

"Sleepminting" Exposes Vulnerability of the NFT Market (and Other Insights)

In the opening days of April, an artist operating under the pseudonym Monsieur Personne (“Mr. Nobody”) tried to short-circuit the NFT hype machine by unleashing “sleepminting,” a process that complicates, if not corrodes, one of the value propositions underlying non-fungible tokens. His actions raise thorny questions about everything from coding, to copyright law, to consumer harm. Most importantly, though, they indicate that the market for crypto-collectibles may be scaling up faster than the technological foundation can support.

Debuted as part of an ongoing project titled NFTheft, sleepminting serves as a benevolent but alarming crypto-counterfeiting exercise. It aims to show that an artist can be made to unconsciously assert authorship on the Ethereum blockchain just as surely as a sleepwalking disorder can compel someone to waltz out of their bedroom while in a deep doze.

Remember, to “mint” an NFT means to register a particular user as its creator and initial owner. Theoretically, this becomes the first link in a verified, unbreakable chain of custody tethered to an NFT for the life of the underlying blockchain network. Thanks to this perfectly complete, perfectly secure, and eternally checkable data record, the argument goes, potential buyers can trust non-fungible tokens without necessarily having to trust their owners or sellers. These traits add a valuable layer of security that traditional artworks could never rival with their eternally dubious off-chain certificates of authenticity and provenance documents.

Personne may have found a way to dynamite this argument for much of the art NFT market. Sleepminting enables him to mint NFTs for, and to, the crypto wallets of other artists, then transfer ownership back to himself without their consent or knowing participation. Nevertheless, each of these transactions appears as legitimate on the blockchain record as if the unwitting artist had initiated them on their own, opening up the prospect of sophisticated fraud on a mass scale.

To prove his point, on April 4, Personne sleepminted a supposed “second edition” of Beeple’s record-smashing Everydays: The First 5,000 Days, the digital work and accompanying token that sold for a vertigo-inducing $69.3 million via Christie’s less than a month earlier. (My emails to Beeple and his publicist about the situation went unanswered.)

In our ensuing email exchange, Personne claimed he then gifted the sleepminted Beeple (Token ID 40914, for the real crypto-heads) to a user with the suspiciously appropriate handle Arsène Lupin, an homage to the famous “gentleman thief” created by Maurice Leblanc and recently reincarnated in a hit Netflix show. (Personne denied he was Lupin to the blog Nifty News.) Lupin then turned around and offered the sleepminted Beeple for sale on Rarible and Opensea, two of the largest NFT marketplaces—both of which eventually deactivated the listings. (Neither Rarible nor Opensea replied to my emails seeking comment.)

Why publicize any of this, you ask? Personne essentially sees himself as a so-called white hat hacker, meaning an ethics-driven coder who exploits technological flaws strictly to demonstrate how they can be fixed. He is a staunch believer in the potential of NFTs and crypto. However, he believes major “security issues and vulnerabilities” in smart contracts have been glossed over to make way for the gold rush. He also claimed to have launched the NFTheft project only after the crypto-community largely ignored or derided his attempts to spark earnest conversation.

“The goal I want to achieve with this is to take the most expensive and historic NFT, and show that if it is not protected, how can we guarantee that any NFT is safe from intentional malice, fraud, forgeries, theft, etc.?” he wrote.

Although the sleepminting saga is hairier than a Haight-Ashbury commune, I think we can chop through the overgrowth using two questions with serious stakes for different participants in the NFT market.

1. What does sleepminting tell us about the technological vulnerabilities of art-related NFTs?

Short Answer

The main smart contract driving the market might not be smart enough to secure the frenzied level of buying and selling we’ve seen in 2021.

Longer Answer

What’s clear is that Personne is exploiting a flaw in the standard ERC721 smart contract, which is used by the overwhelming majority of art-related NFTs transacting on the Ethereum blockchain. But it is not an easy-to-see flaw, and the effect is not being faked by Photoshop wizardry or some other non-crypto chicanery; the sleepminted Beeple really is minted in Beeple’s wallet, it really is transferred elsewhere afterward—and both of those transactions are memorialized forever on the blockchain.

by Tim Schneider, ArtNet | Read more:
Image: Beeple, Everydays – The First 5000 Days NFT