Jintao Huang,Pengcheng Xia,Jiefeng Li,Kai Ma,Gareth Tyson,Xiapu Luo,Lei Wu,Yajin Zhou,Wei Cai,Haoyu Wang

DOI: https://doi.org/10.1145/3589334.3645566

2024-01-01

Abstract:Unlike fungible tokens (e.g., cryptocurrency), a Non-Fungible Token (NFT) is unique and indivisible. As such, they can be used to authenticate ownership of digital assets (e.g., a photo) in a decentralized fashion. Given that NFTs have generated significant media attention since 2021, we perform a large-scale measurement study of the NFT ecosystem. We collect over 242M transfer logs and over 97M marketplace transactions until Aug 1st, 2023, by far the largest NFT dataset, to the best of our knowledge. We characterize the on-chain behavior of NFTs and their trading across five major marketplaces. We find that, although the NFT ecosystem is growing rapidly, it is driven by a relatively small set of dominant centralized players, with suspicious trade activities, e.g., over 23% of the monetary volume is generated by malicious wash trading and the ecosystem has experienced over 157K cases of NFT arbitrage, with a total sum of over \25M profit. Our observations motivate the need for more research efforts in the NFT security analysis.

JIANG Peipei,WANG Qian,CHEN Yanjiao,LI Qi,SHEN Chao

DOI: https://doi.org/10.11959/j.issn.1000-436x.2021035

2021-01-01

Abstract:While the security of blockchain has been the central concern of both academia and industry since the very start, new security threats continue to emerge, which poses great risks to the blockchain ecosystem.A systematic study was conducted on the most state-of-the-art research on potential security issues of blockchain.Specifically, a taxonomy was developed by considering the blockchain framework as a four-layer system, and the analysis on the most recent attacks against security loopholes in each layer was provided.Countermeasures that can strengthen the blockchain were also discussed by highlighting their fundamental ideas and comparing different solutions.Finally, the forefront of research and potential directions of blockchain security were put forward to encourage further studies on the security of blockchain.

Peng Liao,Chaoge Liu,Jie Yin,Zhi Wang,Xiang Cui

DOI: https://doi.org/10.32604/cmes.2024.043855

2024-01-01

Computer Modeling in Engineering & Sciences

Abstract:Digital assets have boomed over the past few years with the emergence of Non-fungible Tokens (NFTs). To be specific, the total trading volume of digital assets reached an astounding $55.5 billion in 2022. Nevertheless, numerous security concerns have been raised by the rapid expansion of the NFT ecosystem. NFT holders are exposed to a plethora of scams and traps, putting their digital assets at risk of being lost. However, academic research on NFT security is scarce, and the security issues have aroused rare attention. In this study, the NFT ecological process is comprehensively explored. This process falls into five different stages encompassing the entire lifecycle of NFTs. Subsequently, the security issues regarding the respective stage are elaborated and analyzed in depth. A matrix model is proposed as a novel contribution to the categorization of NFT security issues. Diverse data are collected from social networks, the Ethereum blockchain, and NFT markets to substantiate our claims regarding the severity of security concerns in the NFT ecosystem. From this comprehensive dataset, nine key NFT security issues are identified from the matrix model and then subjected to qualitative and quantitative analysis. This study aims to shed light on the severity of NFT ecosystem security issues. The findings stress the need for increased attention and proactive measures to safeguard the NFT ecosystem.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Sangam Bhujel,Yogachandran Rahulamathavan

DOI: https://doi.org/10.3390/s22228833

2022-11-15

Abstract:Non-fungible Tokens (NFTs) are ownership records stored on a blockchain, and they are typically digital items such as photos and videos. In many ways, an NFT is like a conventional proof-of-purchase document, such as a paper invoice or an electronic receipt. NFTs are attractive among other things because of verifiability; each sale is recorded as a blockchain transaction, allowing ownership to be tracked. Also, NFTs can be used to transfer digital assets between two mutually distrusting parties, since both the crypto payment and the asset transfer take place in one transaction. With NFTs, all marketplaces can freely trade with the help of decentralized applications (DApps). It is currently estimated that there are over 245 NFT marketplaces (NFTM) listed with over 1000 blockchains as of August 2022 with 68 million blockchain wallet users. With the expansion of markets, they must face challenges and issues. The objective of this review is to study the market dynamics of NFT ecosystems. It also focuses on technical components that enable NFTs and their marketplace. The review provides a deeper understanding of its components, how they are related, and why they are important. The paper analyses the challenges faced by NFTs and marketplaces in terms of security, transparency, scalability, and the consequences leading to these issues and how they will address them, as well as future opportunities.

Qin Wang,Rujia Li,Qi Wang,Shiping Chen

DOI: https://doi.org/10.48550/arXiv.2105.07447

2021-10-25

Abstract:The Non-Fungible Token (NFT) market is mushrooming in recent years. The concept of NFT originally comes from a token standard of Ethereum, aiming to distinguish each token with distinguishable signs. This type of token can be bound with virtual/digital properties as their unique identifications. With NFTs, all marked properties can be freely traded with customized values according to their ages, rarity, liquidity, etc. It has greatly stimulated the prosperity of the decentralized application (DApp) market. At the time of writing (May 2021), the total money used on completed NFT sales has reached $34,530,649.86$ USD. The thousandfold return on its increasing market draws huge attention worldwide. However, the development of the NFT ecosystem is still in its early stage, and the technologies of NFTs are pre-mature. Newcomers may get lost in their frenetic evolution due to the lack of systematic summaries. In this technical report, we explore the NFT ecosystems in several aspects. We start with an overview of state-of-the-art NFT solutions, then provide their technical components, protocols, standards, and desired proprieties. Afterward, we give a security evolution, with discussions on the perspectives of their design models, opportunities, and challenges. To the best of our knowledge, this is the first systematic study on the current NFT ecosystems.

Cryptography and Security

Nasser Alsalami,Bingsheng Zhang

DOI: https://doi.org/10.1109/dsc47296.2019.8937681

2019-01-01

Abstract:Blockchain and cryptocurrencies have been widely deployed and used in our daily life. Although there are numerous works in the literature surveying technical challenges and security issues in blockchains, very few works focused on the anonymity guarantees provided in cryptocurrencies. In this work, we conduct a systematic survey on anonymity in cryptocurrencies with a clear categorization for the different tiers of anonymity offered in the various cryptocurrencies as well as their known weaknesses and vulnerabilities. We also study the techniques that have been used to achieve each tier of anonymity. Finally, we asses the current techniques, and present a forecast for the technological trends in this field.

Hongyin Chen,Yukun Cheng,Xiaotie Deng,Wenhan Huang,Linxuan Rong

DOI: https://doi.org/10.48550/arXiv.2202.02199

2022-07-30

Abstract:The Non-Fungible Token (NFT) is viewed as one of the important applications of blockchain technology. Although NFT has a large market scale and multiple practical standards, several limitations of the existing mechanism in NFT markets exist. This work proposes a novel securitization and repurchase scheme for NFT to overcome these limitations. We first provide an Asset-Backed Securities (ABS) solution to settle the limitations of non-fungibility of NFT. Our securitization design aims to enhance the liquidity of NFTs and enable Oracles and Automatic Market Makers (AMMs) for NFTs. Then we propose a novel repurchase protocol for a participant owing a portion of NFT to repurchase other shares to obtain the complete ownership. As participants may strategically bid during the acquisition process, our repurchase process is formulated as a Stackelberg game to explore the equilibrium prices. We also provide solutions to handle difficulties at market such as budget constraints and lazy bidders.

Computer Science and Game Theory,Distributed, Parallel, and Cluster Computing,Theoretical Economics

Wenkai Li,Jiuyang Bu,Xiaoqi Li,Hongli Peng,Yuanzheng Niu,Yuqing Zhang

DOI: https://doi.org/10.1016/j.jksuci.2022.10.028

2022-10-26

Abstract:DeFi, or Decentralized Finance, is based on a distributed ledger called blockchain technology. Using blockchain, DeFi may customize the execution of predetermined operations between parties. The DeFi system use blockchain technology to execute user transactions, such as lending and exchanging. The total value locked in DeFi decreased from \$200 billion in April 2022 to \$80 billion in July 2022, indicating that security in this area remained problematic. In this paper, we address the deficiency in DeFi security studies. To our best knowledge, our paper is the first to make a systematic analysis of DeFi security. First, we summarize the DeFi-related vulnerabilities in each blockchain layer. Additionally, application-level vulnerabilities are also analyzed. Then we classify and analyze real-world DeFi attacks based on the principles that correlate to the vulnerabilities. In addition, we collect optimization strategies from the data, network, consensus, smart contract, and application layers. And then, we describe the weaknesses and technical approaches they address. On the basis of this comprehensive analysis, we summarize several challenges and possible future directions in DeFi to offer ideas for further research.

Cryptography and Security

Yunpeng Xiao,Bufan Deng,Siqi Chen,Kyrie Zhixuan Zhou,Ray LC,Luyao Zhang,Xin Tong

DOI: https://doi.org/10.31219/osf.io/evz4p

2023-11-22

Abstract:Non-fungible tokens (NFTs) are decentralized digital tokens to represent the unique ownership of items. Recently, NFTs have been gaining popularity and at the same time bringing up issues, such as scams, racism, and sexism. Decentralization, a key attribute of NFT, contributes to some of the issues that are easier to regulate under centralized schemes, which are intentionally left out of the NFT marketplace. In this work, we delved into this centralization-decentralization dilemma in the NFT space through mixed quantitative and qualitative methods. Centralization-decentralization dilemma is the dilemma caused by the conflict between the slogan of decentralization and the interests of stakeholders. We first analyzed over 30,000 NFT-related tweets to obtain a high-level understanding of stakeholders' concerns in the NFT space. We then interviewed 15 NFT stakeholders (both creators and collectors) to obtain their in-depth insights into these concerns and potential solutions. Our findings identify concerning issues among users: financial scams, counterfeit NFTs, hacking, and unethical NFTs. We further reflected on the centralization-decentralization dilemma drawing upon the perspectives of the stakeholders in the interviews. Finally, we gave some inferences to solve the centralization-decentralization dilemma in the NFT market and thought about the future of NFT and decentralization.

Computers and Society,Cryptography and Security,General Economics,Trading and Market Microstructure

Chih-Hung Wu,Chien-Yu Liu,Ting-Sheng Weng

DOI: https://doi.org/10.3390/su15097573

IF: 3.9

2023-05-06

Sustainability

Abstract:Non-fungible token (NFT) products are important for industrial applications. In recent years, they have rapidly gained importance in the field of blockchain combined with metaverse. The concept of NFTs has developed gradually, as many industries have begun using NFTs creatively to raise new business innovation opportunities in entrepreneurship. However, few studies have been conducted analyzing critical features of NFTs for success, trends, and challenges in NFT products. In this study, group discussions, case analysis methods, and the OpenSea database were used to analyze fashion trends among NFT products. A mixed method was used in this study. Quantitative and qualitative data derived from the questionnaire and group discussions were analyzed using the case study method, and the actual historical trading data of NFT products obtained from the OpenSea platform were analyzed. This study analyzed NFT products, fashion characteristics, and trends in NFT artwork. The opportunities and challenges of NFT applications and sustainable NFTs are discussed in this study. Our research results show that the most attractive NFT product types are collectible digital works and creative artworks. The critical design characteristics are lovely (cute), beautiful, and interesting. We recommend that NFT makers use the above-mentioned characteristics to create NFT artworks with special design characteristics to increase NFT values. The advantage of NFTs is that makers can freely create their works through the NFT platform, which can decrease the limitations of traditional methods such as the need for venues, exhibition setup costs, and intermediaries' commissions. The major challenges of current NFT applications include usability challenges, security and privacy issues, and governance considerations. We believe that our research results can provide useful directions and strategies for future researchers, makers, and ventures seeking to develop NFT applications. Our research results, such as identifying the critical design factors and current trends in NFTs, can provide guidelines for art design and innovation education. In addition, this study discusses the applications of NFTs in sustainable education, which can provide benefits for sustainable educational development to meet the goal of quality education in SDG4.

environmental sciences,environmental studies,green & sustainable science & technology

Mengya Zhang,Xiaokuan Zhang,Josh Barbee,Yinqian Zhang,Zhiqiang Lin

2023-12-20

Abstract:Cross-chain bridges are used to facilitate token and data exchanges across blockchains. Although bridges are becoming increasingly popular, they are still in their infancy and have been attacked multiple times recently, causing significant financial loss. Although there are numerous reports online explaining each of the incidents on cross-chain bridges, they are scattered over the Internet, and there is no work that analyzes the security landscape of cross-chain bridges in a holistic manner. To fill the gap, in this paper, we performed a systematic study of cross-chain bridge security issues. First, we summarize the characteristics of existing cross-chain bridges, including their usages, verification mechanisms, communication models, and three categorizations. Based on these characteristics, we identify 12 potential attack vectors that attackers may exploit. Next, we introduce a taxonomy that categorizes cross-chain attacks in the past two years into 10 distinct types, and then provide explanations for each vulnerability type, accompanied by Solidity code examples. We also discuss existing and potential defenses, as well as open questions and future research directions on cross-chain bridges. We believe that this systematization can shed light on designing and implementing cross-chain bridges with higher security and, more importantly, facilitating future research on building a better cross-chain bridge ecosystem.

Cryptography and Security

Xin-Li Yang,David Lo,Xin Xia,Zhi-Yuan Wan,Jian-Ling Sun

DOI: https://doi.org/10.1007/s11390-016-1672-0

2016-01-01

Abstract:Security has always been a popular and critical topic. With the rapid development of information technology, it is always attracting people’s attention. However, since security has a long history, it covers a wide range of topics which change a lot, from classic cryptography to recently popular mobile security. There is a need to investigate security-related topics and trends, which can be a guide for security researchers, security educators and security practitioners. To address the above-mentioned need, in this paper, we conduct a large-scale study on security-related questions on Stack Overflow. Stack Overflow is a popular on-line question and answer site for software developers to communicate, collaborate, and share information with one another. There are many different topics among the numerous questions posted on Stack Overflow and security-related questions occupy a large proportion and have an important and significant position. We first use two heuristics to extract from the dataset the questions that are related to security based on the tags of the posts. And then we use an advanced topic model, Latent Dirichlet Allocation (LDA) tuned using Genetic Algorithm (GA), to cluster different security-related questions based on their texts. After obtaining the different topics of security-related questions, we use their metadata to make various analyses. We summarize all the topics into five main categories, and investigate the popularity and difficulty of different topics as well. Based on the results of our study, we conclude several implications for researchers, educators and practitioners.

Jingjing Yang,Jieli Liu,Dan Lin,Jiajing Wu,Baoying Huang,Quanzhong Li,Zibin Zheng

DOI: https://doi.org/10.1109/tifs.2024.3463541

IF: 7.231

2024-10-11

IEEE Transactions on Information Forensics and Security

Abstract:With the popularity of Non-Fungible Tokens (NFTs), the high value of NFTs makes them a target for phishing scammers, which harms the security and reliability of the Web3 NFT ecosystem. Despite the significance of this issue, there is a lack of systematic research in the area of emerging NFT phishing scams. To address this gap, we are the first to conduct a case retrospective analysis and empirical measurement study of real-world historical NFT phishing scams on Ethereum. We collect and publicly release the first NFT phishing dataset which includes 1,625 NFT phishing accounts and transaction records as of August 2023. We further categorize the existing scams into four phishing patterns and investigate their distinguishable behaviors. Then, we reveal the modus operandi preferences and economic impacts to characterize NFT phishing scams. We find that NFT phishers stole 67,188 NFTs, with a total direct selling profit of 20.92 million. We also observe that scammers favor certain categories and collections of NFTs, coupled with signs of gang theft. Furthermore, we design a variety of account features for the classification task of NFT phishers based on empirical conclusions. Experimental results on real-world NFT transaction data demonstrate the effectiveness of these features in detecting NFT phishing accounts, and outperform traditional phishing detection methods with 41% average Precision and 44% average Recall.

computer science, theory & methods,engineering, electrical & electronic

Kathleen Bridget Wilson,Adam Karg,Hadi Ghaderi

DOI: https://doi.org/10.1016/j.bushor.2021.10.007

IF: 10.562

2021-10-01

Business Horizons

Abstract:Non-fungible tokens (NFTs) are a highly nascent and emerging phenomenon revolutionizing how digital assets are traded. NFTs embody immutable rights to unique digital assets such as digital art and collectibles and are represented as digital tokens that can be traded across marketplaces utilizing blockchain technologies. NFTs engender new ways to organize, consume, move, program, and store digital information and have experienced a rapid rise in various adaptations across art, sports, broadcasting, content creation, and tech-crypto businesses. In this article, we define NFTs and look at how they fit with blockchain and cryptocurrencies, how they are used by various industries, and the opportunities and risks they present. Our key contribution is a conceptual map of an initial NFT ecosystem. In doing so, we provide relational mapping between and among key stakeholders: content creators, core and related technical and business intermediaries, consumers, investors, and speculators. We also highlight implications for managers and tie them to conceptual exploration and exploitation frameworks.

business

Khadija Manzoor,Umara Noor,Zahid Rashid

2023-07-20

Abstract:The Metaverse is rapidly evolving, bringing us closer to its imminent reality. However, the widespread adoption of this new automated technology poses significant research challenges in terms of authenticity, integrity, interoperability, and efficiency. These challenges originate from the core technologies underlying the Metaverse and are exacerbated by its complex nature. As a solution to these challenges, this paper presents a novel framework based on Non-Fungible Tokens (NFTs). The framework employs the Proof-of-Stake consensus algorithm, a blockchain-based technology, for data transaction, validation, and resource management. PoS efficiently consume energy and provide a streamlined validation approach instead of resource-intensive mining. This ability makes PoS an ideal candidate for Metaverse applications. By combining NFTs for user authentication and PoS for data integrity, enhanced transaction throughput, and improved scalability, the proposed blockchain mechanism demonstrates noteworthy advantages. Through security analysis, experimental and simulation results, it is established that the NFT-based approach coupled with the PoS algorithm is secure and efficient for Metaverse applications.

Cryptography and Security

Yimika Erinle,Yathin Kethepalli,Yebo Feng,Jiahua Xu

2023-08-04

Abstract:The rapid growth of decentralized digital currencies, enabled by blockchain technology, has ushered in a new era of peer-to-peer transactions, revolutionizing the global economy. Cryptocurrency wallets, serving as crucial endpoints for these transactions, have become increasingly prevalent. However, the escalating value and usage of these wallets also expose them to significant security risks and challenges. This research aims to comprehensively explore the security aspects of cryptocurrency wallets. It provides a taxonomy of wallet types, analyzes their design and implementation, identifies common vulnerabilities and attacks, and discusses defense mechanisms and mitigation strategies. The taxonomy covers custodial, non-custodial, hot, and cold wallets, highlighting their unique characteristics and associated security considerations. The security analysis scrutinizes the theoretical and practical aspects of wallet design, while assessing the efficacy of existing security measures and protocols. Notable wallet attacks, such as Binance, Mt. Gox are examined to understand their causes and consequences. Furthermore, the paper surveys defense mechanisms, transaction monitoring, evaluating their effectiveness in mitigating threats.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Ruiqiang Li,Brian Yecies,Qin Wang,Shiping Chen,Jun Shen

2024-09-20

Abstract:The Non-Fungible Tokens (NFTs) has the transformative impact on the visual arts industry by examining the nexus between empowering art practices and leveraging blockchain technology. First, we establish the context for this study by introducing some basic but critical technological aspects and affordances of the blockchain domain. Second, we revisit the creative practices involved in producing traditional artwork, covering various types, production processes, trading, and monetization methods. Third, we introduce and define the key fundamentals of the blockchain ecosystem, including its structure, consensus algorithms, smart contracts, and digital wallets. Fourth, we narrow the focus to NFTs, detailing their history, mechanics, lifecycle, and standards, as well as their application in the art world. In particular, we outline the key processes for minting and trading NFTs in various marketplaces and discuss the relevant market dynamics and pricing. We also consider major security concerns, such as wash trading, to underscore some of the central cybersecurity issues facing this domain. Finally, we conclude by considering future research directions, emphasizing improvements in user experience, security, and privacy. Through this innovative research overview, which includes input from creative industry and cybersecurity sdomain expertise, we offer some new insights into how NFTs can empower visual artists and reshape the wider copyright industries.

Cryptography and Security

Shuo Yang,Jiachi Chen,Zibin Zheng

DOI: https://doi.org/10.1145/3597926.3598063

2023-08-04

Abstract:Recently, the birth of non-fungible tokens (NFTs) has attracted great attention. NFTs are capable of representing users' ownership on the blockchain and have experienced tremendous market sales due to their popularity. Unfortunately, the high value of NFTs also makes them a target for attackers. The defects in NFT smart contracts could be exploited by attackers to harm the security and reliability of the NFT ecosystem. Despite the significance of this issue, there is a lack of systematic work that focuses on analyzing NFT smart contracts, which may raise worries about the security of users' NFTs. To address this gap, in this paper, we introduce 5 defects in NFT smart contracts. Each defect is defined and illustrated with a code example highlighting its features and consequences, paired with possible solutions to fix it. Furthermore, we propose a tool named NFTGuard to detect our defined defects based on a symbolic execution framework. Specifically, NFTGuard extracts the information of the state variables from the contract abstract syntax tree (AST), which is critical for identifying variable-loading and storing operations during symbolic execution. Furthermore, NFTGuard recovers source-code-level features from the bytecode to effectively locate defects and report them based on predefined detection patterns. We run NFTGuard on 16,527 real-world smart contracts and perform an evaluation based on the manually labeled results. We find that 1,331 contracts contain at least one of the 5 defects, and the overall precision achieved by our tool is 92.6%.

Software Engineering,Cryptography and Security

Hongyu Gao,Jun Hu,Tuo Huang,Jingnan Wang,Yan Chen

DOI: https://doi.org/10.1109/MIC.2011.50

IF: 2.68

2011-01-01

IEEE Internet Computing

Abstract:This article surveys the current state of security issues and available defense mechanisms regarding popular online social networks. It covers a wide variety of attacks and the corresponding defense mechanisms, if available. The authors organize these attacks into four categories - privacy breaches, viral marketing, network structural attacks, and malware attacks - and focus primarily on privacy concerns. They offer an in-depth discussion of each category and analyze the connections among the different security issues involved.

Liyi Zhou,Arthur Gervais,Stefanos Chaliasos,Jens Ernstberger,Ye Wang,R. Wattenhofer,Xihan Xiong,D. Song,Zhipeng Wang,Kaihua Qin

DOI: https://doi.org/10.1109/SP46215.2023.10179435

2022-08-27

Abstract:Within just four years, the blockchain-based Decentralized Finance (DeFi) ecosystem has accumulated a peak total value locked (TVL) of more than 253 billion USD. This surge in DeFi’s popularity has, unfortunately, been accompanied by many impactful incidents. According to our data, users, liquidity providers, speculators, and protocol operators suffered a total loss of at least 3.24 billion USD from Apr 30, 2018 to Apr 30, 2022. Given the blockchain’s transparency and increasing incident frequency, two questions arise: How can we systematically measure, evaluate, and compare DeFi incidents? How can we learn from past attacks to strengthen DeFi security?In this paper, we introduce a common reference frame to systematically evaluate and compare DeFi incidents, including both attacks and accidents. We investigate 77 academic papers, 30 audit reports, and 181 real-world incidents. Our data reveals several gaps between academia and the practitioners’ community. For example, few academic papers address "price oracle attacks" and "permissonless interactions", while our data suggests that they are the two most frequent incident types (15% and 10.5% correspondingly). We also investigate potential defenses, and find that: (i) 103 (56%) of the attacks are not executed atomically, granting a rescue time frame for defenders; (ii) bytecode similarity analysis can at least detect 31 vulnerable/23 adversarial contracts; and (iii) 33 (15.3%) of the adversaries leak potentially identifiable information by interacting with centralized exchanges.

Economics,Business,Computer Science