Today’s sponsor is the 🔥 Zima Red podcast 🔥 Check it out if you want to learn from the creatives and builders that are driving our ecosystem forward.
🚀 Also, subscribe to this newsletter if you enjoy the content 🚀
The NFT ecosystem is a risky place. Users have to deal with blockchains, cryptocurrencies, startup failures, and more. But the risk is worth it because, on a practical level, NFTs enable users to have digital property rights and own their own assets. This means that users can make money within digital worlds and video games. On a philosophical level, NFTs are extremely important because they will enable a true metaverse to form. This is a virtual environment where people will live, work, and play. Nobody wants to live in a virtual world that is controlled by a single corporation and gives users no rights. In this blog, I want to quickly run through the risks within our industry.
Risk Level 0 - Adoption
One obvious danger that I will quickly address is adoption. It is possible that users do not care at all about truly owning their assets, and thus they will continue to engage with games and virtual worlds that have totally centralized items.
For example, if Fortnite suddenly opened their in-game markets for anyone to come and trade, users would be ecstatic and not necessarily care about decentralization and true ownership. People would only realize the downside of not truly owning their items after an incident occurs where their items are deleted.
A great example of this happening is when Blizzard banned and seized a Hearthstone player’s tournament winnings for yelling “Free Hong Kong.” Hearthstone, the online trading card game owned by the gaming giant Blizzard, seized his property simply because of this one statement. This is not possible in the NFT ecosystem. As our digital lives and assets become more important, more people will (hopefully) demand the property rights that NFTs enable.
Risk Level 1 - Startup Risk
90% of startups fail. The most apparent danger to NFT infrastructure is a startup going out of business and no longer hosting NFT metadata. This risk is especially likely if the NFT metadata is stored off-chain, which is what most NFT projects do today. Obviously, if a startup goes out of business they will be unable to pay for hosting the metadata, and the NFT owners could be left with just crypto tokens. The stats, properties, images, and all metadata that truly form the NFTs will disappear. If this were to happen, then it would essentially make the NFTs worthless. That is, unless some sort of market appears where people collect dead NFT projects.
If the startup had assets that were fully on-chain (so all metadata was attached to the token), then the tokens would be completely fine, but the ecosystem surrounding that NFT project would still encounter issues. For example, the NFT project Avastars has created fully on-chain NFTs, which is great, but if the underlying company behind Avastars went out of business, then there would be no marketing, development, support, etc., for the project. Avastar community members could still support the project, and in some sense help “take control”, but the major driving force behind the project (the company) would be gone.
Risk Level 2 - Hosting Risk
Diving deeper into the dangers of today's NFT infrastructure, let’s look at the big three cloud providers. The majority of NFTs that we collect and use today are all hosted on the big three cloud providers. It is quite scary to know that literally millions of dollars are completely and solely dependent on the goodwill of these companies.
These tech giants are not known for being friendly towards any type of potential competition. Remember when Facebook banned all cryptocurrency-related ads before they launched their own cryptocurrency, Libra? Or, when YouTube (really Google, because they own YouTube) started banning most cryptocurrency-related videos on their platform? What if Amazon, Google, or Microsoft decide to launch their own NFTs and stop hosting all competitor NFTs? This sounds far-fetched today, but I would have never imagined Facebook would attempt to launch their own cryptocurrency or Microsoft would start to issue their own NFTs on Ethereum. Luckily, there are alternatives to storing data on these major cloud providers, including IPFS or Arweave.
Risk Level 3 - Chain Risk
Blockchain issues are the only risks that really keep me up at night. The other potential issues mentioned earlier are not as permanent. For example, if a startup goes out of business, then someone could reach out to the founders and work out how to obtain the token metadata to revive the project. Or, if a cloud provider shuts down the hosting for NFT metadata, then an NFT project could move to another competitor or even set up its own servers. By far the biggest risk to NFT infrastructure comes from the blockchain itself.
Blockchains, like Ethereum, have proven to be quite robust over the years, but my fear is that there could be a massive bug in the code that breaks down how Ethereum is supposed to function. This type of worst-case scenario has already happened on Ethereum in 2016. The event is simply known as “The DAO.” The DAO launched on Ethereum as a decentralized venture capital project, but there ended up being major issues with its code. A hacker was able to siphon money from the DAO entity and move it into their own wallet. A hard fork occurred, and Ethereum was split into two competing chains: Ethereum Classic, the old version where the DAO exploit happened, and Ethereum, the upgraded version that most people use today.
If another code bug is found in Ethereum in the future and a hacker is able to steal NFTs from users, then it could potentially lead to another hard fork and chain split. This is one type of attack, but there could be all types of bugs that open up various attack vectors.
This fear has been especially pertinent lately because Ethereum is soon transitioning to Ethereum 2.0. While the Ethereum of today is battle-tested and relatively secure, Ethereum 2.0 is totally new and will include a massive list of core protocol changes. Even the consensus algorithm itself is moving from proof-of-work (PoW) to proof-of-stake (PoS).
There has never been a blockchain as large as Ethereum to make the transition from PoW to PoS, and nobody knows how it will turn out. Everybody is hoping for the best and there will be countless security audits, but I cannot imagine a piece of software this large, with this many moving parts, will be totally unaffected. My rudimentary understanding is that even smart contracts will behave differently on Ethereum 2.0. This means that anyone that has built a Dapp needs to inspect their contracts to make sure they still function properly after the transition.
And, keep in mind that we are only speaking about Ethereum here! I have not even mentioned NFTs being issued on other networks, like Tezos, EOS, and Flow. Imagine investing heavily in NFTs on a specific chain, and then one year later developers stop working on the project and the chain stops being used. Those NFTs suddenly become worthless. This could happen even if the team behind the NFT project is executing well and doing everything right. If they build on the wrong chain, then it could all go downhill. I will caveat this by saying that if something like this were to happen, then the team could, in theory, offer to port all existing items from the dead chain to a new one.
Risk Level Final Boss - Regulatory Risk
Lastly, the final risk we will cover is regulatory risk. NFTs are currently not regulated by any monetary authority around the world (as far as I know). There is regulation pertaining to the flow of money, so any sort of fiat gateways are probably regulated, but I do not know of any NFT-specific fiat gateways that must comply with intense regulation. There are venues where users can purchase NFTs with fiat currency (specifically USD), but because NFTs are a good/item I can’t imagine regulators will make things too difficult. Unlike regular crypto where startups have to deal with anti-money laundering and Know-Your-Customer laws.
Once the NFT market grows in size, then I could see politicians wanting their cut by adding artificial regulatory burdens. For example, in the infamous BitLicense case, former regulator Benjamin Lawsky architected an overly burdensome crypto regulatory regime for New York State called BitLicense. In summary, he created a really confusing law, passed it, and then immediately left public office to start a consulting firm to help crypto companies navigate the law and obtain BitLicenses. I hope this doesn't happen, but it seems very possible. We should prepare for the worst and hope for the best.