March 14, 2023
Blur's FOMO effect heated up NFT marketplaces. What do we need to know about investing in NFT?
In March, Beosin launched a new programme, Beosin Talk, where we would like to discuss the hot topics in the crypto market with experts and scholars in Web3.
When it comes to NFT, what do NFT holders expect? A new technology? Are you optimistic about its prospects? Do you consider it as a speculative asset? Blur airdrop reignited the NFT fever and the NFT trade war has sparked heated discussions in the crypto market.
On March 1, Beosin invited a few guests to discuss the question “Blur’s FOMO effect heated up NFT marketplaces. What do we need to know about investing in NFT?”. We also shared a lot of NFT security tips during this talk.
Herbert: Leader of Dfinity’s Asia operations, responsible for the developer ecosystem growth for the Internet Computer and Web3 startups incubation
Avlin: Cryptowesearch founder, dedicated to helping people understand cryptocurrencies more easily and help investors understand potential risks of Web3 projects through articles, videos, and communities
Master Li: LegalDAO founder with extensive experience in Web3 project compliance. LegalDAO is an organization dedicated to building a global Web3 legal order. It has more than 3,000 members, most of whom are lawyers
Donny: Beosin Content Lead
Ashton: Beosin researcher, focus on security research and project analysis
Saya: Beosin security researcher, focus on contract security and wallet security
1. Blur has ignited the NFT market again. What do you think of the current NFT market?
Herbert: In the face of this NFT craze, the Internet Computer community is relatively calm and focused on building applications, such as OpenChat, which is going to have a public offering in the next few days. In addition, NFT is relatively centralized right now. The transaction volume of each kind of NFT is mainly controlled by a small group of wallets. Besides the wealth effect of NFT, we can not ignore the technological innovation behind it and what value it can bring to users. This is also an important question that the IC community is focused on and committed to addressing.
Master Li: Blur addresses the liquidity needs of NFT and provides a good product experience and operational services. From the legal point of view, the current regulatory authorities view the NFT trading market as a kind of e-commerce site, so the NFT trading market is facing little regulatory pressure. But Blur made the NFTfi concept widely known and claimed that it was designed for professional traders. This has made NFT from a consumer product concept into a kind of financial derivative, potentially exposing the NFT trading market to more strict regulation in the future.
Alvin: Blur has helped NFT markets recover, helping NFT traders save trading fees. I paid more attention to the Hong Kong series of NFT and have found they are very popular. Also, I looked into other NFTfi protocols, which may be a good opportunity to invest. I am optimistic about the development of NFTfi. NFTfi will be an important narrative in the future.
Ashton: The Heat of NFT trading is only on Blur. According to NFTscan’s data, NFT trading volumes on other NFT platforms have not increased noticeably. Blur’s post-airdrop surge is unsustainable. In the future, I think the trading volume of Blur will be less or as much as that of OpenSea.
2. What do you think of the wealth effect of Blur airdrop? Do you get FOMO?
Herbert: Fomo is actually very common in communities. Blur’s airdrop strategy is worth learning for other projects. OpenChat, for example, is a member of the IC ecosystem, which will hand over its ownership of its smart contract to the community as the project progresses. Last Thursday in the AMA, the community was concerned about whether there would be OpenChat airdrops. It is a problem for projects to design airdrops mechanism to cover the various behaviors of early users and to do more fair airdrops.
Master Li: OpenSea and Blur chose different paths. Blur’s products and operations are good, and the number of transactions on the platform has increased a lot since its airdrop was issued. In my opinion, I really want Blur to keep building and running. However, there is a problem for Blur. I don’t see any relevant legal documents for $Blur and I don’t know the company structure, which could put it at risk in the future.
Alvin: When the market gets very FOMO, I will exit and be a bystander. Blur is hot right now and I am looking for other NFTfi protocol opportunities. In addition, Blur’s airdrop has been very successful and has captured most of the crypto market’s attention. I personally expect Blur’s layout on ERC1155 in the future.
Ashton: We estimated the FDV of Blur at $1 billion before its airdrop, but it had an FDV of more than $2 billion when $Blur came out. The wealth effect of Blur is pretty good. NFTfi is a hot spot. Blur held three events prior to its airdrop. In the first event, Blur dropped blind boxes to users. In the second and third ones, it launched campaigns to encourage users to trade and bid to earn credits, which attracted more users and kept users’ interest.
3. What are the advantages of an Internet Computer-based project over other projects built on other chains?
Herbert: The advantage of Internet Computer is that it’s like a decentralized AWS, where all the data of NFT can be stored on Internet Computer, and the storage cost is pretty low. In addition, smart contracts deployed on Internet Computer can be easily updated. The update process of smart contracts deployed on Internet Computer is similar to that of the traditional software update process, which allows NFT projects to quickly iterate to the desired product. There are almost no gas fees on Internet Computers, and only a 0.0001 $ICP token is required for each transaction. We are currently considering bringing Bitcoin Ordinals to Internet Computers because Internet Computer completed integration with BTC in December last year, which means that smart contracts on Internet Computer can finish a signature to control a wallet address on BTC network, which has great potential for many application scenarios.
4. Do you or your friends have any experience of NFT being stolen?
Herbert: There haven’t been any NFT thefts in Dfinity ecosystem, but recently an active Dfinity developer was under a phishing attack, and he lost all of his assets on Ethereum. For NFT projects built on Internet Computer, the biggest risk is that the project owners may give up their projects and run away with funds, which is a big loss to investors. For NFT security, Dfinity rarely had security incidents because Dfinity uses Internet identity instead of a public key and private key pair. The private key of Internet identity is stored directly on the local device and authenticated using the user’s biometrics, which makes the loss of assets due to wallet security issues very rare.
Master Li: I’ve experienced a lot of NFT thefts. I had a discussion with Beosin about designing standards for NFT but found that there was little that NFT projects could do in terms of security, and the most important part was on the client side. Users need to pay attention to wallet security and they can avoid malicious attacks by installing security extensions such as Beosin Alert.
Alvin: Even experienced Dapp developers have had their NFT stolen. My advice is to use security plug-ins such as Beosin Alert and Fire plug-ins, which are useful tools to help you avoid losses. Another way to protect your assets is to change your wallet regularly or use multisig wallets.
5. What security issues do NFT project teams and users typically encounter? How do you protect your NFT from being stolen?
Saya: Jason was phished today by a hacker who took control of the official Discord account of a project and posted fake airdrop information, which made Jason carelessly sign up for a transaction. Luckily, the signature expired and hasn’t gone into effect yet, so his assets are safe for now. A common phishing attack involves hacking into the accounts of some popular KOLs or projects to release airdrops that induce users to sign up for malicious approvals and transactions and steal their assets. Users are used to signing up for transactions, but things like setapprovalforall(), increaseallowance(), blind signing, and multi-protocols signing are very dangerous.
Metamask wallet has two dangerous signs. One is eth_sign, which can make a signing to any hash value. It’s dangerous because it can be blind signing and can be used to remove all your assets. The other is personal_sign, which also supports blind signing. As a user, if you see red alerts in your Metamask wallet, then the transaction may be risky. If the signing content may be in binary numbers which you do not understand, try not to sign the transaction.
In addition to Discord, there have been a number of telegram account thefts recently. The first way to hack TG accounts is to impersonate TG official account and send you text messages, claiming that your account will be prohibited because of invalid actions. It will induce you to click on a phishing link and then your account will be stolen. The second way is to induce users to leak their login passwords by taking screenshots. If users do not open two factor authentication, their TG accounts are easily compromised.
For NFT security, ERC721 standard differs from that of ERC1155. ERC721 does not have a concept of quantity, and it can cause some problems if developers confuse the two standards when calculating the amount of NFT purchases. Then there are common reentrancy attacks and logic issues of NFT projects, such as the Burn function of Cryptoninja World, which is exposed without any authentication and enables anyone to burn any CryptoNinja World NFT. This kind of mistake can be found in the smart contract audit process. Thus, it is recommended that Web3 projects should complete a code audit before their launch.
In addition, Blur has some smart contract risks. Its Execution module is responsible for the transfer of tokens, and it only checks whether the caller can transfer tokens. This means that it is possible for the owner of the contract to add other addresses to the mapping as callers to move tokens. Thus, it is recommended that users should remain cautious about Blur.
6. How can we protect our rights after our NFT has been stolen?
Master Li: When your NFT is stolen, there are many things you can do. A practical solution is to look for a security company like Beosin to track stolen assets, find clues in the process of stolen assets transfer and start legal proceedings. A previous case made sense: there were two Boss Beauties NFTs stolen and the victim traced his assets and found the identity of the thieves. The British court issued subpoenas by NFT to the thieves. By doing this, there is an opportunity to recover your stolen assets.
If you have need any blockchain security services, please contact us:
Related Project Secure Score
Guess you like
How to Avoid Issues Related to Deflationary Tokens
March 03, 2023
Analysis of the Euler Finance’s 197M Exploit — the Largest Security Incident so far in Q1 2023
March 15, 2023
OpenAI just launched GPT-4. Can it detect security vulnerabilities of a smart contract?
March 17, 2023
After the Silicon Valley Bank collapse, what is MakerDAO's dilemma and opportunity?
March 22, 2023