By Jack McDonald, CEO of Standard Custody & Trust
It’s well known that museums and art collectors spend heavily on building state-of-the-art security systems to protect their invaluable artwork against fine art heists. But security for NFTs — blockchain-based digital art pieces that have been selling for millions lately — is still mostly the digital equivalent of storing cash under a mattress. This needs to change. As NFTs increase in legitimacy and value, it’s time to start taking their security more seriously. The solution? Licensed, insured, third-party custodians that will protect NFTs just as well as the Louvre protects the Mona Lisa.
Currently, NFTs are usually custodied by their owners in a DIY manner. Part of the magic of blockchain is that whoever controls what’s called the “secret key” has full ownership over the digital good, whether it’s a bitcoin or an NFT. Today, most NFT owners use software like Metamask to hold their own secret keys on their computers. While this makes it easy to have full control over their own NFTs, there are some serious downsides. First, many owners write their secret keys on pieces of paper or digitally on USB drives, which they then hide strategically in different places. This leads to problems if somehow the secret key is lost or damaged, because there aren’t any backups.
Also, if the NFT owner becomes incapacitated and hasn’t left instructions to others on how to access the NFT, they can’t be retrieved. Finally, if multiple parties own a single NFT, it becomes difficult to figure out how to ensure that multiple parties sign off before the NFT is sold or transferred to another account. Hackers are already making inroads into NFTs: they’ve succeeded in stealing Bored Ape Yacht Club NFTs, some of which are worth millions.
As NFT ownership becomes more institutionalized, NFT owners should be looking to custody their NFTs with third-party, regulated custodians. Visa has already set a precedent for this approach. When the payments giant purchased its first-ever NFT this summer, a CryptoPunk original artwork, it turned to third-party digital custody to facilitate the sale and keep it secure. Even though Visa isn’t directly holding the NFT’s secret keys, their executives can sleep soundly at night knowing that a digital custodian specializing in key storage is safeguarding their assets in a professional manner.
Institutions or individuals looking for secure third-party NFT custody should look for a few things:
- Regulation. It’s important that the digital custodian be regulated by a reputable regulatory body, such as the New York Department of Financial Services. Reputable regulatory bodies do the heavy lifting to ensure that the custodian’s security practices are sound.
- Ability to move NFTs out of storage quickly. The NFTs should be readily available in case they need to be transferred or sold, and the custodian should not have SLAs that are too long.
- Insurance. A comprehensive insurance policy guards against theft and malfeasance, which puts owners of digital valuables worth millions at ease.
- Demonstrated history of success with the blockchain the NFT is issued on. NFTs are most commonly issued on the Ethereum blockchain, and some are issued on the Solana blockchain. It’s important that the custodian has a history of success working with the specific blockchain.
Blockchain transactions are still mystifying and intimidating for much of the population, and expecting new users to thoroughly research NFT security risks is unrealistic. Banks gave people a safer way to store their fiat: it’s time for digital asset custodians to do the same with NFTs.
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.