Protect Your Neck: A Guide for Digital Artist to Defend Themselves from NFT Art Thieves.
While some people suggest that artists should just start minting their work, many of them have decided not to get involved with blockchain technology at all while having their concerns unresolved.
This guide is specifically written for digital artists concerned about the possibility of having their work stolen and sold as NFTs in the crypto art market, but do not want to get involved with the crypto ecosystem.
This idea doesn’t require any direct interaction with the Ethereum blockchain, thus relieving the artist from any transaction fees and possible environmental impact of the Ethereum blockchain.
Please refer to the glossary at the bottom of this page for terms and definitions.
As always, please do your own research. This guide is meant to be a starting point, not a handbook.
You have probably heard of several art thefts happening between the conventional digital art world and the NFT crypto art community. There are at least a handful of cases all with different modus operandi. Quick examples include: Tweet > NFT, NFT > NFT, and the notorious visual identity theft of Ardneks. I believe this topic has become the highlight of the week in the digital arts Twitter timeline, so I am not going to talk too much about this. In my opinion, this new technology still doesn’t stop people from being an asshole and stealing artwork like they did back when people were bootlegging shirts, or claiming your DeviantArt piece as theirs.
NFT (short for non-fungible token) enables people to own, transfer, and prove the authenticity of a property, usually digital files.
NFT is quite different to digitally signed PDF certificates as NFTs are created, governed, and tracked on a blockchain — most notably on Ethereum. Since the blockchain is essentially a public ledger running on a decentralized network of computers validating each and every transaction, the legitimacy of such data is substantially higher than a conventional PDF signature. It would be virtually impossible to tamper with any information that’s already written to the blockchain, unlike your good old PDF files.
While NFTs and the blockchain are trying to solve many problems existing within our current digital ecosystem, it still won’t solve all of the problems at once. However, it is essentially our trump card as digital artists, enabling us to have a level playing field with the traditional art world.
Since this guide is focused on digital artists who decided not to mint their work as NFTs, but would like to protect themselves, let me present a scenario where the theft put the work they stole in an open market.
At the time of the writing, this OpenSea account page shows a collection of works stolen from Valenberg. You know what else it shows? An Ethereum address. Right under the username and profile icon. The address of this specific perpetrator is 0x6b33ba19aef6c0cce41faef36b3ad2632617c711.
The process of creating an NFT — also known as ‘minting’, requires an Ethereum Wallet and interaction with a smart contract. Any Wallet would have a public address to identify them in the blockchain. And in extension it has essentially become an identifier for an artist, if they are minting their work as NFT.
Many of the artists who are a victim of this crime, do not have an Ethereum address and Wallet set up. Although it is happening even to artists who’ve been active in the crypto art community as well.
Keep in mind that identity theft is a very common thing on the internet and social networking sites, so protecting your identity is the key to this whole thing.
Let’s cut to the chase and get you set up with an Ethereum Wallet. I recommend MetaMask because it’s free, and it runs on your own hardware instead of a centralized server managed by a 3rd party. It’s not the most secure solution since it’s running on your computer that is connected to the internet, but it is one of the more secure options that is widely available.
Please note that MetaMask runs on the browser of your choice because it is built to interact with decentralized apps. You will always be the one responsible for securing your Wallet and its keys.
Once you download and install MetaMask, you can choose the option to create a Wallet.
You will first be asked to create a password. This is not a password for your ‘MetaMask account’ and it will only be used to unlock your MetaMask Wallet (and the keys stored in it) on this specific device you’re using.
Quick tip: the best way to make a secure password is by generating a password with uppercase, lowercase, numbers, and symbols using a password manager.
Once your password is set, you’ll see a page with your secret backup phrase — also known as a seed phrase.
This 12 to 24-word backup phrase is probably the most important part of your Wallet. Instead of securing your Wallet with just a password/username combination, most cryptocurrency Wallets will require a seed phrase.
The seed phrase is generated from your private key. Instead of having to store or memorize this long 256-bits of information, a backup seed phrase is used to ease the process of storing this important information. Read more.
MetaMask will ask you to write this backup phrase on a piece of paper in a secure location. You can use an encrypted password manager or store it safely in an external encrypted hard drive / storage medium like USB sticks or micro SD cards.
Once you’ve passed the test to your backup phrase, you’re pretty much done on setting up your Ethereum Wallet with MetaMask.
Securing and making multiple backups of your seed phrase is very important. Save it like your life depends on it. A seed phrase is fundamentally different to the usual email, password, and two-factor authentication as you know it. All that’s needed to gain access to your Wallet is this seed phrase. You can get creative in securing this seed phrase, so here are a few ideas: write it down on a piece of paper and hide it in your favorite book, engrave it on a piece of metal, or tattoo it on the body of 24 criminals. Get creative with it, isn’t that what artists do? ;)
You need to be sure to Lock your MetaMask Wallet when it’s not in use. Webpages with malicious codes or scripts can access your add-ons (including MetaMask) and see the information in it, even when it’s on another tab. MetaMask is susceptible to attacks including phishing attacks, even when it’s locked but even more so when it’s unlocked.
Use the password that you initially created to unlock MetaMask again.
With an unlocked Wallet, you can see and copy your Ethereum address. This is the public address that people can use to identify you in the blockchain.
This address is unique to yourself and there’s no way to conduct or sign transactions with this address without gaining access to your Wallet with the seed phrase or the password that secures your Wallet.
With this new address, you can start announcing this address publicly to your audience on Twitter, Instagram, or MySpace. This way, your audience or prospective collectors can confirm if any of your artwork is stolen and wrongfully minted on any NFT platforms. Remember that anyone can easily check and confirm the Ethereum address for the origin of any NFT.
It is very important to announce this Ethereum address to the general public and consistently use the same address throughout your career in the future. This will be the most efficient and secure way to confirm if your work was not minted by yourself.
What can the public do with your address? They can look your Ethereum address up in Etherscan to see your balance, and your previous transactions. They can see any tokens you’re currently holding, or they can head to OpenSea and see all the NFTs you own.
However, they can’t impersonate you within the Ethereum blockchain and this is why it’s great for artists, even when they don’t want to mint their work as NFT.
One of the more interesting things the public can do with your address is verify a message to see if it was signed with your address.
Exhibit A: I’m verifying a message signed by my Ethereum address using MyCrypto app which was connected to my Wallet at the time of signing. Watch how the message is deemed invalid if the message has been tampered with, or if the address is incorrect. Even for just a bit.
If you would like to write a message and sign it with your Ethereum Wallet, you can do so with your MetaMask and MyCrypto app as seen below on Exhibit B.
You could also set up a profile and get a URL on NFT marketplaces such as Rarible, OpenSea, or SuperRare (though as a SuperRare collector account, instead of a whitelisted artist account).
All these things above do not require any direct interaction with the Ethereum blockchain and therefore does NOT require you to pay any transaction fees.
More importantly, setting up an Ethereum Wallet early, even though you’re not minting your artwork right now, is good because you’re preparing yourself for the future — in case you change your mind about NFTs later.
Setting up an Ethereum Wallet is important for every digital artist today. Not just the usual online presence that we’re accustomed to, but also defending oneself against predatory activities.
Will this stop people from stealing your artwork and selling them without your permission as NFTs? Probably not. Is this better than just screaming into the void that is your public Twitter timeline about your stolen artwork with no way to explicitly show that you’re being impersonated in the blockchain? Absolutely.
Cryptocurrency — and by extension the crypto art community, is still growing. I believe as NFT platforms grow, the NFT community will provide some degree of protection for artists against bad practices. Even to those outside of the community.
If you find any possible security flaws or misinformation in my post above, feel free to send your suggestions to my inbox at info@xxxxizzy.xyz.
Glossary of terms and definitions:
Address: An Ethereum account has an Ethereum address, like an inbox has an email address. You can use this to send funds to an account.
Blockchain: A system in which a record of transactions made in bitcoin or another cryptocurrency are maintained across several computers that are linked in a peer-to-peer network.
Cryptocurrency: A digital currency in which transactions are verified and records maintained by a decentralized system using cryptography, rather than by a centralized authority.
Cryptography: The practice and study of techniques for secure communication.
Crypto art: Digital artwork that is published directly onto a blockchain in the form of a non-fungible token (NFT), which makes the ownership, transfer, and sale of an artwork possible in a cryptographically secure and verifiable manner.
Curated marketplace: An NFT marketplace where artists are required an invitation or going through a whitelisting process in order to start minting their work within the marketplace.
Decentralized network: In blockchain, decentralization refers to the transfer of control and decision-making from a centralized entity (individual, organization, or group thereof) to a distributed network.
Ethereum: Ethereum is a technology that lets you send cryptocurrency to anyone for a small fee. It also powers applications that everyone can use and no one can take down.
Minting: The process of creating an NFT.
Non-fungible token (NFT): A non-fungible token is a unit of data on a digital ledger where each unit can represent a unique digital item, and thus the units are not interchangeable.
Open market: An NFT marketplace where anyone with a Wallet can start minting without prior screening or verification process.
Public-key cryptography: A cryptographic system which uses pairs of keys: public keys, and private keys. The generation of such key pairs depends on cryptographic algorithms which are based on mathematical problems termed one-way functions.
Public ledger: The public ledger is used as a record-keeping system that maintains participants’ identities in secure and (pseudo-)anonymous form, their respective cryptocurrency balances, and a record book of all the genuine transactions executed between network participants.
Seed phrase: A seed phrase or mnemonic seed is a collection of words that can be used to access your cryptocurrency wallet.
Smart contract: A smart contract is a self-executing contract with the terms of the agreement between buyer and seller being directly written into lines of code.
Tokenization: The process of representing digital goods as an NFT. Similar to ‘minting.’
Transaction: Transaction is the way the external world interacting with the Ethereum network. Transaction is used when we wish to modify or update the state stored in the Ethereum network.
Wallet: A wallet is a product that lets you manage your Ethereum account, like viewing your account balance, send transactions, and more.
Important links:
https://ethereum.org/en/wallets/
https://ethereum.org/en/what-is-ethereum/
https://ethereum.org/en/dapps/
https://www.investopedia.com/terms/b/blockchain.asp
https://www.investopedia.com/tech/what-cryptocurrency-public-ledger/
https://aws.amazon.com/blockchain/decentralization-in-blockchain/
