Readers like you help support How-To Geek. When you make a purchase using links on our site, we may earn an affiliate commission. Read More.

Quick Links

Dazzling sales of NFTs have made the news over the past year, but each sale comes with a huge caveat: You're buying a link to a file on someone's server, and that link could change. We'll take a look at why NFTs work this way and how it might come back to haunt NFT owners in the future.

What's an NFT Again?

NFT stands for "non-fungible token." Non-fungible basically means one-of-a-kind. An NFT is a unique piece of code on a blockchain that you can own, and often that code points to works of art such as illustrations, photographs, or videos.

Related: What Are NFTs? Meet Crypto's Digital Collectibles

NFTs have been in the news a lot lately, especially thanks to celebrities showing off their Bored Apes, which are a type of digital collectible art. They've sold for eye-popping sums of money, inviting financial speculation that goes hand-in-hand with the largely unregulated cryptocurrency market.

Related: What Is a Bored Ape NFT?

NFT Art Isn't Stored on the Blockchain

With all the money being paid for NFTs, it might come as a surprise to learn that the artworks represented by NFTs aren't stored on the blockchain themselves. Instead, NFTs simply contain a link that points to a digital art file (photo or video) hosted on a conventional web server.

As pointed out by NFT developer Eric Kuhn, the most common NFT standard is defined in EIP-721, an "Ethereum Improvement Proposal" created in 2018 that spells out how today's NFTs work. This standard contains the option of using an image as "metadata" for the NFT, and the standards document describes it this way:

A mechanism is provided to associate NFTs with URIs. We expect that many implementations will take advantage of this to provide metadata for each NFT. The image size recommendation is taken from Instagram, they probably know much about image usability. The URI MAY be mutable (i.e. it changes from time to time). We considered an NFT representing ownership of a house, in this case metadata about the house (image, occupants, etc.) can naturally change.

You'll notice a few things here. A "URI" is a web link. The implementers of the NFT standard didn't intend that the image metadata be the key point of owning an NFT. After all, it's metadata, which means it is intended to describe other data. And it's also a "mutable" link, which means it can change.

Related: Here's the Problem With NFTs

Instead, the image metadata link was intended to help describe an NFT that would represent the ownership of something more substantial, like a house or maybe a concert ticket. In the case of almost every art NFT, no actual ownership or control of the artwork is transferred to you, so when you're buying an NFT of a piece of artwork, you're buying nothing but a web link. It's right there in the standard.

Furthermore, NFTs don't even store a hash of the metadata image, which would serve to verify that the NFT is pointed to the right image or video. And why would it? The image link was always intended to be changeable, as we covered in the NFT specification above.  In October 2021, a computer security researcher named Moxie Marlinspike toyed with this property of NFTs when he created an NFT that could change in content when viewed by different people.

The reason why art isn't stored directly on the Ethereum blockchain is because, at the moment, Ethereum (and other blockchains) are extremely slow and inefficient at storing digital data. Every byte is very expensive -- with one 2021 calculation estimating $20,000 to store for 500 KB. That makes it impractical to store even small images on the Ethereum blockchain, much less the high-resolution images or videos that NFTs point to.

Even if you were wildly rich and decided to try to store artwork on the Ethereum blockchain (which the EIP-721 standard does not support, by the way), it would take a very long time to load when you viewed it. If you ask an Ethereum developer when we can expect to store images directly on the blockchain, you might get laughed out of the room. Instead, off-chain solutions are almost always recommended.

So what does it all mean? It means NFTs will break. Possibly even most of them, if we go by the history of link rot on the internet. And when web links break, malicious things can potentially take their place.

Related: What Is a 404 Error?

The practice of redirecting dead or broken links for sinister purposes is often called "broken link hijacking," and it can be used to direct people to advertising, malware, phishing sites, and even vandalism like pornography. In 2021, video pornography became embedded on several major news sites because a porn site called "5 Star Porn" purchased a defunct domain called Vidme.com and pointed the web links that used to steam non-porn news videos to porn videos instead.

Imagine if, in ten years, a major host of NFT images went under, and then someone swooped in and bought the domain name, pointing thousands of NFT links to porn images. It would be very easy to do, and there is nothing the NFT owner can do to stop it. The NFT contains an URL pointing to a server out of the NFT owner's control.

NFTs Might Not Enter the Historical Record, Either

Even if your NFT links break and no one replaces them, you will still be left with NFTs that 404 when they try to load their artwork, which means that NFT art is not future-proof at all.

For future historians to understand the content of today's NFTs, we'll need a service like the Internet Archive's Wayback Machine to mirror the NFT artworks and take the place of the broken links when they inevitably show up. Or we might have to rely on pirates who mass download NFT artwork and make it available in massive dumps (pirates have saved the day many times before).

Eventually, the design of NFTs might change to a more robust model where the images are stored on a distributed file system like IPFS, but that's not written in the NFT standard people are using now. At the moment, you're usually just buying a very fragile web link (there are some exceptions, such as generative art).

Should I Buy NFT Art Anyway?

Knowing what you know, whether you still buy an NFT is completely up to you. Right now, the NFT market is completely unregulated, which means it is lacking oversight or quality control standards. As a result, it's full of scams, and purchasing an art NFT with the hope that it will rise in value (or even maintain its value) is extremely risky. So tread carefully, and know that what you're buying is usually an expensive web link that can break at any time. Stay safe out there!

Related: Stop Listening to Celebrity Advice on Crypto (and Everything Else)