Mapping the minefield: first comprehensive security review of NFTs reveals widespread vulnerabilities
en-GBde-DEes-ESfr-FR

Mapping the minefield: first comprehensive security review of NFTs reveals widespread vulnerabilities

11/07/2025 TranSpread

Non-Fungible Tokens (NFTs) have transformed digital ownership by enabling the trade of unique assets through blockchain technology. From art and music to virtual real estate, these tokens have become central to the Web3 economy. Yet, this rapid innovation has outpaced security measures, leaving users vulnerable to sophisticated scams, technical exploits, and project failures. As NFTs grow in popularity and financial value, the consequences of security breaches have become increasingly severe. Due to these concerns, there is a critical need to systematically study the full scope of NFT security risks and create practical defenses against emerging threats.

In a new study (DOI: 10.1016/j.bcra.2024.100268) published on June 25, 2025, in Blockchain: Research and Applications, researchers from Huazhong University of Science and Technology and Peking University unveil the first systematization of knowledge (SoK) on NFT security. By analyzing 248 security reports and 35 academic publications, the team identified and classified 176 NFT-related security incidents. Their work culminates in a multilayered NFT security reference framework that pinpoints the most common vulnerabilities, assesses detection challenges, and proposes a clear path forward for safeguarding the Web3 ecosystem.

The researchers constructed a three-tier security model encompassing the contract layer, market layer, and auxiliary service layer. Within this framework, they uncovered 12 core types of threats—including smart contract bugs like reentrancy flaws and access control lapses, market manipulations such as wash trading and rug pulls, and infrastructure attacks like phishing, fake interfaces, and website exploits. These findings are grounded in real incidents, including high-profile cases where attackers stole millions by exploiting minting functions or deceived users through counterfeit tokens tied to celebrity names.

The team also developed practical detection tools, such as transaction trace analysis for identifying reentrancy loops and symbolic execution to test logic vulnerabilities in minting functions. Alarmingly, they found that many real-world incidents—especially those involving phishing and front-end manipulation—remain underexplored in academic research. Their open-source dataset and security taxonomy now provide a foundational reference for future research, policy guidance, and secure development practices.

"Despite the explosive growth of NFTs, the community has lacked a comprehensive understanding of where and how these systems fail," said Dr. Haoyu Wang, senior author of the study. "Our work bridges this knowledge gap by not only exposing the root causes of major attacks but also offering developers and researchers the tools to detect and prevent them. This is a call to action—for academia and industry alike—to take NFT security seriously."

This pioneering research lays the groundwork for a more secure and resilient NFT ecosystem. Developers can now reference the proposed framework to preemptively address common vulnerabilities in smart contracts and marketplaces. Investors and collectors gain a better understanding of the warning signs associated with fraudulent projects. Perhaps most importantly, the study advocates for greater collaboration between cybersecurity researchers and blockchain practitioners to stay ahead of evolving threats. As NFTs continue to expand into finance, gaming, and identity, securing their foundations is essential to sustain innovation and build long-term public trust.

###

References

DOI

10.1016/j.bcra.2024.100268

Original Source URL

https://doi.org/10.1016/j.bcra.2024.100268

Funding information

This work was partly supported by the Knowledge Innovation Program of Wuhan-Basic Research, Key R&D Program of Hubei Province (Nos. 2023BAB017 and 2023BAB079), and HUSTCSE-Hongxin Joint Research Center for Network Security.

About Blockchain: Research and Applications

Blockchain: Research and Applications is an international, peer reviewed journal for researchers, engineers, and practitioners to present the latest advances and innovations in blockchain research. The journal publishes theoretical and applied papers in established and emerging areas of blockchain research to shape the future of blockchain technology.

https://doi.org/10.1016/j.bcra.2024.100268
Paper title: SoK: On the security of non-fungible tokens
Attached files
  • Non-Fungible Token (NFT) life cycle. It shows the various stages of an NFT and the people taking part. The dashed lines stand for actions recorded on the blockchain, and the solid lines represent off-chain activities not recorded on the chain.
11/07/2025 TranSpread
Regions: North America, United States, Asia, China
Keywords: Society, Economics/Management

Disclaimer: AlphaGalileo is not responsible for the accuracy of content posted to AlphaGalileo by contributing institutions or for the use of any information through the AlphaGalileo system.

Testimonials

For well over a decade, in my capacity as a researcher, broadcaster, and producer, I have relied heavily on Alphagalileo.
All of my work trips have been planned around stories that I've found on this site.
The under embargo section allows us to plan ahead and the news releases enable us to find key experts.
Going through the tailored daily updates is the best way to start the day. It's such a critical service for me and many of my colleagues.
Koula Bouloukos, Senior manager, Editorial & Production Underknown
We have used AlphaGalileo since its foundation but frankly we need it more than ever now to ensure our research news is heard across Europe, Asia and North America. As one of the UK’s leading research universities we want to continue to work with other outstanding researchers in Europe. AlphaGalileo helps us to continue to bring our research story to them and the rest of the world.
Peter Dunn, Director of Press and Media Relations at the University of Warwick
AlphaGalileo has helped us more than double our reach at SciDev.Net. The service has enabled our journalists around the world to reach the mainstream media with articles about the impact of science on people in low- and middle-income countries, leading to big increases in the number of SciDev.Net articles that have been republished.
Ben Deighton, SciDevNet

We Work Closely With...

  • e
  • The Research Council of Norway
  • SciDevNet
  • Swiss National Science Foundation
  • iesResearch
Copyright 2025 by AlphaGalileo Terms Of Use Privacy Statement