“Recent ‘Asset Loss’ incidents have been frequent in the process of operating NFTs. This article will summarize several key points to pay attention to in the process of operating NFTs, in order to help you avoid becoming the protagonist of such tragedies.
(Previous background:
Satoshi Nakamoto leaves encrypted message in Bitcoin NFT? Spends 60,000 pounds on 332 inscriptions, community decrypts as government surveillance data)
(Background supplement:
One-year anniversary of the Ordinals NFT! A review of the legendary journey of Bitcoin NFTs)
Table of Contents:
The UTXO Mechanism behind Bitcoin and NFTs
Why do NFTs get lost?
How to avoid pitfalls in the NFT field?
Conclusion
Not long ago, a member of the community accidentally released the UTXO in their wallet while purchasing an NFT, causing their three Bitcoins to be mistakenly sent out as gas, resulting in a loss of about 150,000 RMB.
Three frogs transferred by the user, source: user’s wallet screenshot
These frequent ‘asset loss’ incidents that occur during the process of operating NFTs have also become commonplace in recent times. In essence, this is due to some users’ lack of understanding of certain basic concepts in Bitcoin and NFT transactions, which leads to their NFTs being treated as ordinary UTXOs in transactions, resulting in tragic consequences.
This article aims to briefly introduce the reasons behind this issue and help everyone understand the precautions in using NFTs to avoid such unnecessary major losses.
Firstly, we need to clarify that the transaction model of Bitcoin is different from the bank accounts we usually use. It does not have the concept of accounts, but rather Unspent Transaction Outputs (UTXOs).
Further reading:
Knowledge sharing | To understand BRC-20, learn about the ‘UTXO model’ of Bitcoin first
In Bitcoin transactions, each transaction has inputs and outputs. The money paid to you by someone else is the ‘transaction input,’ and the money you receive is the ‘transaction output.’
At the same time, in order to verify and track transactions more efficiently, each UTXO is indivisible and cannot be combined. It can only be spent as the input of a transaction, and after each transaction, the old UTXO is destroyed and new UTXOs are generated.
For example, let’s say a user named Xiaobai has a UTXO of 1 BTC. When he transfers 0.5 BTC to someone else, there will be two corresponding transactions: one is the 0.5 BTC sent to the other party, and the other is the change of 0.5 BTC. The other party receives a UTXO, and Xiaobai also receives a UTXO worth 0.5 BTC.
In short, a UTXO can be imagined as a ‘coin’ of any amount that cannot be used separately. It is used in transactions to reach the input amount and receive change.
Secondly, the main representation of Bitcoin NFTs is the Ordinals protocol (BRC20 tokens). It assigns a serial number to each Satoshi and tracks them in transactions. Users can also attach additional data (images, videos, texts, etc.) to the Bitcoin blockchain through Ordinals, making each Satoshi unique and possessing the characteristics of an NFT.
The carrier of Bitcoin Ordinals protocol NFTs is UTXOs. Bitcoin NFTs are engraved in segregated witness data, so when users create NFTs, they are essentially sending Bitcoins of the corresponding amount to the protocol, and the protocol returns a UTXO with the NFT.
In essence, NFTs engrave information such as images, texts, and codes on ‘Satoshis’ and send them in transactions to complete the process. After each transaction, a UTXO is generated. If users want to convert NFTs into ordinary Bitcoin balances, they just need to release the UTXO occupation.
And usually, it is a UTXO of 0.00000546 BTC. The Bitcoin network, in order to prevent dust attacks, limits the minimum amount of Bitcoin in a single UTXO to be no less than 546 Satoshis.
Further reading:
Beginner’s knowledge | What are ‘transaction malleability attacks, dust attacks, and Sybil attacks’?
Therefore, when users transfer NFTs, wallets like Unisat and OKX Web3 recognize these UTXOs’ special formats and transfer them to the recipient through the corresponding protocols, while paying additional fees.
If users want to convert NFTs into ordinary Bitcoin balances, generally speaking, they just need to release the UTXO occupation—after releasing it, this part of the UTXO that originally belonged to the NFT can be used as a transaction fee.
In general, wallets can recognize users’ NFTs and avoid merging these UTXOs, so they will only be transferred when users actively trade NFTs. This is the last line of defense to prevent NFTs from being burned. Currently, mainstream Bitcoin wallets like Unisat and OKX Web3 also have protection mechanisms—support for locking NFTs to prevent users’ assets from being ‘burned.’
However, if users are not familiar with the underlying UTXO and NFT principles and release the occupation through the UTXO management function, the reason for the loss of NFTs will surface:
Since NFTs are essentially UTXOs, when users use wallets to perform Bitcoin NFT transfer operations, if they accidentally release the UTXOs containing NFTs, they can easily be treated as ordinary UTXOs and ultimately sent out as regular transactions.
This means that these NFTs may be transferred as ordinary UTXOs, and the entire process is completely random and beyond human control. They may be sent to the counterparty or miners, making it difficult for users to recover their assets.
From this perspective, once the occupation is released, the NFT assets contained within will be treated as regular balances and may be lost due to normal spending:
Either these UTXOs are used as transfer balances, and the corresponding NFT assets are sent along with the balance to the receiving address.
Or these UTXOs are spent as gas, and the corresponding NFT assets are sent along with the gas fee to the miner.
In this context, contacting the counterparty to recover assets purely depends on luck and the counterparty’s integrity.
In addition to the aforementioned Ordinals (BRC20 tokens) protocol, the well-known Atomicals Protocol is another derivative protocol that embeds data on UTXOs to achieve tokenization.
Although it is different from Ordinals, which was originally designed for NFTs and uses the smallest unit of Bitcoin, Satoshi, as the basic ‘transaction unit’ (i.e., each Satoshi’s UTXO represents the Token itself, 1 Token = 1 sat), it still faces the same problems because it is essentially UTXOs.
Further reading:
First integration of NFTs! Unisat Wallet announces support for the Atomicals protocol ARC20 tokens
Therefore, users must take precautions before operating NFT transactions, confirm that the occupied UTXOs contain abandoned NFTs, use dedicated wallets, and isolate payment addresses and receiving addresses as much as possible:
Confirm the validity and value of the NFTs:
Before trading NFTs, confirm whether they have practical value and meaning to avoid participating in invalid or unclear NFT transactions.
Use intelligent release of occupation function:
Use smart contracts or specific functions to release the occupation of NFT UTXOs to ensure that they will not be inadvertently used in other transactions.
Use wallets that support NFT locking:
Choose wallets that support NFT locking functions to reduce the risk of NFTs being misused or accidentally burned.
Isolate payment addresses and receiving addresses:
Separate payment addresses and receiving addresses as much as possible to reduce the possibility of incorrect transfer of NFTs.
Continuously monitor NFT transactions:
Regularly check and monitor the status of NFT transactions to ensure the security of assets.
In addition to these precautions, users also need to be aware of other risks when operating NFT transactions. One of the most common risks is the promotion of phishing websites when using search engines like Google and Baidu. Users must be cautious and directly access the official entrance through the official Twitter account to avoid phishing links and exercise caution when authorizing.
At the same time, there is a risk of fake NFTs. For example, there was a recent vulnerability in the OKX Web3 wallet’s Ordinals trading market, where a large number of fake Sats were displayed for trading—careless users may mistake them for the same-name NFTs and suffer losses.
Source: OKX Web3 wallet screenshot
Overall, NFTs are an important milestone in the continuous evolution and innovation of the Bitcoin ecosystem in 2023. They have greatly promoted the attention and participation of everyone in the Bitcoin ecosystem and have great positive significance for the future development of the Bitcoin ecosystem.
But the Web3 world is a paradise for technical talents and hackers. Especially in the past two years, security risks in new fields have been like an asymmetric one-way hunt, undoubtedly serving as an endless source of free withdrawals for technical geniuses. For us ordinary users, it is more like a ‘sword of Damocles’ that may fall at any time.
For now, NFTs are still in a primitive stage of development. Everyone must pay attention to the related risks while participating, stay in the game, and hold onto their assets tightly to enjoy victory.
Related Reports
A comprehensive guide to NFT minting tools》A look at major blockchain NFT wallets, query websites, Launchpads, etc.
OKX NFT tool beginner’s tutorial》Supports batch minting of 22 chains, what are the security risks?
An introduction to Ordinals NFTs that even beginners can understand”