While NFTs are not new, 2021 was a year of increased adoption and massive attention. While attractive, this rapid growth is not risk-free. Below, we’ve gathered many of the important risks associated with using NFTs and associated technologies / applications. There may be a bit of overlap with other sections of our guide, but we thought it would be most useful to consolidate the biggest risks we see in this section.
Game Company-Specific Risks
Alienating your customer base
NFTs, by and large, primarily appeal to fans and investors in cryptocurrency right now. Depending on a game’s existing monetization model, adding NFTs comes with a substantial risk of alienating users who want to play to have fun – players who are likely to reject the idea of playing a game for money instead of enjoyment. These players may leave if they feel they’re being shaken down for every penny they have. If a game experience focuses on making money rather than fun for players, then that game will ultimately attract players who are there to make money, not have fun.
We speak more about this in the Play-to-Earn issues section.
Changing what it means to play games
By adding NFTs, it inherently changes what it means to play games. In an open letter, Square Enix President Yosuke Matsuda said:
I realize that some people who “play to have fun” and who currently form the majority of players have voiced their reservations toward these new trends, and understandably so
He further goes on to imply that there haven’t been “as many major game-changing content that were user-generated as one would expect” due to a lack of financial incentive. However, as we have seen, depending on how monetization is implemented, it may incentivize a focus on profits over creativity. The adoption of NFTs in games causes a design shift, wherein developers assume players’ primary motivation for play is around financial compensation, as opposed to other needs like escapism, achievement, or social connection. This also shifts content creators’ motivations to be creative: in one case, creators are motivated by their innate desire to create something, with financial incentives to do so; in the other case creators are motivated by the end goal of monetary reward.
Botting is not a new concept for game companies – aimbots, for example, have plagued first person shooters for years. When it comes to Play-to-Earn games, however, botting is now being taken advantage of to automate the earning of money. In these games, botting can affect everything from gameplay to the value of the underlying cryptocurrencies these games use, which in turn affects how much players can earn in potentially negative ways. This can lead to a situation where players who Play-to-Earn grow increasingly upset as they become outnumbered by bots. In turn, these players can churn and choose not to evangelize the experience to their friends. If the experience is perceived as too exploitative or disruptive, players may actively choose to evangelize against a game – causing downstream negative effects to new player acquisition and retention.
You risk losing players through yet another sign-up requirement that players don’t want
Nobody likes signing up for new accounts. Nobody likes managing their growing list of accounts. In order to integrate with the blockchain-crypto-NFT ecosystem, users need to have some form of a crypto wallet – an account needed to manage and interact with cryptocurrency. Most people still don’t have crypto wallets. Whether these crypto wallets are managed by a game’s studio/publisher or by the users themselves, it is another step in the process of playing a game. Added steps (i.e. friction) risks pushing away people who don’t want to figure it out, or can’t access them at all. While there is nothing technically stopping crypto wallet integration on all platforms, the current state of this technology is far from user-friendly. At present, it is uncommon for gaming platforms to have native integration.
Introducing NFTs top-down leads to resentment / resignations
A majority of game developers have spoken up about their distaste of NFTs. Many have gone so far as to say they will leave their companies if the game they work on integrates NFTs. We’ve already seen this exact situation play out in studios like Ubisoft and Team17, where employees were taken completely by surprise by their company’s announcement of NFT integration. Recently when Salesforce announced they were considering getting into NFTs, hundreds of employees protested. You can read more about the confusion, concern, and pushback from employees in our Company Sentiment section.
This highlights a very critical problem – with such a divisive topic, any top-down decision without community input risks resentment and resignations among developers, artists, and anybody else working on these games. Depending on how strong the distaste is, and how united the employees are, this could lead to anything from public outcry to strikes to employees leaving their companies. In the short term, both are bad for PR; in the long term, both will directly impact talent recruitment and retention. Even if a company ultimately repeals the use of NFTs to try and save face after backlash, they may have already inflicted permanent damage to their team’s morale, as well as brand trust with their employees and customers.
A company could be viewed as responsible for any scam
We speak more about some common types of scams to be on the lookout for in the General Risks section – but wanted to state here that any NFT scam involving a game risks PR blowback against the company. Additionally, companies exist in the ‘’regular’’ world. They pay taxes, follow regulations, and are registered with the government. They are accountable for any illegal activities that happen with them as a party, even though NFTs exist in a decentralized setting.
Minecraft, for example, gets bad press and pressure to speak up about their stance on NFTs due to million-dollar scams such as this potential rug pull where the NFT creators have made off with $1.2 million.
You can find another example in this reddit thread criticizing Roblox for an NFT project, which eventually forced Roblox to speak up and adjust their Community Guidelines.
At the end of the day, attaching monetary value to accounts creates a higher risk of stolen items, hacked accounts, and other social engineering issues that create more work for support teams. This risk generates costs in training, infrastructure, and recovery actions.
Copyright infringement is a huge issue with NFTs. It’s so bad that there’s an entire Twitter account, @NFTTheft, dedicated to covering it. According to an article by The Verge from late 2021:
DeviantArt has sent 90,000 alerts about possible fraud to thousands of their users since then, company executives said. It’s now scanning for fraud across 4m newly minted NFTs each week. The number of alerts doubled from October to November, and grew by 300% from November to mid-December.
As the market value of NFTs is currently in the tens of billions of dollars, crypto art theft has skyrocketed.
Depending on the NFT marketplace, anybody can create an NFT that looks exactly like an official, original, creation, but is actually just a copy. Games are not immune to this, either, with some NFT games going so far as to make use of stolen art.
Unrelated issues on the blockchain
In January, a new NFT game, Sunflower Farmers, was released on the Polygon blockchain. Users, eager to earn revenue from the promises of Play-to-earn, flocked to the game in such high numbers that the entire chain was effectively DDoS’d. Transaction prices shot up massively and the chain quickly filled with new accounts, many suspected to be bots, looking to make quick earnings off the new game.
It is important to be aware that congestion, transaction times, and transaction prices can change based on blockchain activity, depending on the technology used. Not to mention – the value of the underlying currency is subject to market fluctuations, and out of the hands of any one company to control, unlike typical in-game economies.
Bad Press / Reputation Damage
You can read our Community Sentiment section to understand how the gaming community in particular has responded to NFTs in games (hint: they really don’t like them), but this negative sentiment towards NFTs extends beyond the video game community as well.
As we mention in the Company Sentiment section, companies like Discord and Artstation have canceled NFT/crypto projects following extremely negative community feedback, and WWF canceled a long-planned endangered animal NFT project after just 2 days due to community criticism. WWF tried to save face by calling what they did a “trial,” but that clearly didn’t help them:
Long story short, there is no “safe” NFT. There is no “low-risk” NFT. There is no “transition” NFT. NFTs pose a PR risk, as the primary consumers with an appetite for NFTs are those who are already monetarily invested in cryptocurrency.
The intention of turning games into a job is very close to a concept we have become familiar with in the last five years: the gig economy. This is the name given to the model adopted by Uber, Uber Eats, Lyft, Airbnb and many other service apps that aim to connect service providers with clients directly, with no middleman. The results, we all know: informal jobs.
Let’s imagine how a game gig economy would look like. Players would need to buy or own all the hardware and means to play the game: a console, pc or mobile phone, internet connection, accounts and wallets necessary to play. Depending on the earning model, players would need to make an initial investment of cryptocoins or in-game assets. They would then proceed to play the game for as many hours as they want, in case this is a side gig, or for as many hours needed to make a living wage at the end of the month. Time dedication could range from 6 daily hours to 20 daily hours of gameplay, for as many days a week as needed. Due to cryptocurrency fluctuation, the final rewards – or salary – will vary from month to month, making it difficult to predict a stable income. Like many other gig economies, players don’t have any form of contract, insurance, vacation or parental leave – which means if the game ever gets sunsetted or goes offline due to a server outage, players have nowhere to complain because they have no employment ties with the studio. If players get sick, they will simply stop earning for that amount of days, and paid vacations are also non-existent. If their hardware breaks, they have to pay out of pocket for a new one. We could keep developing this thought experiment, but a simple google search about other gig economies will suffice to give empirical examples of this in the real world.
Short-term hype does not imply long-term success
NFTs are not new, but the current market-based hype behind them is. There is currently nothing to suggest NFTs will stick around for the long haul except for the extremely successful marketing campaigns of NFT and crypto fans who, again, are invested in the monetary value of their assets not decreasing.
Blockchain is not a new technology, and neither are NFTs. The hype of the moment has led to blockchain being sold as a cure-all for so many problems – but these problems are also not new, and in many cases, it was a lack of marketability or willpower, not technological limitation, that led to them never seeing the light of day. For example, asset interoperability between games is a feature that could be done today, without using blockchain technology.
The NFT space is a bubble right now. Maybe it will pop now, maybe it will pop decades from now. Nobody knows for sure – but what is certain is that vulnerable and speculative cryptocurrencies form the bedrock of the NFT marketplace, leaving NFTs vulnerable to the success and adoption of the underlying cryptocurrencies.
A big selling point of blockchains is their security. The underlying consensus mechanism of all major blockchains claiming to be “eco-friendly” (which is hyperbole, read more in our section analyzing this claim) is Proof-of-Stake (PoS). PoS, while secure in most normal use cases, has one substantial security risk: its security is based entirely on the idea that no one party, or group of parties, will ever amass a majority of the total currency available for the underlying cryptocoin. In normal circumstances, this is highly unlikely to ever happen and incredibly difficult to imagine ever happening, but becomes less difficult to imagine in a future where large corporations or countries are competing against one another. If one party were ever to gain full control over the value of the underlying consensus mechanism of a blockchain, its value would undoubtedly tank, along with the value of every asset using the chain.
Many, from critics to some of the most staunch NFT supporters, view the NFT space as a bubble. Speculative bubbles are fueled by the “Greater Fool” theory – a system in which the value of the underlying assets depends entirely on the idea that there will always be someone coming later to buy for a higher price. The value of NFTs is subject to extreme fluctuations, not just due to changes in hype around a project, but also due to changes in the perceived value of the underlying cryptocurrency.
Number go up
Miners and validators need government-issued currency, like dollars, (called fiat currency) to handle their costs in real life, so all rewards in cryptocoins must be exchangeable to fiat currency at some point. To keep this economy balanced, there must be an influx of real world, government-issued currency or else a constant cash-out could disrupt the entire cryptocoin ecosystem.
For this reason, there is both a need and incentive for regular currency influx, and several mechanisms are put in place to make it as attractive as possible for a large number of people to do so. These attractions are part of the ‘number go up’ philosophy, aimed at speculators and unadvised people.
A decentralized blockchain requires a cryptocurrency to function, and this cryptocurrency requires speculation to function (source). The techniques used to attract these people are very similar to the rhetoric used in multi-level marketing schemes, appealing to the same psychological traits to sell the narrative: a myth-making story of limitless profits over a short amount of time. By incorporating NFTs, game companies expose their players to the predatory practices present in the cryptocurrency ecosystem, leaving unadvised players vulnerable.
Legal & Regulatory
While cryptocurrencies are nothing new, global law has largely not yet caught up to the recent hype of NFTs. Different countries have different regulatory proposals, but as things are still not settled, expect a lot of turbulence and a decent chance of increased legal requirements surrounding NFTs in the coming years. For example, in Feb 2022, the UK’s HMRC seized NFT assets for the first time recently as part of a fraud investigation.
Companies with sustainability goals need to be aware of the impacts NFTs will have on the total carbon footprint of a studio. In terms of emissions accounting, any effective emissions reduction strategy will account for Scope 1, 2, and 3 emissions.
Creating the NFT asset is a Scope 2 emission in the form of electricity used at the studio. The electricity required to mint and transact an NFT depends entirely on the chain used, but is a Scope 3 emission. Any company serious about its emissions must account for all Scope 3 emissions, and therefore needs to track not only the minting of all NFTs created, but all transactions of all NFTs created.
While Proof-of-Stake greatly reduces the energy costs compared to Proof-of-Work, the total energy usage must still be accounted for and owned up to. As NFTs are out of a company’s hands once they are minted and sold, so too are the total emissions resulting from that NFT.
Some blockchain creators claim to have low-energy or low-carbon footprint Proof-of-Stake chains, but on closer inspection these are reliant on Proof-of-Work chains. One such example is Polygon, a popular “eco-friendly” Ethereum “sidechain.” Polygon uses Proof-of-Stake within its own blockchain, but still interacts with and relies upon the main Ethereum chain for transactions and payments made using Ethereum’s cryptocurrency. Thus, all claims of “climate-friendly” or “low-energy” blockchains must be scrutinized to ensure that they do not rely upon direct perpetuation of or use of Proof-of-Work blockchains; these will often mask the true nature of their energy use to tempt climate conscious organizations that wish to enter into NFTs. We dive into this more when we discuss the true environmental cost of NFTs and crypto.
As NFTs grow in popularity, so too have efforts to scam people out of their valuable digital assets. If an NFT is valuable enough to make someone money, there will likely be duplicates uploaded to marketplaces like OpenSea, where they will try to trick people who don’t know better into buying them. These scammers can even attempt to claim and grant copyright, even though they don’t even hold the copyright themselves. That of course is a PR risk, but also just a bad experience for users.
Wash trading is also extremely common. This is where, due to the anonymity crypto allows, users can trade themselves an NFT back and forth, inflating the price, until someone else comes along, views the asset as valuable, and buys it for way above what it was initially valued at.
There are also other issues – such as people inserting fake NFTs into people’s wallets that, when acted upon (removed, opened, transferred), steal all of the legitimate items in that wallet.
Phishing scams are rampant – $1.7 million worth of NFTs were stolen recently from users of OpenSea, one of the most popular NFT marketplaces.
Ultimately – scams more often affect consumers than companies, so if you’re considering getting into NFTs, you should be aware of the many risks and challenges your consumers stand to potentially face.
IP Rights / Ownership
Most often, the only right bestowed to an owner of an NFT is the right to hold and sell the given NFT, and has little to nothing to do with the underlying asset. This can be changed in the underlying smart contract that controls any transaction that NFT is involved in, so any smart contract should be carefully reviewed before transacting. This is especially risky for companies who don’t want to, say, accidentally transfer copyright to a piece of game art to a random user. It’s also important to communicate this to buyers, who may think they are getting copyright to something, when in actuality they only receive what is effectively a symbolic token.
Bugs & Vulnerabilities in the Code / Blockchain Is Immutable
When you put something on the blockchain, it’s there forever. You can replace a token with a new one, you can create a new version of a contract, but you cannot remove the data from the blockchain. This not only has severe implications for data that gets accidentally leaked or is inappropriate, but also opens the door for any potential vulnerabilities or bugs in smart contract code to be discovered and exploited.
As the NFT Game Wolf Game found out the hard way, having your code public can result in millions of dollars of tokens having to be reissued. This is a risk that grows in magnitude depending on the size and value of the NFTs issued.
3rd Party Issues / External Dependencies
Though NFTs and crypto tout decentralization as a core pillar, most NFTs are bought and sold through just a few popular marketplaces like OpenSea and Rarible. Wallet managers like MetaMask provide an all-in-one service to connect finances and wallets together for convenience. Counter to all decentralization ideals, these services are quickly consolidating power, and therefore there is a growing expectation that any NFT will be tradeable through these platforms. But what happens if one of these platforms goes out of business? What happens if MetaMask gets hacked, and many of a game’s tokens get stolen? What if Ethereum gets slowed significantly and experiences a massive increase in transaction fees because of the launch of a game?
In the end, blockchains not only depend on individuals to host and stake for the chain, but also on other individuals hosting decentralized storage nodes in systems like IPFS to help host the files attached to the NFTs stored on the blockchain. In these systems, people store massive amounts of data that isn’t theirs, creating a peer-to-peer storage system rather than a centralized storage system like OneDrive or Dropbox.
Decentralized systems live and die by the number of users – and if the money disappears or the market tanks, there’s a risk that the ones propping up these systems could disappear too. Similarly, those hosting the NFT data on a distributed storage system such as IPFS or Filecoin might disappear if the data becomes polluted with illegal material – such material would, once again, be immutably fixed on the blockchain, so would cause problems for those sustaining the system.
What effectively happens is that your software suddenly has a dependency to entities from outside of your organization. This poses a significant risk to longevity of your game. You can have an SLA (a Service-level agreement, which stands for a commitment between a service provider and a client) with some cloud provider to ensure that your game remains available, but you can’t prevent the blockchain you have used from being unusable.
As the blockchain is not built to store massive amounts of data per transaction, many NFTs instead point to a URL of some kind (http or ipfs, usually).
“Link rot” is a term used to describe the situation where a valid URL that once existed decays over time, for a myriad of possible reasons. NFTs are not immune to this problem, and though ipfs is more resilient, it is not foolproof.
Link rot is an ever-present threat for NFT owners and creators, as any number of unintended situations could result in an NFT becoming a token pointing to a very expensive 404.
Some efforts are being made to create blockchain-based decentralized file storage systems, such as Filecoin, but these run the risk of potentially storing illegal material as explained above.
While today’s institutions might be far from perfect, they provide society with a layer of security and stability that is non-existent in decentralized organizations. Legal systems for instance need human operators due to the infeasibility of predicting all possible behaviors and outcomes in written law.
For decentralized organizations, there isn’t an entity to go to whenever a malicious or unexpected situation occurs, meaning any member is vulnerable to suffering irreparable losses or damage with nothing to be done about it. For decentralized organizations governed by smart contracts (like DAOs for example), there is a false premise that using code as law would make for a perfect and neutral governance – this premise is false because no computer would manifest code without a human to input it, so in reality a certain group of people is deciding the rules and the computer program is simply applying it. Any application of “code is law” is also likely to restrict innovation (as the smart contracts are immutable), and miss out on edge cases and contextual interpretation which is a defined feature of legal systems.
Another risk that comes with decentralized organizations is that of staked voting: some organizations grant members voting rights according to how much money they have staked. This voting system is as far as possible from being democratic, decisions would be taken in favor of those with more capital.
Decentralization has its risks, but it is one of the core pillars of the underlying blockchain technology. In practical terms, what we see is a progressive shift towards centralization though, with issues like a few massive mining pools controlling the majority of the networks (which is the case today of both Bitcoin and Ethereum); the progressive degree of inequality being reinforced by Proof-of-Stake consensus mechanisms that filters wealth upwards; the expensive initial stake for new validators coming into the Ethereum network, creating a high entry barrier; and services like MetaMask and Etherscan that are centralizing access to all decentralized services. (Read more about all points under the Blockchain section). At the end of the day, the technology has to date proven unable to offer the safety of centralized institutions nor the advertised benefits of decentralization.
Including mandatory crypto usage in a game might be incompatible with certain religious doctrines. This may create issues depending on who is playing the game and where the game is being published.