[Quenhus]

To me, the author doesn't fully understand how Smart Contract, NFT and ownership work.

It is as if he wrote "NFTheft owns the Joconde" in a Word document, printed it, signed it and tried to prove to the world that he truly owns the Joconde. It doesn't work that way with NTF, nor in real life. Ownership is a consensus.

You can verify the real owner of the token with [0] > Contract > Read > "16. Owner Of" and type "40913", as explain on the original marketplace [1].

However, what he highlights is that Smart Contract doesn't prevent the code from being malicious, in the same way than HTTPS doesn't prevent a website to be hackable. To be even more precise, ERC721 is a code interface. Its implementation is not universal, and thus can be malicious.

[0] https://etherscan.io/token/0x2a46f2ffd99e19a89476e2f62270e0a...

[1] https://onlineonly.christies.com/s/first-open-beeple/beeple-...

[miracle2k]

I strongly dislike the authors framing, but there is something of value here; the attack vector is essentially spam/fishing. Platforms like OpenSea are at the mercy of the events emitted by smart contracts, and you could certainly try to use a "Beeple sent this" event shown in an explorer to trick someone into believing that Beeple acknowledged this NFT as valuable enough to interact with it.

Create an ERC 721 contract where you control the events, mint a copy of a famous piece, emit an ownership history involving a bunch of famous collector accounts, mix in some wash-traded sales, and you might just convince someone that this is a valuable piece and that they don't need to look too closely.

[jtsiskin]

Yes, but this is solvable. Look at the addresses initiating the transactions rather than trusting the logged events.