What are NFTs, and how do you make them?

How NFTs work, and what you're actually buying when you bid on or purchase one.

This post is Part 1 of 3 in a larger series about NFTs. This particular post explains what NFTs are and how one makes them. This post also provides warnings about what people actually buy when they buy an NFT.

What are NFTs?

If you’ve heard of blockchains, you’ve most likely heard about them within the context of cryptocurrencies. Cryptocurrencies are fungible tokens whose ownership and transactions are recorded on a blockchain. When we say these tokens are fungible, we mean that there’s no difference between one particular bitcoin and another particular bitcoin, or one particular ETH token and another ETH token. As long as they’re on the same blockchain, they’re interchangeable.

NFT refers to Non-Fungible Tokens. As the name suggests, these tokens are not fungible due to the unique data associated with each one. Unlike cryptocurrencies or even regular currencies, you can’t simply exchange one NFT for another with different data (except possibly through absurd luck or negotiating skills). The exact data can vary widely between individual NFTs, but by storing said data on a blockchain it means that the exact data associated with an NFT is agreed on by all of the maintainers of the blockchain’s nodes.

Since that data that all the nodes agree on can include ownership metadata, this opens the door for NFTs to be used as an ownership record for all kinds of non-fungible assets, both digital and physical. Some of these assets include but are not limited to trading cards, artwork, insurance policies, and videogame microtransactions. You can see examples of these on NFT auction sites like OpenSea

NFTs as a concept are supported by multiple different blockchains, though the specifics can vary from standard to standard. If you try to search for a guide on how to create or buy NFTs, many of the results that come up are blog posts associated with the crypto exchanges or NFT marketplaces themselves (and you can probably guess what their biases favor). The list of NFT blockchains and exchanges I have below is more comprehensive than most, though that’s probably a very low bar at the moment (I’ve also excluded marketplaces that are still being built. Vaporware doesn’t count).

Async ArtEthereum (ETH)Curated
AtomicWax (EOS fork)Everybody
CargoEthereum (ETH)Everybody
FoundationEthereum (ETH)Curated
hic et nuncTezos (XTZ)Open application
Known OriginEthereum (ETH)Curated
KodaDotKusama/PolkadotOpen application
MakersPlaceEthereum (ETH)Curated
MintbaseEthereum (ETH)Everybody
NBA TopshotsFlowOnly NBA Licensed
NFTshowroomHIVEEverybody (w/ verification)
NiftyGatewayEthereum (ETH)Curated
OpenSeaEthereum (ETH)Everybody
ParasNEAREverybody (w/ verification)
RaribleEthereum (ETH)Everybody
SIGN ArtWaves Protocol (WAVES)Open application, curated option
SolibleSolana (SOL)Everybody
SuperRareEthereum (ETH)Curated
Viv3FlowOpen application
ZoraEthereum (ETH)Everybody

With regards to specific blockchains, Ethereum has the biggest brand but still suffers from the fact that it uses energetically wasteful Proof-of-Work. Most of the other alternatives to Ethereum try to address one or more shortcomings of Ethereum’s Proof-of-Work approach by using Proof-of-Stake or some other alternative. The downside is that these blockchains reputations for security, value, or environmental friendliness are still being proven. There’s a bunch of debates about which blockchain mechanism is the “cleanest”, but the general rule of thumb is that most of the non-Ehtereum blockchains above are trying to use a less electricity-intensive algorithm for consensus than Ethereum’s proof of work.

Credit to the meme goes to Kyle McDonald. Truth be told, much of the debate about whether blockchains or traditional banking contributes more to climate change is pretty useless. Both sides, in their accusations, sound like they’re trying to avoid thinking about how non-essential most of their services are to the rest of society.

What do you actually buy when you buy an NFT?

There are two ways of answering this. One is to interpret the question as referring to the rights granted by the NFT. The other is regarding the structure of the NFT itself.

For the former, it depends on the NFT. If one buys an NFT collectible like an NBA card or a videogame character or an art piece, it’s pretty much the same as any other physical collectible. If you buy a baseball card, you’re not buying the player for your team or buying the rights to their merchandising or exclusive rights to their image. If you buy a rare Pokémon card, you’re not buying the IP rights to the imagery. All you’ve bought is a piece of colored cardboard. When someone buys a painting, they usually can’t stop others from using photos of the paining however they see fit. NFTs collectibles are the same. After all, plenty of people ask why they can’t just screenshot one of the NFTs sold on these marketplaces and acquire them for free. The answer is that they absolutely can, and it will be hard to stop them.

If you’re thinking “Surely these rich people spending millions on NFTs would have thought of this”…you’d be wrong.

Of course, if the NFT is something like an insurance policy or a domain name, then the buyer is granted the rights associated with purchasing those.

For the latter interpretation it’s…complicated if not grim. There are some critical details about the NFT data that we need to get right.

If you buy an NFT, the token usually contains metadata. This means that the NFT almost never contains the data for an asset itself (except for rare cases where the asset data is small enough to fit on the blockchain), but rather points to where that data lies. This metadata will be either an internet URL, an IPFS hash, or an IPFS gateway. IPFS refers to the Interplanetary File System (IPFS), an attempt at creating content-specific addresses for files on the internet, and reducing reliance on centralized data storage like Dropbox (the implementation in real life has predictably been more complicated). NFTs are often assumed to be stored securely through the use of IPFS, but it’s not always that simple. That hash and gateway are actually two very different things. An IPFS gateway is much more like the regular internet URL instead of the hash in the distributed file system. In fact, much like an internet URL, an IPFS gateway can use a custom domain name. Custom IPFS domains aren’t any more secure than HTTPS urls. They can still expire, trade owners, or even be stolen. As for the data itself, if that URL or gateway points to a server hosted by the NFT marketplace itself, then the artwork you bought disappears if that server goes down (such as what happens when a crypto startup goes bust).

Let’s give a more concrete example: Here is some artwork by Beeple sold by Nifty.

  "description":"LIMITED EDITION 1/1 | includes signed limited edition prints of all 3 states (pre-election, Trump win, Biden win)\r\nThis piece is a first for Nifty, a token that will change based on the outcome of the election.  If anything is constant about the times we now live in, it's uncertainty. This uncertainty is perfectly encapsulated in this piece of artwork as the person buying the piece will not know the final artwork. The artwork will be one state at auction before the election, and after the results of the election are known, will forever change to reflect a Trump or Biden win.\r\nPLEASE FUCKING NOTE: If trump wins, this token will change to that video of sexy boi king trump stomping through hell FOREVER. I don't want you coming back to me bitching that you spent $2M* on this and now it's a video of orangeman going HAM and it's keeping u up at night popping mad boners.  should have voted bruh.\r\n*and stfu that this isn't gonna be worth a fuckton more when I hit 30 years of everydays and have a permanent collection in the MOMA. smh.",
  "name":"CROSSROAD #1/1",

The NFT metadata refers to a JSON file hosted on Nifty’s servers: https://api.niftygateway.com/beeple/100010001/. Someday NFT will go under, and once someone is able to scavenge the domain names in the liquidation sale they’ll be able to put any data they want in that URL.

Meanwhile, a local man who bought a Bernie meme NFT is not handling the news of it’s fragility well at all. Currently on the “denial” phase.

“But wait”, you might be saying, “surely more caution would be taken with some of these more valuable NFTs, like that $65 million Beeple portfolio”. If you’re actually saying this then you’re absolutely right! For the Beeple token sold by Christies, this NFT token points directly to an IPFS hash, one that can be combined with a public IPFS gateway (http://ipfs.io) to get a path to the JSON itself (seen below, and accessible here: https://ipfs.io/ipfs/QmPAg1mjx)

  "title": "EVERYDAYS: THE FIRST 5000 DAYS",
  "name": "EVERYDAYS: THE FIRST 5000 DAYS",
  "type": "object",
  "imageUrl": "https://ipfsgateway.makersplace.com/ipfs/QmZ15eQX8FPjfrtdX3QYbrhZxJpbLpvDpsgb2p3VEH8Bqq",
  "description": "I made a picture from start to finish every single day from May 1st, 2007 - January 7th, 2021.  This is every motherfucking one of those pictures.",
  "attributes": [{"trait_type": "Creator", "value": "beeple"}],
  "properties": {"name": {"type": "string", "description": "EVERYDAYS: THE FIRST 5000 DAYS"},
                 "description": {"type": "string", "description": "I made a picture from start to finish every single day from May 1st, 2007 - January 7th, 2021.  This is every motherfucking one of those pictures."},
                 "preview_media_file": {"type": "string", "description": "https://ipfsgateway.makersplace.com/ipfs/QmZ15eQX8FPjfrtdX3QYbrhZxJpbLpvDpsgb2p3VEH8Bqq"},
                 "preview_media_file_type": {"type": "string", "description": "jpg"},
                 "created_at": {"type": "datetime", "description": "2021-02-16T00:07:31.674688+00:00"},
                 "total_supply": {"type": "int", "description": 1},
                 "digital_media_signature_type": {"type": "string", "description": "SHA-256"},
                 "digital_media_signature": {"type": "string", "description": "6314b55cc6ff34f67a18e1ccc977234b803f7a5497b94f1f994ac9d1b896a017"},
                 "raw_media_file": {"type": "string", "description": "https://ipfsgateway.makersplace.com/ipfs/QmXkxpwAHCtDXbbZHUwqtFucG1RMS6T87vi1CdvadfL7qA"}}

So the buyer has a direct hash instead of an unstable custom domain. Problem solved, right?

Not so fast. The metadata is stored with this hash, but the reference to the media within the metadata points to ”https://ipfsgateway.makersplace.com/ipfs/…”. As you’ve probably observed, this is yet another custom gateway used by a single company. That company, http://makersplace.com, probably has a much shorter life expectancy than this token’s buyer care’s to imagine. Referring to an IPFS hash in both spots doesn’t really help in this case either. The IPFS will only serve the files as long as a node in the IPFS network intentionally keeps hosting it. This means that when the marketplace startup folds, the files will probably vanish from IPFS too. The worst part is that this is far from hypothetical, there are countless examples of IPFS-NFTs that have just disappeared. If you are wondering if any particular NFTs haven’t broken yet, you can take a look for yourself at CheckMyNFT.

But what does this mean? Does this mean NFTs cannot work? Are we going to see an NFT crash in the style of Mt. Gox? These flaws aren’t universal to NFTs. True, many of the mainstream marketplaces are extremely unstable when it comes to long-term link storage, but with some careful engineering (and using IPFS the correct way) it’s possible to do better risk management than most. As for the Mt. Gox analogy…what’s the best way to put this? When NFT breaking hits a critical mass it will make the Mt. Gox crash seem like losing change in your sofa by comparison.

Buyer of a multi-million-dollar NFT, after finding out that the marketplace didn’t bother to maintain the IPFS node storing the data they paid for.

That is not to say that NFTs cannot be done right. If the information is small enough, it’s possible to store all the data on the blockchain. Remember the tiny pixelated avatar bought by Figma Founder Dylan Field?

This one to be exact

This is probably the upper limit for how big images could be and be stored on the Ethereum blockchain easily (though the actual cryptopunks NFTs are links, and not actually stored entirely on the blockchain. This was merely a hypothetical). Nonetheless, it will probably last as long as the Ethereum blockchain itself does without needing to worry about link rot. It’s for this reaWhile the NFT art market might be a house of cards built just before a category 5 hurricane makes landfall, minting NFTs does still have its uses.

If we must use links to external data not stored on-chain, there are also ways of improving how metadata containing links to external files is set up. For example, it would be great to combine IPFS and Arweave hashes, and make sure there’s some kind of on-chain properties of the art we can store as well. Short of etching data onto a platinum disk and burying it in a billion-year-old rock deposit in Eurajoki, Finland for the next 100,000 years, none our long-term data preservation options is perfect. Still, any of these methods would be a far cry better than just uploading JPEGs to NFT websites.

// SPDX-License-Identifier: Apache-2.0

pragma solidity ^0.8.4;

contract NFTToken {
    event Mint(address indexed _to, uint256 indexed _tokenId, bytes32 _ipfsHash);
    event Transfer(address indexed _from, address indexed _to, uint256 indexed _tokenId);

    uint256 tokenCounter = 1;
    mapping(uint256 => address) internal idToOwner;

    function mint(address _to, bytes32 _ipfsHash) public {
        uint256 _tokenId = tokenCounter;
        idToOwner[_tokenId] = _to;
        emit Mint(_to, _tokenId, _ipfsHash);

    function transfer(address _to, uint256 _tokenId) public {
        require(msg.sender == idToOwner[_tokenId]);
        idToOwner[_tokenId] = _to;
        emit Transfer(msg.sender, _to, _tokenId);

Cited as:

    title = "What are NFTs and how do you make them?",
    author = "McAteer, Matthew",
    journal = "matthewmcateer.me",
    year = "2021",
    url = "https://matthewmcateer.me/blog/what-are-nfts-and-how-do-you-make-them/"

If you notice mistakes and errors in this post, don’t hesitate to contact me at [contact at matthewmcateer dot me] and I will be very happy to correct them right away! Alternatily, you can follow me on Twitter and reach out to me there.

See you in the next post 😄

I write about AI, Biotech, and a bunch of other topics. Subscribe to get new posts by email!

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

At least this isn't a full-screen popup

That'd be more annoying. Anyways, subscribe to my newsletter to get new posts by email! I write about AI, Biotech, and a bunch of other topics.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.