Sayfer Identifies Security Vulnerability Affecting 10% of All NFT Projects

Cybersecurity firm Sayfer has identified a new vulnerability affecting 10% of all NFT projects.

Cybersecurity firm Sayfer has identified a new vulnerability affecting 10% of all NFT projects. The so-called BadReveal vulnerability attacks the minting process of non-fungible tokens, which are meant to be generated randomly. By exploiting the BadReveal bug, an attacker could claim the best and most valuable NFTs at launch before reselling them for great profit on the secondary market.
With most NFT projects, tokens are minted blindly to ensure a fair distribution of NFTs, whose rarity traits can differ greatly. Within days of the mint being completed, the ‘reveal’ occurs whereupon the metadata is made public and buyers can ascertain the characteristics of their NFT. If an attacker somehow manages to access the metadata before it is revealed, they could use this information to snap up valuable unrevealed NFTs.

While analyzing the code for leading NFT projects, Sayfer researchers found that many of them entail two different transactions in the reveal process. The project owner first sets the unique metadata for the reveal and then later reveals the data to the public. In the time between these two transactions, which is typically hours or even days, a skilled attacker can scan all NFT metadata in the project and pinpoint the rarest tokens.


Sayfer found the vulnerability in dozens of projects whose codebase it assessed, and believes it is replicable in thousands more. Its team has stated that since there is no way to automatically test for the presence of the BadReveal vulnerability, NFT projects should commission a security audit prior to launch. This will give the community faith in the integrity of the minting process and ensure a fair distribution of NFTs to owners who will become passionately involved with the project.

About Sayfer

Sayfer is a leading consultant cybersecurity company. We make organizations safer with ad-hoc solutions that close the gaps common security products fail to reach. Our clients enjoy fast, bespoke solutions that prevent major security breaches. Sayfer specializes in offensive defense by leveraging approaches that imitate the attacker’s behavior. Through reverse-engineering and vulnerability research, we are able to find novel security breaches in our client’s products and prevent the real bad guys from threatening our clients.


This article contains a press release from an external source. The opinions and information presented may differ from those of DailyCoin. Readers are encouraged to independently verify the details and consult with experts before acting on any information provided. Please note that our Terms and Conditions, Privacy Policy, and Risk Warning have been recently updated.

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Press Release

Read the most recent crypto press releases on DailyCoin to know all the latest project news from fintech and blockchain businesses. Disclaimer: This article is a press release and was not written by DailyCoin. We always aim to have the highest editorial and fact-checking standards, so if you encounter any content related issues, please contact us at