For two decades, digital artists and art have found a welcoming community at DeviantArt, the social network with an emphasis on art display. The platform boasts more than 70 million registered users and exceeds 100 million visits every month. Millions of original images are uploaded to the platform every day, making it the go-to hub for digital creators. But that comes with a problem: it’s also the go-to target for digital art thieves.

The playbook for NFT art theft is simple and easy: go to DeviantArt, download an original artwork, then mint it as an NFT, hoping for an unwitting NFT collector to pay you for it. No skin off your nose after it sells, if ever.

“I’m in tears,” tweeted 19-year-old artist sodasprouts. “Daft Punk art I made to promote One More Time Zine (a charity project) was stolen and sold for $12,000+ worth of cryptocurrency.”

It's not good for collectors who unwittingly buy an NFT based on stolen artwork either. Finding out that an artwork is the product of someone else immediately undermines the value of the digital asset, for the same reason that enormous resources are invested to ensure the legitimacy of physical art. Yet although authenticity does matter, it would be a mistake to treat this as a mere authenticity problem for digital art.

When you buy art as an NFT, you're also buying a ticket to an artist’s community; rather than a JPEG you could have simply screenshotted, you are entering their world. JPEGs may look pretty on the surface, but the authentic, non-fungible token under the surface is what provides membership of an artist's community. In faking art that provides no access to the artist, art theft is problematic for everyone in the ecosystem.

To tackle the ever-growing problem of art theft in web3, DeviantArt launched in August last year an AI-powered tool called Protect Protocol, which scans blockchains and alerts artists to any of their artwork that may be minted as NFTs. So far it has worked wonders.

RJ Palmer, a concept artist known for his realistic Pokemon illustrations, is one of the many artists who used the tool to detect and report his artwork minted by others as NFTs. “Thanks to DeviantArt's NFT reporting feature I have been alerted to some jackass who stole a ton of Pokemon art and listed them as NFTs ... there's a ton of other artists [sic] work taken.”

Scanning nine public blockchains – Ethereum, Klaytn, Polygon, Solana, Arbitrum, Optimism, Palm, Tezos, and Flow – Protect identifies NFTs that have an identical match or, as in RJ Palmer’s case, a near-identical match. There is no escape for art thieves via minimal effort to slightly alter the work.

Rather than taking action on its own, the tool alerts the artist and gives them the option to send a pre-filled Digital Millennium Copyright Act (DMCA) request, which would compel NFT marketplaces to take down the offending NFT.

Protect’s statistics show the scale of the problem. Since launching last August, the Protocol has indexed over 500 million NFTs and alerted creators to over 400,000 potential infringements. Although Ethereum is the most popular blockchain for NFTs, Polygon ranks number one for stolen NFT art, with an infringement rate of around 5,750 infringements per million NFTs – nearly twice as many cases as on Ethereum. The other seven blockchains all have considerably fewer offending NFTs, with Optimism and Palm the most authentic chains for NFTs.

In May, DeviantArt extended the tool beyond its community of artists. “High praise from the on-site creator community inspired DeviantArt to extend Protect and its safeguarding powers to a standalone service, allowing any creator – not just DeviantArt members – to leverage this technology,” Moti Levy, CEO of DeviantArt, told Culture3.

The free version of the tool lets you upload up to 10 images totaling 2gb. But more prolific artists may want to sign up to the Core Pro service for $9.95 per month, allowing them to upload up to 1,000 images totaling 50gb.

Sometimes the art theft in web3 is as simple as reminting already-minted artwork. In May, OpenSea launched internal tools to fight what it calls 'copymints' – exact replicas of already-minted NFTs. The platform also made moves to limit 'lazy minting', its on-site feature to mint an NFT, to 50 NFTs at a time, since over 80 percent of copyright violations were created with that tool. That attempt received a backlash from creators asking OpenSea not to throw the baby out with the bathwater. The feature is widely used by original artists as well; the platform had to backtrack.

Sometimes copymints appear across chains, throwing off marketplaces that don’t run cross-chain checks. In July, NFT artist landlinesart’s collection on Tezos was copied by a scammer who managed to get it verified on LooksRare, which runs on Ethereum. NFT art theft can even be a problem for invitation-only platforms like Foundation, which pride themselves on exclusivity and high-quality art, though highly-curated platforms like SuperRare appear to have enough barriers to entry to mitigate the problem.

Despite all the efforts to tackle copyminting, there is only so much an NFT marketplace can do. They do not have the power to remove NFTs from the blockchain; after all, blockchain records are immutable and permissionless; they exist without anyone’s consent. The tokens will continue to have their metadata pointing to stolen images wherever those images may be hosted, most likely on censorship-resistant decentralised file storage networks like IPFS.

But the incentives to mint stolen artwork exist because there are potential collectors. Without collectors falling for such scams, those incentives may diminish and the problem may eventually disappear. Until then, it is just a game of whack-a-mole.

JPEGs may look pretty on the surface, but the authentic, non-fungible token under the surface is what provides membership of an artist's community.