Recently, interest in NFT (Non-Fungible Token) has been increasing due to the speculative boom in virtual assets and the revitalization of non-face-to-face societies by COVID-19. NFT is popular because it has the nature of virtual assets and content and not only stores ownership and value of content, but also prevents data from being forged or altered. As the market size has exploded and users are increasing, related issues are also increasing. There have actually been security incidents such as user account hijacking and NFT theft. Thus, measures to protect the NFT ecosystem and various stakeholders from current and potential NFT security issues are insufficient. I feel the need for security and identify security threats in NFT transactions. After the definition of NFT, I tried to derive a security risk element targeting the NFT marketplace where the actual transaction was made. I understood the actual flow of NFT transactions through direct use, interviews, and blockchain records. Then I used the STRIDE threat modeling technique to understand threats inside part of the transaction, and identified outside part of the transaction threats through case studies such as related accidents and webinar materials. The derived threats were categorized into 10 criteria and validated through focus group interviews. As a result of the verification, most of the items received more than or equal to the validity standard score, and additional interviews were conducted on items below the standard score to obtain the opinion that they were appropriate. In this study, security is required for secure NFT transactions, and related security threats were derived prior to security measures. I believe that it will be the foundation for the creation of security measures for NFT marketplaces in the future. Ultimately, we will contribute to the continuity of the industry by protecting various stakeholders in the NFT ecosystem for safe transactions.