The popularity of non-fungible tokens (NFTs) has grown exponentially over the last year or so. Plenty of people, from high profile celebrities to crypto enthusiasts, have dipped their toes into buying and selling these digital pieces of art. But because the white-hot technological innovation is still relatively new, it still has a few fundamental problems that need ironing out.
OpenSea, one of the most popular NFT marketplaces, in early 2022 stirred panic among its users when it disclosed that over 80% of the tokens minted on the platform for free were either fake or plagiarised. Almost a month later, a number of the platform’s users woke to find that their much-coveted tokens were no longer in their wallets after they were targeted by an alleged phishing attack.
These are just a couple of examples that seemingly illustrate how NFT collectors can be prime targets for would-be hackers, scammers and fraudsters. And given the decentralised nature of the emerging space, you can’t simply run to authorities for help or ask a financial intuition to protect your assets. You’re responsible for keeping your token collection safe.
As such, we’ve compiled a list of best practices to help you protect yourself from becoming a victim of an NFT-related crime.
Do Your Research
It almost goes without saying that being knowledgeable about the threats out there allows you to be one step ahead of them. And there’s no better way to get the information that you’ll need than by doing your research.
The general rule is to always look up the NFT collection, the contract and other important transaction details before you commit to an exchange. You should also verify the accounts or groups you’re dealing with, which is usually easier said than done, considering how bad actors can easily create fake identities online. But that shouldn't stop you from checking all the same.
NFT scams, for instance, have become quite prevalent on Twitter. Those involved typically impersonate other users to fool potential victims. That’s why it’s wise to check the handles of the users you’ll be interacting with. Sometimes only a single letter sets the fake apart from the real one. You can also check who’s following the account to better gauge its legitimacy. Additionally, don’t base your judgement on the number of followers as there are countless fake accounts with thousands of followers.
If you want reliable information, look no further than the people you know and trust for help. Message your friends who, like you, may also be into NFTs. They might have the answers to your questions. If not, try online communities. Sure, you can’t always trust everyone online, but some groups are devoted to providing support and warning people against scams.
Use a Hardware Wallet
Don’t ever think that your tokens are 100% safe in your hot wallet. If recent scams are any indication, software-based storage still comes with plenty of security risks. And surely, the last thing you want to happen is to lose your prized assets.
For this reason, you should consider using a hardware wallet – or cold wallet, as they’re sometimes called – together with your hot wallet. These physical drives allow you to transfer your NFTs to offline storage, where they’re much less vulnerable to hacking.
The process of transferring is not all that complicated, especially if you already know how blockchain technology works: you buy the drive, set up your wallet and connect it to MetaMask or other interfaces. In case you’re not sure what to do, you can always consult a step-by-step guide online – you’ll find tons of them from a quick search.
To be as safe as possible, only buy hardware wallets from verified vendors. Brands like Ledger or Trezor are what most would recommend.
Oh, buying the drive and transferring your tokens, of course, costs money. But it’s better to be safe than sorry, right?
Employ All Available Security Measures
One of the quickest ways to protect your NFT collection is to simply enable multi-factor authentication for your account. That way, breaches can still be prevented even if your password gets compromised. As with all security measures, it’s not entirely foolproof, but you’re less likely to be targeted with the feature turned on.
It also helps to have a complex and long password. The rule of the thumb is to have a combination of letters, numbers and symbols. However, if you want to kick it up a notch, you can have a program create a password for you, which often comes out as a random sequence of characters. Just make sure you don’t forget it. Or, note it down somewhere safe, preferably in a place you’re confident hackers won’t have access to.
On top of these, you might want to create an offline backup of your seed phrase, the master password of sorts to your crypto wallet. The very basic way of doing so is to, again, write it on a piece of paper. But like your password, you have to make sure no one ever lays eyes on it except you. Perhaps store it in a secure vault if possible. You can similarly use local or titanium drives to create an offline backup.
Remember, your seed phrase, which usually consists of 12 to 24 words, is the key to accessing your wallet. Don’t ever share it with anyone.
Last but not least, try not to access your wallet or NFT platforms on devices you don’t own. If you don’t have another choice, do your best to cover your tracks while you’re online. Use a VPN while you browse and make your device invisible to others.
Scammers have become so proficient at creating fake giveaways, emails and websites that it’s now more difficult than ever to identify what’s legitimate from what isn’t. They usually prey on your desires to get you to click on a malicious link that allows them to steal your information and gain access to your collection.
As such, you have to be careful about the sites or pages that you visit. Avoid clicking links or attachments from unknown sources. Better yet, before clicking anything related to NFTs, verify them first using an app or web tool. You can’t go by looks alone anymore. If you’re, say, planning to buy a new token, you can alternatively check the collection’s official Discord or Twitter pages to verify the authenticity.
And when you’re minting an NFT, do it on a verified website. Oftentimes, you won’t know a fake is fake until after you’ve been victimised, so always double-check links.
Always Be Vigilant
Finally, in relation to everything we’ve mentioned so far, always be vigilant. Don’t ever let your guard down and give these bad actors an opening. They’ll always find new tricks and schemes, but if you’re proactive with your online security, you can probably sleep easier at night knowing your collection should be safe.
Get ahead of scams by reading up on them and how they work. Doing so should give you an idea of what to avoid and watch out for. Some of the most common ones include phishing, impersonation and bogus pages and offers.
What’s more, because NFTs are also viewed as investments, it’s appropriate to say that if an offer sounds too good to be true, then it probably is a fake, potentially a scam.
It’s also worth emphasising that your wallet address and transactions are public, which means practically anyone can interact with you. Obviously, not everyone is out to steal your collection. Still, unless you personally know the account you’re interacting with, it’s best to take some precautions.
At the end of the day, your collection is your responsibility and you surely don’t want anything to happen to it. So invest in the time and resources needed to help you protect it more effectively.