People think NFTs last forever, but can you lose your nfts? Understand how to protect and avoid NFTs that may go missing if you plan to invest in them.
Many people believe NFTs last forever. Unfortunately, that isn’t always the case. From phishing to improper NFT creation, there are numerous ways for your non-fungible token to go missing. Still, there are things you can do to prevent it from happening to you.
Table of Contents
3 Ways NFTs Can Go Missing
Phishing Attacks
Phishing is one of the more common ways people lose their NFTs. Your wallet’s passphrase is the single barrier to protecting your tokens, so if you ever give them to the wrong person, you stand to lose everything in the wallet.
I’ve seen phishing attempts on nearly every major crypto-Discord and Telegram channel. If you were to pop into a well-known crypto server right now and make a public declaration that you’re having an issue with your wallet, you could almost guarantee a random account will DM you offering to help. In many cases, those accounts will claim to be with the project team and say they need your passphrase to assist you; this is seldom the case. Anyone who makes the mistake of handing their passphrase over will almost definitely lose the tokens in their wallet.
In some cases, phishing attempts are more sophisticated. For instance, attackers stole nearly $1.7 million worth of NFTs from various OpenSea users earlier this year. This phishing attack involved the Wyvern Protocol and required users to interact with a contract that allowed the attackers to receive NFTs from them at no cost. Once the users signed the partial contract, the scammers could complete the contract themselves, transferring ownership of the NFTs to their wallets.
Improper IPFS Pinning
NFTs are simply tokens with links that point elsewhere, typically to files stored on IPFS servers. Generally speaking, NFTs that point to files on IPFS are safe, although this isn’t always the case. Most IPFS services, like Pinata, recommend “pinning” the file link so the server knows it’s an important file. If the file link isn’t pinned, the IPFS may eventually overwrite it to make space for new files.
Most NFT minting services have dedicated IPFS nodes and have their protocols set to pin files automatically. If possible, take the time to read through the specific details of the NFT marketplace that you use to ensure its IPFS links are pinned.
IPFS Node Shuts Down
When an NFT is minted using an untrustworthy IPFS service, the file can disappear if the IPFS node shuts down. In some cases, the file may only be stored on a single IPFS node, meaning there is only a single point of failure.
If the NFT’s creator uses an HTTP URL as the IPFS link, the information stored on that URL can change after you purchase the NFT. For example, I could mint a CryptoPunk knockoff, use an HTTP URL as the canonical reference, sell it to you for $100,000, and then change the picture on the URL to a taco. Using an IPFS hash as the canonical reference is more secure, but the node can still get disconnected.
Buying NFTs from projects that use a trusted IPFS service like Pinata or Infura is ideal, as the files are less likely to disappear.
How To Avoid Losing Your NFT
Protect Your Passphrase
Protecting your passphrase is the easiest thing you can do to protect your NFTs. Still, I would be lying if I said I’ve never lost one, but I’m happy to say I’ve learned from my mistakes. Storing your passphrase in multiple safe locations is a good rule everyone should abide by. Generally speaking, writing it down on paper and storing it in a water-proof safe is the best way to keep your passphrase protected. Having a picture of your passphrase on your phone or PC is good, but if someone gains access to your device, they’ll have your passphrase in no time.
Before storing NFTs or cryptocurrency in a new wallet, it’s best to remove the wallet and re-add it to your PC using the passphrase. This simple test ensures you didn’t make any mistakes when writing your passphrase down, and if you did, you could just make a new one since it is empty.
Make sure you never give your passphrase to another individual, no matter who they say they are. There is no way to change your passphrase on most wallet providers, so your wallet is officially compromised once you’ve given it away.
Cold-Storage Wallets
Cold-storage hardware wallets provide more security than software wallets. These hardware-based wallets let you store your NFTs offline, meaning they’re relatively unhackable. Still, many people sell second-hand hardware wallets after learning their passphrases, so it’s best not to buy them from sites like Amazon.
When buying a hardware wallet, make sure you buy a newer model that supports NFTs, such as the Ledger Nano S Plus. Store the wallet in a safe location. Your NFTs may be lost forever if the device is broken, although most hardware wallets can restore lost data if it’s damaged or lost.
On-Chain NFT Storage Solutions
Although most NFTs point to links stored on IPFS, several on-chain solutions are emerging. On-chain NFTs use metadata and smart contracts that exist on the blockchain. Unlike traditional NFTs, these on-chain solutions store the NFT’s file directly on the blockchain, so you don’t have to worry about disconnected IPFS nodes.
These NFTs allow users to mint using native storage solutions where the NFT’s data is split and distributed across various nodes. This enhanced data distribution means NFTs are recoverable if some nodes are disconnected from the network.
Storing NFT metadata directly on the blockchain is incredibly expensive, so most projects continue to use IPFS. For example, Larva Labs moved their CryptoPunk NFTs’ data to the blockchain and are rumored to have paid nearly 73,000,000 ETH in gas to do so.
Luckily, there is a relatively easy way to see if Ethereum-based NFTs are off-chain. To check if an NFT is off-chain, input the contract address for the NFT collection on EtherScan. Click the “contract” tab, followed by the “read contract” tab and scroll down to “Token URI.” Input the token’s ID, found at the end of the marketplace page’s URL, into the dialogue box. If a link appears, the NFT is stored off-chain. You can try yourself with this NFT. Click the “contract address” link under the image and follow the steps above.
If you like this article, check out our guide to NFT rugpulls.