Becoming familiar with the latest NFT security tips helps you stay safe from hackers. Check out the best security tips every NFT enthusiast should know.
Due to the exponential growth of non-fungible tokens (NFTs) and cryptocurrencies, this sector has turned into the prime target for scammers.
At the beginning of 2022, NFT trading platform OpenSea and NFT gaming platform Axie Infinity suffered from severe phishing attacks. These cost them $1.7 million worth of NFTs and over $600 million, respectively.
The NFT investors aren’t free from online threats either. If you’re one of them, you need to know about the potential risks to securing your assets. Let’s dive into the security tips you must follow in the NFT sphere.
Table of Contents
1. Do Your Research
You may read TFT suggestions from some Discord channels, Twitter influencers or Telegram groups regarding new and potentially expensive NFTs. Also, people often trust blogs and articles promoting the various NFT projects.
In all cases, remember that only you’ll be responsible for your monetary losses. There’s no way you can make them accountable for the decisions you made about NFT projects. For this reason, before you decide to buy an NFT, make sure to trust your own research and nothing else.
2. Buy a Hardware Wallet
You can opt for hardware NFT wallets such as Ledger and Trezor to add an extra security layer to your NFT and funds. Also, purchase these only from the original manufacturers as any third-party sellers can modify them, resulting in a compromised wallet.
Moreover, try using an “air-gapped” computer for the wallet — computers that have never had an internet connection.
3. Always Go for Official URLs
Before visiting a marketplace website, double-check the URLs. Fake websites are available that look exactly like OpenSea, Collab.Land, Project sites, and other marketplaces.
You should also be careful while entering into a wallet website like Metamask as webpages with a similar interface can trick you into share a keyphrase. Using a service like BitDefender can help you identify scammy websites as it alerts users when it detects a suspicious site.
4. Avoid Support Messages From Third-Parties
When it comes to getting support from the NFT marketplace, users often solicit help from various social platforms. This is a big no-no as it acts like a signal to scammers masquerading as support.
Also, never look for contact information of the support executives of different marketplaces like OpenSean and LooksRare online. Different scam websites can appear as the official support portals and take away your sensitive data to steal your digital assets.
The rule of thumb is to get help from the official channels only. Visit any marketplace, and you’ll find all the official channels through which they offer support.
5. Never Share Passwords or Recovery Phrases
You might have heard it a zillion times before, but it’s so important that I’ve to mention it again. Your wallet security largely depends on the wallet password, the private key, and the recovery phrase.
Never share these with anyone else even if they claim to be from customer support or represent a project. Don’t put these phrases into an online form or website, no matter how legit it looks.
Additionally, follow standard practices such as never reusing the same password or not using one password for multiple websites. You can take help from password manager tools, but it’s better if you can do without it. Finally, avoid taking screenshots of photos of your recovery phrases as NFT malware can scan phones for these.
6. Customize Smart Contract Spend Limit
If you allow a smart contract to have an unlimited spend limit for one token, malicious contracts will drain your entire currency balance. Hence, always customize the spending limit to keep it under your control, even in the case of frequently used contracts.
While using MetaMask, don’t forget to review your spending limit whenever you’re about to approve a transaction. Select “Edit on Permission” and customize the spend limit to the amount you’re about to send.
7. Stay Away From Fake NFT websites
Whether you want to buy an NFT or sell it, you need to find a reliable marketplace for that.
A random online search will come back with numerous results— many of which could be fake NFT trading websites.
Unfortunately, many scam websites look exactly like the prominent ones. You can try to authenticate the site using ScamAdviser.
These sites only sell fake NFTs, so buying them is equivalent to throwing money down the drain. Also, these might ask you to provide the master key of your crypto wallet, using which the scammer can steal all your money. Therefore, stay away from such websites and never share your key with any website.
8. Ignore Fake NFT Offers
Don’t be overjoyed if you get an email from some famous NFT trading platforms that contain an offer for an NFT you own. It could be an imposter trying to steal all your assets from your wallet.
The email can have a button that’ll take you to a phishing website. After you enter your wallet link and password or any other sensitive information, the scammers will get the data and use it to steal from your wallet. So, if you get such emails, make sure to ignore them.
Stay Safe From Rug Pull Scams
As new NFT projects come to the surface every day, it’s indeed difficult to keep track of them. Scammers are utilizing this opportunity to perform a “rug pull scam” by creating NFTs that can’t be circulated.
Though the creators of such tokens make a profit out of it, the buyers are put in a helpless position with no scope of re-selling them. To keep yourself safe from these scammers, don’t buy from fake NFT websites or wire the money to the sellers.
9. Look for Verification Marks
Always utilize the verification mark feature available on all the top NFT marketplaces to stay away from fake and unreliable projects. This checkmark is the label that highlights a verified account.
As you hover over the mark, you can also get additional information about the seller, depending on the website. The verification mark will look like this:
- OpenSea: White check mark inside a blue badge
- Crypto.com: White check mark inside a blue badge
- Rarible: Black check mark inside a yellow badge
- LooksRare: White check mark inside a blue badge
10. Research on Smart Contract Address
Before investing in any NFT project, find out the smart contract address of the minted NFT. Also, check the smart contract activity on Etherscan. This website is the official Blockchain explorer for the Ethereum network.
Once you enter the address on its search field, it’ll reveal the complete history of the NFT project, individual transaction activities, or NFT minting events. If you find any discrepancies in the Etherscan resort, it’s better not to proceed with the investment.
11. Avoid Any Suspicious Attachments or Links
You may have heard this before but not clicking on any suspicious-looking attachments and links is one of the best NFT security tips you can get. A link might redirect you to a legitimate-looking website, but it can very much be a fake website.
You should be careful of the random links and attachments received through Discord, Telegram, or other social platforms. Always trust your instincts and be extra vigilant to safeguard your NFTs.
12. Use Two-Factor Authentication
As an NFT collector, you must set up and enable two-factor authentication (2FA). This safety measure will keep your NFTs safe against unauthorized usage, and also, alert you immediately of any mischief.
Nowadays, 2FA also works as multi-factor authentication that enhances the security level of your account. You can take two-factor authentication one step further by using Google Authenticator or investing in a device like Yubikey.
13. Ignore Counterfeit NFTs
There’s no shortage of fake or counterfeit NFTs nowadays, as scammers can easily steal someone else’s work and list it for auction. Once the community realizes it, your NFT will have no value. Needless to say, you won’t be getting your money back from the fake NFT seller either.
To avoid such a situation, check out the social media profile of the seller and look for the verification tick before you bid for an NFT. You can also get the official link of an NFT project from the creator’s social profile and bookmark it. It’ll save you from phishing and ensure original NFTs.
NFT Security Tips: The Final Word
The basic cyber security precautions aren’t enough to save you from the perils of NFT space.
Hence, don’t forget to follow these NFT security tips to protect your valuable assets. If you’re buying or selling NFTs, use a trusted marketplace. Learn to identify authentic NFTs through your own NFT security research.
Should you hold your NFT?
Assuming you’re comfortable using a hardware wallet and managing recovery or seed-phrase, holding an NFT is often safer and more secure than relying on a third party. You don’t have to worry about the service going out of business or getting hacked.
Can someone steal your NFT?
Someone can steal your NFT if they have access to your NFT wallet. They can also steal an NFT if they have your seed phrase. Some scammers can steal an NFT after installing malware on a person’s computer or phone, prompting the user to hand over their seed phrase or sign a suspicious NFT transaction.
Can stolen NFT be sold?
Unfortunately, stolen NFTs can be sold on some marketplaces and via over the conter trades. However, marketplaces like OpenSea enable users to flag suspicious NFTs, which are then flagged and delisted. This process doesn’t mean the original owner gets their NFT or funds back, though. It simply reduces the chances of a scammer profiting from a sale.
