top of page
Search

NFT Security - Top Tips to Keep Assets Safe



This guide will provide you with the most effective tips to ensure you stay safe and are able to sleep well at night, after entering the NFT space. With the explosion of NFTs into popular culture, the space has seen an inevitable rise in bad actors and scams seeking to exploit those new to the space. The team at NotAnotherNFT have put together some top tips, to help you avoid falling into the (very) sophisticated traps.


#1 Develop "Link Anxiety"

#2 Hardware Wallet

#3 Double check and then triple check

#4 If it seems Too Good to be True, it Probably is

#5 Seed Phrase House Keeping

#6 Mint Protocol

#7 Surprise Mints

#8 NFT Vault

#9 NotAnotherNFT Community

 

#1 - Develop Link Anxiety

It sometimes take just one click on a link, for a bad actor to gain access to your wallet and clean out your NFT collection. As such, NEVER click on unverified links – NotAnotherNFT encourages people to develop “Link Anxiety”… assume every link in a scam, unless proven otherwise. The following tips can help ensure you do not fall foul to phishing links:


  1. Only click links from an NFT project’s official communication channels such as Twitter or Discord

  2. Never click a link from an unverified person on Discord, Twitter etc.

  3. Turn off your DM’s on Discord

 

#2 - Hardware Wallet

Hardware wallets are physical, electronic devices that use a random number generator (RNG) to generate public and private keys. The keys are then stored in the device itself, which isn't connected to the Internet. As such, hardware storage constitutes a type of cold wallet and is deemed as one of the most secure alternatives, as it is not connected to the internet - Think USB for NFTs.


Additionally, when making NFT transactions on the blockchain, you are “signing” a message on the blockchain. Your “signature” proves you have ownership of your private key and it is impossible to forge the signature without access to the key – this means no one else can make a transaction on your behalf.


There are a number of different hardware wallets available, however, they all generally adhere to the similar workflow:


  1. Plug device into compluter by USB and unlock with PIN

  2. Create a transaction, such as buying and NFT

  3. The Hardware Wallet will trigger a workflow, where you will be asked to confirm the transaction via the hardware wallet

Not Another NFT recommends using Trezor or Ledger for a Hardware Wallet. ALWAYS buy direct from the supplier and NEVER on a 3rd party site, such as Amazon; buying from a 3rd party seller makes it more likely for the Hardware Wallet’s software to be compromised by bad actors.

 

#3 - Double Check and then Triple Check

Before connecting your wallet to a website, double check and then triple check everything before clicking “connect wallet”. When connecting your wallet, you should think of the following phrase in your mind: “by connecting your wallet to this site, you are giving the owners of this website the ability to access all assets within your wallet”... This should help you think twice, before proceeding.

 

#4 - If It Seems too Good to be True, It Probably Is

With the continued influx on new people entering the NFT space, bad actors will often claim to 10,000x your investment in 30 seconds or offer you access to the whitelist of the “hottest new NFT drop”. Assume all such claims are too good to be true, unless proven otherwise.

 

#5 - Seed Phrase House-keeping

The quickest and easiest way for bad actors to gain access to someone’s NFT collection, is via gaining access to someone’s wallet and the quickest way to gain access to someone’s wallet, is by gaining access to a wallet’s Seed Phrase [also termed “Recovery Phrase”].


A wallet’s seed phrase is a collection of randomly generated words, which you will be promoted to write down, when opening your wallet for the first time. Each seed phrase is unique and is intended to be used if someone looses access to their wallet or looses their wallet entirely [applicable to hardware wallets].


The best piece of security advice, when it comes to Seed Phrases is simple:

  1. Write your seed phrase down on a piece of paper and physically store in a safe location

  2. NEVER share your seed phrase with anyone

  3. NEVER store your seed phrase on your smartphone, computer etc. that has access to the internet

 

#6 - Mint Protocol

When attempting to mint a new collection, always ensure you navigate to the minting site via the collection’s official outlets i.e. Twitter, Discord etc. Scammers will often clone minting websites, by making a slight amendment to the original domain name

 

#7- Surprise Mints

Too often NFT Project’s Discords get hacked, which is quickly followed up with a “SHOCK MINT” – an NFT project will NEVER do a surprise mint, with all mints predefined with a clear date and time communicated weeks’ in advance.

 

#8 - NFT Vault

For those NFT’s which are a long-term HODL, transfer those NFT’s to a wallet which you never connect to any 3rd party website [apart from maybe OpenSea via their official channels]. If you never connect a wallet to a website, you can never be susceptible to being hacked and your NFT asset being stolen.

 

#9 - Engage with the NotAnotherNFT Community

Questions, comments of feedback on the above guide?! head over to our community page and get into contact!




bottom of page