A fool and his crypto are soon parted, so goes the modern saying. Here are tips to help make sure your prized NFTs are safe
NFTs (non-fungible tokens) have become a lucrative investment trend, known to reap millions worth of gains if lucky. Beneath the surface, NFTs are unique tokens on the blockchain, distributed across thousands of nodes as a record of transactions and to verify ownership. The core innovation behind Web3 lies in its decentralization technology, where each block of data is spread across an entire network, making it tamperproof and secure.
However, as hackers have progressively become more sophisticated, the once unhackable system can now be infiltrated, causing victims to lose valuable assets. In one notorious case, Taiwanese pop star Jay Chou had his Bored Ape NFT—worth over US$500,000—stolen through a phishing scam.
As you invest in the NFT bubble, it is imperative that you take steps to keep your prized NFTs safe and prevent unexpected parting from your crypto.
1. Purchase from official websites
Hyped projects are often the victim of copycat websites to trick buyers into linking their wallets when minting. Be cautious, and never click on random links unless you can verify their source. The safest bet is to check a project’s official social media, OpenSea or Discord account and be directed to its verified website. (Beware, however: hackers have become creative in impersonating fake verified accounts on social media.)
Also, be wary of any plug-ins downloaded to your browser. When connecting software wallets such as MetaMask and Coinbase, you are authorizing transactions but unknowingly to hackers who can access your vault of NFTs and cryptocurrency.
2. Do your own research
If an NFT project seems too good to be true, it most likely is. Projects that have been pumped up through social media or by paid influencers, but which aren’t backed by a solid roadmap (or an overpromising one) can often be a ‘rug pull’—where its creators tend to cash out after minting and disappear.
Founder of blue-chip collection ‘Azuki’ has recently landed into a rug pull scandal after admitting to profit from past failed projects, prompting holders to pull out and causing prices to plummet. Make sure the creators have been ‘doxxed’, meaning the team is publicly identified and is credible from past experiences.
3. Avoid airdrops
An airdrop is when NFTs are sent out for free as part of a marketing strategy, in hopes of boosting engagement and promotion. While freebies are great, some airdrops can be sent with malicious intent. Once your wallet address is made public, anyone can interact with your account and send NFTs without your acknowledgment. Never interact with sudden airdrops to avoid authorizing contract approvals, as this may enable a scammer draining your wallet.
4. Don't talk to strangers
Granted the best thing about Web3 and NFTs are the community, but when getting involved, be vigilant when interacting with strangers. Disable direct messaging on Discord to avoid scams. Legitimate messages are often broadcasted through official channels and administrators will almost never directly reach out, nor ask for your seed phrase (master password).
If you plan to offload your NFT peer-to-peer instead of on secondary marketplaces such as OpenSea and LooksRare, make sure the marketplace is authentic, as cases of stolen NFTs during a trade have been prevalent. Only transact with people you trust and do not share screen with strangers as this can expose your wallet QR code.
5. Safeguard passwords
Stick to the rule of thumb and never share or reuse passwords. A seed phrase consisting of a series of words are assigned to each software wallet during set-up to recover access. Ironically, the best way to safeguard your cryptocurrency password is to revert back to the analogue way, by writing down your password on paper—as long as you don’t lose it. It is also advisable to activate two-factor authentication (2FA) as an extra layer of protection instead of just username and password.
6. Use a hardware wallet
It’s time to shop for a new wallet, but a metal one. Similar to a USB drive, a hardware wallet (also known as a cold wallet) can securely store your cryptocurrency private keys and NFTs. The device is disconnected from the internet with no connectivity purposes and is protected by a PIN. The dual-layer security requires physical access to the device, making it immune to malware.
7. Learn how to spot fake NFTs
The origin and ownership of an NFT can be traced by its metadata and transaction history. However, blue-chip projects have been attracting counterfeit collections being released and resold, rendering their value to be worthless. A fake NFT can be detected by doing a reverse image search to verify the collection and artist and to judge by its listed price. Also make sure to purchase from trusted marketplaces to ensure the seller’s credibility