NFTs have grown popular over the years, but unfortunately, so are malicious actors. Up to $2M worth of NFTs have been lost in hacks, thefts and other schemes this year alone. This piece will educate you on how marketplaces and wallets work and keep your NFTs secure while purchasing and or in storage.
How NFT Marketplaces Work
Like other digital assets, NFTs are bought and sold in marketplaces, ranging from popular non-custodial platforms like Opensea and AirNFTs to custodial ones like Binance and Coinbase. Here's a brief overview of how each of them works:
1. Non-custodial Marketplaces
Non-custodial marketplaces, as you probably already know, require you to access the platform via a web3-compatible wallet like Trust Wallet or Metamask. Buying one will require you to connect the blockchain network's wallet to your NFT account. For example, to buy an NFT on Ethereum-based marketplaces like Opensea or rarible, you must connect an Ethereum wallet.
2. Custodial marketplaces
On the other hand, custodial marketplaces require you to trade only after verifying their details and complete in KYC. After buying, your NFT, like other coins, will be stored in a section usually known as “Assets” or “Wallets.”
Securing Your NFTs: Buying and Selling
Trading NFTs in either type of marketplace bears several risks and benefits that must be considered carefully. Custodial marketplaces often require identity verifications and are well subject to regulations. This means your assets could be clamped down upon suspicion of nefarious activities (even if there are none). Non-custodial marketplaces, on the other hand, favour autonomy but, at the expense provide easy access to bad actors that can easily scam unsuspecting users, parting away with their funds.
Regardless of the category you choose to stay in, here are measures to stay safe while purchasing your NFTs:
1. Trade only on Official Websites and dApps
There are now several phoney platforms created with near-similar URLs used to deceive unsuspecting buyers. For example, hackers may create a website with the URL "www.airNFT/.com" instead of "www.airnfts.com". To avoid falling victim to this, remember the following:
- Visit NFT platforms via the links on their official social media pages only.
- Bookmark only official websites on your browser.
- Always double check URL links before connecting your wallet or signing off transactions.
2. Avoid Fake NFTs
Purchasing fake NFTs is one of the ways users often fall into scams. Fake NFTs are often plagiarized, watered-down versions or artworks littered on several pages. Thankfully, you can easily validate the authenticity of any NFT you are buying on AirNFTs.
3. Do Not Dox Your Wallet Address
Transactions on a blockchain are traceable, and doxing your wallet address at every chance you get will do no good. You could be monitored by hackers waiting for a vulnerable moment, or even physically attacked in extreme cases. Instead, you can create multiple wallets for several uses and keep a low profile as much as possible.
4. Protect Your Device
It would help if you considered protecting your device with top antiviruses against hidden malware or spyware that can secretly record your transactions.
How NFT Wallets Work
After you have purchased your NFT, it gets stored in a wallet. Wallets work similarly to traditional bank accounts in that the software stores your tokenized assets using two keys—public and private. Public keys can be thought of as bank account numbers with which you receive funds (NFTs), while private keys are unique passwords used to sign off transactions. Like NFT marketplaces, several factors also differentiate wallets, and the most important is the custody of private keys.
Custodial wallets keep the keys and instead provide users with personal credentials to sign up/ log in to their platforms.
Non-custodial wallets, on the other hand, encrypt your wallet's private keys to generate a 12--24-word string of random words called recovery phrase or seed phrase. Non-custodial wallets afford users autonomy, i.e., you open a web3 wallet, sign in to the platform and connect, buy your NFT, and your piece will be saved on your wallet, which you can disconnect from the marketplace at any time.
Securing Your NFTs: Wallet Safety
Let’s look at several ways to keep your custodial and non-custodial wallets secure.
Custodial Wallets—Secure Your Login Credentials
For custodial wallets, keeping your wallet safe rests in large parts on your wallet provider; but you will still need to be careful with your password.
- Ensure your login details are a combination of alphanumeric characters, with symbols and casing included. Try not to use something generic or something that can be easily guessed.
- Do NOT save your password online.
- Enable Two-Factor Authentication, preferably with a secure email address and Google Authenticator.
- Layer up by enabling Face/Touch ID to unlock your device.
Non-custodial wallets— Secure your Recovery Phrase
For non-custodial wallets, you bear the sole responsibility of keeping your NFTs safe, and this is hinged on how well you secure your recovery phrase. Losses often result from improper storage or inadvertent leaks via phishing, fake airdrops, impersonations etc. Here are the essential measures to keep your recovery phrase safe:
The best way to store your recovery phrase is to write down each word in the correct order on paper and keep it in two or three secure places. Although some use their phone's notes app to save, it's best to avoid any digital footprint. If you are worried about the durability of paper, you can get a cheap crypto tag from an e-commerce shop.
2. Avoiding leaks
After storing your recovery phrase, the next step is effortless—keep it there! Unless you want to access your wallet app on another device, there is absolutely no reason to reveal your recovery phrase to anyone— not even the wallet provider. There are popular ways users leak their recovery phrases, such as phishing attacks, impersonation, fake airdrops, etc.
3. Phishing Attacks
Phishing attacks can come in pop-ups on websites or fake accounts on social media requiring you to write down your recovery phrase to win some reward. The targets are often newbies and users yearning for quick gain.
Here's what phishing looks like:
To avoid falling into such a scam, remember the following:
- Your seed phrase belongs to only you.
- Our admins on our social media pages will NEVER send you a direct message first asking to provide technical assistance or send your NFT. Fake accounts often lack followers and genuine interactions and verified badges.
- Any user that texts you first on any platform is definitely a scammer, and you must report and block the account immediately.
- Any NFT project that requires your seed phrase or other sensitive data for whitelist entry or airdrops is fake.
- It would also do much good to never email or text your login details to anyone. While the person on the other end might be careful with it, your details can end up in the wrong hands.
- Consider hardware wallets: if you possess top NFTs BAYC, you should consider getting a hardware wallet to store it in.
Securing your NFTs is of utmost importance; hence, you must always cover loose ends and update yourself on the best practices. To remain ahead of the curve on NFT safety, stay glued to our socials and blog!