Scams have become an inevitable part of the NFT ecosystem. At this point, almost all the biggest names in the space have fallen victim to hacking. In January 2023 alone, founder of PROOF Collective Kevin Rose lost over $1 million in NFT to a phishing scam, and Azuki Twitter account hacked. Followers who clicked on the malicious link sent by the hackers lost a total of nearly $800,000 in NFT. If the biggest names in crypto and NFT can get hacked, so can you. Despite the growing awareness of these scams, every NFT is still at high risk of having their assets scammed by bad actors.
Fortunately, you can mitigate some of the risks by adopting best practices from blockchain developers and security professionals.. True, scams can’t all avoid all time. Still, by taking the necessary (albeit sometimes arduous) steps to protect software wallets, the NFT community could likely mitigate much of the abundant and popular pitfalls. Do this.
Keep your seed phrase
The most obvious way to keep your crypto and NFT network safe is to take proper precautions with your wallet’s seed phrase. For those not familiar, a seed phrase is a collection of randomly generated words that represent the private keys associated with a software wallet and are presented to a user when they create a wallet. This private key acts as a failsafe that allows the contents of the encryption wallet to be restored in the unusual situation where the user is locked out of the wallet or finds it necessary to import their wallet to a new device.
You should never type your wallet seed phrase. Leave all thoughts of emailing it to yourself or saving it to a Google Doc or other note-taking app on your computer or phone. Save your unique private key only on paper and keep it in a safe place at home. Some even go so far as to engrave their seed phrase on a metal plate and keep it in a safe.
Use a hardware wallet or authorize a wallet
While it may be tempting to keep all your assets in one or two software wallets for easy access and quick trading, using a hardware wallet to secure your Grail and big crypto results can save you a world of hurt. A hardware-based wallet, such as Ledger or Trezor, stores users’ private keys offline on the secure microprocessors of the originating device. Since malware, keyloggers, screen capture devices, and more can compromise your computer or other device, leveraging a hardware wallet from the start is a reliable way to keep your NFTs safe.
While some tend to keep a few online compatible software wallets (hot wallets) active for trading and keep other assets secured in an offline hardware wallet (cold wallet), even this system can be compromised. Just as we have recently witnessed with recent hacks visible Web3 characters Like Rose, Nikhil Gopalani, CryptoNovo and others, simply signing a transaction with a valuable wallet can result in a loss. To further reduce the risk, users can consider using a burning wallet – a wallet with no ownership or site connections, used only for transactions – or delegating the wallet. Thu transaction instead of active.
For this, collectors can use services such as Delegate Cash. Delegate Cash allows users to create and assign a new MetaMask hot wallet as a delegate to a cold wallet where valuable NFTs are stored. By doing so, users can claim airdrops, verify ownership, or otherwise use the NFT without keeping it in an active wallet. We recently saw this method used to great effect when the pseudonymous collector tropoFarmer offered his sewer card to others to play Dookey Dash via an authorized wallet.
Triple check handles, URLs and signatures
Before you consider hitting, collecting, signing or interacting with any website or contract (including Delegate Cash), you should always triple check that the portal you are using is secure and genuine. Time after time, prominent Twitter accounts and Discord servers are hacked, resulting in fake NFT papers and crypto files lost by the NFT community.
More often than not, scams trick users into forking their crypto or NFT networks by asking them to enter a seed phrase (again something you should never even consider doing) or sign a malicious transaction. Since the latter compromised Rose, make sure you check all URLs you plan to interact with and URL source be extra careful. It’s incredibly easy for scammers to create fake links and browser-based pop-ups that look and act like MetaMasks.
Still, even if you’re not forced into a scam site or fake wallet app, blindly signing a deal can leave you vulnerable to compromise. Hackers no doubt rely on users to do just that. Given the incredible number of signatures and transactions presented to collectors each week, it can be easy to gloss over the details when signing speed-setting hitting events. Always carefully monitor what you sign and which contracts you allow your wallet to interact with.
8/ If TX asks you to sign a message like 0x6fe64a…..87, you are signing a transaction that may be malicious, please confirm the source site and that you are actually signing something you want to sign. pic.twitter.com/DtnGAgDTfe
— richerd.eth (@richerd) February 2, 2022
What to do if you are hacked
If all else fails and you end up on the receiving end of malicious intent, the next steps will depend on the nature of the hack or scam you’ve encountered. If you interacted with a fake mint or claim and signed a deal… then congratulations. Once your crypto or NFT devices are out of your possession, there is little you can do about it. This is why it is important to understand the security issues of others in order to prevent hacking.
While the marketplace’s security teams can help you in some cases, especially if they are at fault, the responsibility almost always rests with the user. Get educated so you can better equip yourself to keep your assets safe. Read about common scams, learn to spot the red flags, and above all, implement the security measures outlined in this guide or otherwise suggested by trusted members of the NFT community ASAP.