Keeping Your NFTs Safe: A Comprehensive Guide

Learn how to keep your NFTs safe while trading and in storage.

NFTs have become popular over the years, but so have malicious actors, unfortunately. This year alone, up to $2 million in NFTs has been lost in attacks, thefts and other schemes. This piece will educate you on how marketplaces and wallets work and how to stay safe when purchasing and storing your NFTs.

How NFT Marketplaces Work

NFTs are traded in a variety of markets, from popular non-custodial platforms such as Opensea and AirNFTs to custody platforms such as Binance and Coinbase. Here’s a brief overview of how each one works:

1. Marketplaces Without Detention

Non-custodial marketplaces, as you probably already know, require you to access the platform through a web3 compatible wallet like Trust Wallet or Metamask. Buying one requires you to link the wallet of the blockchain network to your NFT account. For example, to buy NFT on Ethereum-based marketplaces like Opensea or rarible, you need to connect an Ethereum wallet.

2. Storage markets

Custody markets, on the other hand, require you to transact only after you verify their details and complete it in KYC. After purchase, your NFT, like other coins, is stored in a section commonly known as “Assets” or “Wallets”.

Staying Safe When Buying and Selling NFTs

Trading NFTs in both market types carries several risks and benefits that need to be carefully evaluated. Custody markets often require authentication and are regulated. This means your assets can be restricted, nefarious activities can be suspected (even if nothing else). Unsupervised marketplaces, on the other hand, prefer autonomy, but at the expense of easy access to bad actors who can easily scam unsuspecting users and withdraw from their funds.

Regardless of the category you choose to stay in, here are the precautions to stay safe when purchasing your NFTs:

1. Trade only on Official Websites and dApps.

There are now several fake platforms built with similar URLs used to deceive unsuspecting buyers. For example, hackers can create a website with the URL “www.airNFT/.com” instead of “”. To avoid falling victim to this, remember the following:

  • Visit NFT platforms only through links on their official social media pages.
  • Only bookmark official websites in your browser.
  • Always double-check URL links before linking your wallet or signing transactions.

2. Avoid fake NFTs.

Buying fake NFTs is one of the ways users often fall into scams. Fake NFTs are often plagiarism, diluted versions, or works of art scattered over several pages. Fortunately, you can easily verify the authenticity of any NFT you purchase from AirNFTs.

3. Avoid Doxing Your Wallet Address.

Transactions on a blockchain can be tracked and fixing your wallet address at every opportunity is useless. You could be watched by hackers waiting for a vulnerable moment, or even physically attacked in extreme cases. Instead, you can create multiple wallets for various uses and keep a profile as low as possible.

4. Protect Your Device

It helps if you consider protecting your device with the best antiviruses against stealth malware or spyware that can secretly log your actions.

How NFT Wallets Work

After purchasing your NFT, it is stored in a wallet. Wallets work similarly to traditional bank accounts in that the software stores your tokenized assets using two keys (public and private). Public keys can be thought of as bank account numbers (NFTs) from which you receive money, while private keys are unique passwords used to close transactions. Like NFT markets, there are several factors that differentiate wallets, and the most important is the storage of private keys.

Storage wallets hold keys and instead provide users with personal credentials to sign up/login to their platform.

Non-custodial wallets, on the other hand, encrypt your wallet’s private keys to generate a random string of 12-24 words called a recovery phrase or seed phrase. Non-custodial wallets give users autonomy, i.e. you open a web3 wallet, log in to the platform and connect, buy your NFT and your piece is saved in your wallet and you can disconnect it from the market at any time.

How Can You Keep Your NFT Wallets Safe?

Let’s look at a few ways to keep your custody and non-custodial wallets safe.

Custody Wallets—Keep Your Login Credentials Safe

For guardianship wallets, it is largely up to your wallet provider to keep your wallet safe; but you will still have to be careful with your password.

  1. Make sure your login details are a combination of included symbols and alphanumeric characters with upper/lower case. Try not to use anything generic or easily predictable.
  2. DO NOT save your password online.
  3. Enable Two-Factor Authentication, preferably with a secure email address and Google Authenticator.
  4. Create layers by enabling Face/Touch ID to unlock your device.

Non-custodial wallets—Secure Your Recovery Phrase

For non-custodial wallets, it is entirely your responsibility to keep your wallet safe and it depends on how well you protect your recovery statement. Losses are usually due to improper storage or phishing, fake airdrops, impersonations, etc. caused by unintentional leaks. Here are the basic precautions to take to keep your recovery phrase safe:

1. Storage

The best way to store your recovery phrase is to write each word on paper in the correct order and store it in two or three safe places. Although some use their phone’s note app to save, it’s best to avoid any digital footprints. If you’re concerned about the durability of the paper, you can get a cheap crypto tag from an e-commerce store.

2. Preventing Leaks

After saving your recovery phrase, the next step is effortless; keep it there! If you don’t want to access your wallet app from another device, there is absolutely no reason to disclose your recovery statement to anyone, not even the wallet provider. Phishing attacks, impersonation, fake airdrops, etc. There are popular ways to leak recovery phrases like

3. Phishing Attacks

Phishing attacks can come with pop-ups on websites or fake accounts on social media and require you to type in your recovery phrase to earn some reward. Targets are usually beginners and users who yearn for quick wins.

Phishing looks like this:

In order not to fall for such a scam, remember:

  1. Your seed phrase belongs only to you.
  2. Our admins on our social media pages will NEVER send you a direct message asking you to provide technical assistance or submit your NFT first. Fake accounts often lack followers, real interactions, and verified badges.
  3. Every user who texts you first on any platform is definitely a scammer and you should immediately report and block the account.
  4. Any NFT project that requires your seed phrase or other sensitive data for whitelist entry or airdrops is fake.
  5. It’s also best not to email or text anyone your login information. Even if the other person is careful about this, your information may fall into the wrong hands.
  6. Consider hardware wallets: If you have the best BAYC NFTs, you should consider getting a hardware wallet to store inside.

‍‍take away

Securing your NFTs is extremely important; so you should always cover up any loose ends and update yourself on best practices. Stay tuned to our social media and blog to stay one step ahead in NFT security!

Leave a Comment

Your email address will not be published.