How To Protect Your NFTs From Phishing And Theft

Non-fungible tokens (NFTs) are fast becoming the most discussed topic in the crypto-verse with record-breaking digital art auctions, further illustrating their real use case functionality. 

Non-fungible tokens permit physical assets to be represented in the digital format, by validating proof and transfer of ownership and in making digital assets completely unique, as they cannot be interchanged with something else.

According to reports from NonFungible.com, sales of nonfungible tokens surged by $2 billion in the first quarter, more than 20 times the volume of Q4 2020.

It becomes unsurprising to note the fast-growing industry has attracted cyber theft and scams ever since non-fungible tokens took the spotlight as a hot new type of crypto asset.

Since blockchain transactions are usually irreversible and anonymous, a compromised password is a significant risk for investors who have exposures in such digital assets. Artists who are earning crypto through NFT sales are now becoming targets of attacks. A well known NFT artist named Fvckrender had his entire metamask wallet wiped out, as described in this tweet on June 11th 2021. He shared a screenshot of the messages he received from someone pretending to be a collector.

Choosing a crypto wallet to store your NFTs is very important. Most NFT marketplaces require you to have a wallet, so it’s advices to setup a trusted third-party wallet like MyEtherWallet or Metamask and connect it to the NFT marketplace when you are logging in. 

Just like your passwords or private pin number you should never share your wallet private keys and seed phrases with anyone or leave it susceptible to discovery or theft. We highly recommend storing all passwords including your private keys in a password manager such as 1password which allows you to create unique complex passwords for all of your online accounts and store them safely. Password managers are also good at detecting unsafe sites and will warn you if you make an attempt to log in to an unsafe website.

Recent data reveals that most NFT thefts occur as a result of reusing passwords or not enabling two-factor authentication, a vital security measure in protecting your priced digital assets.

It's also advised that collectors and investors holding large amounts of NFTs use more than just a web wallet because web wallets can be accessed by external parties when online, with some having vulnerabilities to phishing scams, malware, outdated security patches, and DDoS attacks, that cyber hackers can exploit to their benefit. 

Many web browsers like Metamask lack 2 factor authentication which is an important layer of protection, and another reason we recommend leaving minimal amounts of crypto in browser wallets.

The best alternatives for long term storage of your crypto are non-browser wallets like Binance or Coinbase that have sophisticated security teams and 2FA as well as hardware wallets like Trezor because they guarantee that your private keys never leave the device.

It’s important to note that the blockchain technology itself is secure. However, apps created on or around it, such as smart contracts or game items, don’t inherit such security and can leave users exposed to theft or scam.

Cyber thieves can also clone an account with the exact details as someone with a good community reputation, sending private messages pretending to be them, which inevitably end up in them asking you to send some of your tokens. 

Genuine business brands do not need to require your private data for ordinary business transactions.

Cyber experts advise not sending crypto to any stranger via social media thus reading the previous conversation threads of any suspicious account can be helpful. 

Never open a file from a stranger that has a suspicious extension (ie .scr, lots of viruses reported online with .scr file extension) or click on links in questionable e-mails. This tweet by @arielbeckerart shares a more comprehensive list of file extensions to avoid but .scr is one of the main extensions to keep an eye out for.

These links may contain viruses that will infect your computer. Once the virus gets into your system, they get access to everything. So the best prevention method is to be extremely cautious and have powerful antivirus software on your computer or smartphone.

Cyber scammers can also lure investors into disclosing their personal and financial data (identity theft), by offering a job offer, sale offers, raffles, etc.

Be skeptical of communicating from sources you are not expecting, or e-mails of questionable origin before responding.

Non-fungible token imitations, though often difficult to spot, are one of the major challenges facing genuine investors at the moment.

Security experts advise artists and collectors to take precautionary measures when anyone reaches out about an NFT sale or crypto exchange. Looking at the person’s contract address, sale history, social media accounts, followers count, engagement, and more might save a lot of trouble.

See this tweet by @arielbeckerart to learn more about avoiding crypto scams and hacks. 

Author: Buffalo Chase

Written June 2021