The world of NFTs is still very much the wild west. With so much value circulating, and a lack of education, scammers are hard at work seeking every vulnerability to trick people into handing over their prized NFT possessions.
The best way to stay safe is to always remain up on recent tactics and follow a set of best practices. In that spirit, here are seven essential security considerations when protecting your precious NFTs.
- Never Share Your Seed Phrase
Your seed phrase is the only backup to the private keys of your assets. With cryptocurrencies and NFTs, you are in full control of your assets so protecting your seed phrase is of utmost importance. This 12, 18 or 24-word phrase is like a master key, and if it is lost so is your access. You can restore access to hardware or software wallets with your seed phrase, so imagine the impact should you store your seed phrase improperly or share it with someone else.
First and foremost, make sure to copy your seed phrase exactly as it is provided. Never share the seed phrase with any application or device. The best option is to store offline where no one else has access.
- Consider Cold Storage Hardware Wallet
A hardware wallet is an encrypted device that serves as the single access point for your fungible and non-fungible tokens. Storing your assets in this type of device ensures that they are safe in your possession, with no way for others to gain access.
Cold wallets are a safer alternative to hot wallets, which are constantly connected to the internet. This non-stop connection opens the door to vulnerabilities.
- Follow Software Wallet Best Practices
First and foremost, make sure you choose a wallet that fits your needs and is well reviewed. Once you’ve created your wallet, make sure to keep the software updated. As new malware is created and hackers become more savvy, maintaining an updated wallet is critical.
A multi-signature wallet is also a good idea, requiring multiple keys to approve transactions and transfers. This adds time and complexity to the transfer process, but strengthens the protection of your assets. Finally, always avoid public WiFi when conducting transactions. If you are in urgent situations, protect yourself through the use of a VPN, which reduces the odds of cyberattacks.
- Only Use Legitimate Sites
Malicious actors use fake sites to lure unsuspecting users in and steal their digital assets. This is commonly seen on Twitter and Discord with giveaways or airdrops. Enticing promotions can be convincing when the prize serves as a distraction. Meanwhile, when it comes to signing up for the promotion, the scammers request wallet information in order to gain access to your account.
Always beware of these offers and make sure that you are using legitimate sites when minting NFTs or claiming airdrops. If the site seems illegitimate then avoid it. Do your research to ensure the sites you’re accessing and connecting to are the real deal.
- Don’t Fall for Fake Emails or Support
Phishing attempts have become a major issue, as scammers are targeting crypto wallets through a number of avenues. Recently a new phishing tactic gained prominence, attempting to fool users using time-sensitive KYC related requests via email. These emails successfully gained access to users' wallets by tracking support ticket requests and following up with malicious emails to those targeted users.
There are few simple ways to spot these phishing emails. First, confirm the send from address is accurate and not a spoof. Second, look for personalization in the email. A legitimate email will contain some of your identifying information if you provided it to the sender at some point.
- Be Conscious of Social Engineering
Social engineering is an array of manipulative tactics utilized by cybercriminals to gain access to sensitive information or valuable digital assets. These tactics take advantage of vulnerabilities that exist during moments of human interaction online. Phishing attempts fall within this category, but so do several other types of malicious activity.
Social media is ripe for this type of behavior, as bad actors attempt to spoof or hack a well known influencer’s account. This act makes it possible to deploy schemes that attract unsuspecting victims who would otherwise trust the source. Outrageous giveaways, attractive deals, and insane offers that are generally too good to be true can all be attempts at social engineering. Typically this happens by building trust through a DM, which evolves into a transaction or engagement with a shady link.
Always remain cautious of who you are engaging with, especially if they offer you the world. Avoid questionable links, act with a clear head, and don’t be distracted by the offer of instant riches.
- Be Patient & Take Your Time
When dealing with assets of value, always remain patient. Step back, consider your situation and confirm that your actions are appropriate. This is the easiest way to protect yourself from making a rash decision that jeopardizes your digital assets.
Whether you are engaging with someone on Discord, responding to an email, or transacting with a minting site, always triple check your actions. There is no need to act hastily, so step back, breath and bring clarity to your actions.
As NFTs rise in popularity, and technology continues to develop, bad actors will seek new methods of attack. This is why it is so important to remain cognizant of new tactics and ways to protect yourself against them.
If you’re interested in learning more about NFTs and NFT marketplaces, subscribe to our blog and follow us on twitter at @liteflowcom