In late 2021, a New York City art gallerist had more than $2.2 million in NFTs stolen by hackers, including pieces from now-iconic collections like Bored Ape Yacht Club. It happened overnight, awakening many to the potential security risks of the decentralized web. In 2021, NFT sales hit $25 billion, giving artists new ways to make a living from their work—but also attracting the attention of malicious actors hoping to capitalize on the burgeoning market.
In the last year, as we’ve entered the metaverse, it’s become clear that blockchain technology is revolutionary—but there are a few things you should know and do to keep yourself safe when interacting with others on Web3. Here are our best tips for getting started.
Protect your private key or seed phrase
This rule is the most important, as giving this information to someone will give them access to your wallet, and by extension, your NFTs. It doesn’t matter if you trust the person—don’t share these details. Also, do not store your seed phrase online; instead, write it down on a piece of paper, and put it somewhere safe.
Stay safe on marketplaces
Unfortunately, it’s relatively easy for scammers to set up fake marketplaces that look similar to legitimate ones, so it’s crucial that you do your research on any marketplace to confirm its safety. Beware of social media pages, too, as there have been instances of scammers impersonating prominent collectors or artists to drive people to faux marketplaces.
These imposter marketplaces use similar URLs to the real thing and can be surprisingly convincing. There have even been instances of scammers posing as support staff for legitimate marketplaces in hopes of stealing user information. “Beware of email and phone scams or someone requesting QR codes or other information to ‘fix’ a problem,” the 500px team warns.
Keep in mind that reputable marketplaces will never ask for your wallet recovery phrase; if they do, run for the hills. Remember to apply the same care and diligence you would to any art investment, if not more, when interacting with the blockchain, cryptocurrencies, and NFTs. Only browse trusted marketplaces, and do your research to ensure you only invest in artists with proven track records. Look at the transaction history, as this can be an initial clue into the integrity of a project.
Do your research
One reason to do your due diligence on any project you might want to support is the scam method known as a “rug pull.” These scams are when developers build up a project and promise perks and benefits to buyers down the road only to take the money and run, without being accountable for what was promised. This famously happened with the project Evolved Apes, where the developer deleted their Twitter account and disappeared after people invested.
Another thing we’ve seen, unfortunately, has been people stealing online images of other people’s art and minting them as NFTs. If you’re ever unsure or suspect there might be fraud involved, trust your gut. It’s a good idea to contact the original creator to ensure that they listed the work for sale or gave their permission.
Note: Giveaways might also be cause for concern and carry risks to your security, and some free “drops” have been known to authorize people to access your wallet, so never accept NFTs from people you don’t trust.
Stay safe on Discord
Discord is where you’ll find a lot of the latest news and chatter going on in the crypto art space. In many ways, servers can act like one big study group, helping you to grow familiar with the space and its most important players. But like any messaging platform, it carries some risks, so only accept requests from people you know and trust.
When setting up any accounts, use common sense and implement basic security measures like a strong password and two-factor authentication (2FA). Avoid using the same password more than once. Never share information, such as marketplace account information, with anyone on Discord. Official Discords that you know and trust can get hacked and send members to fake websites (there was an instance of this exact thing happening in January).
Unsolicited DMs and promises of deals that seem too good to be true are major red flags. It might go without saying, but do not click on links sent by people you don’t trust, and do not download files you’re not expecting. Discord also gives you the option of changing your settings to “Safe Direct Messaging,” which is a good first layer of protection. You can check out their safety guide in full here.
Safeguard the artwork itself
While it might seem confusing at first, the actual image or artwork won’t be stored on the blockchain, as that would be far too costly. Instead, your NFT will direct you to another place “off-chain” where you can view the image.
As we discussed in our recent article How to safeguard your artwork or art collections on the decentralized web, you don’t want your image to be stored at a traditional (HTTP) URL, as you run the risk of losing it if, say, the company that’s storing the image goes out of business.
A somewhat safer alternative is to use the InterPlanetary File System (IPFS) and pay nodes within the network to keep your data (you can do this through services like Arweave). You can learn more about how that could work here.
Invest in a hardware wallet
Hardware wallets offer a crucial layer of security for your NFTs, and they would have saved that New York City gallerist who was hacked late last year a major headache. Wallets made by Ledger and Trezor are the most popular, and it’s always best to buy directly from the manufacturer’s website (not through a third-party seller!). The benefit of a cold storage (or hardware) wallet is that they’ll keep your private key stored offline, making this information less vulnerable to hacking.
Software wallets such as MetaMask are essential tools for interacting with NFT marketplaces, but a hardware wallet like the Ledger Nano X is a better choice for storing your private keys in the long term. Luckily, you can connect your Ledger Nano with your MetaMask wallet and use them together to combine convenience and security.
While this might seem like a lot of information at first, following good cybersecurity practices and protecting your artwork does become second nature over time. Only invest what you can afford, and buy work you love. The beauty of the crypto space also lies in the fact that people are constantly coming up with new and inventive ways to keep your NFTs safe, while also maintaining the integrity of the decentralized web.
Join the Vault waitlist to get early access and be the first to find out how you can create, buy, sell, and earn.