How To Secure NFTs: The Best Way To Keep NFTs Safe
KEY TAKEAWAYS: |
— Non-Fungible Tokens (NFTs) are important assets in the crypto ecosystem; with so many use cases, you’re likely to encounter them at some point. — Since NFTs can fetch high prices, they are often targeted by scammers, with increasingly sophisticated schemes too. — With a Ledger device, securing your NFTs is easy. But to keep your NFTs safe using a Ledger device or otherwise, there are a few steps you can take. |
Secure Your NFTs: It’s Your Responsibility
If you have spent your hard-earned money on NFTs, there’s no way you should take their security lightly. Today, there are countless scams targeting NFT owners and some are highly sophisticated. Knowing what an NFT is and how it works is just half of the story. The other half is understanding your responsibility as the sole custodian of your assets.
Remember: your crypto assets are not stored in a wallet, they are stored on the blockchain—and that goes for your NFTs too. With self-custody, you have true ownership of your assets, but it also means that you alone are responsible for their security. Blockchain transactions are irreversible, so if you sign away your most precious NFT, there’s not much you can do about it.
So now you know about the responsibility on your shoulders, let’s address what you can do to keep your NFTs safe.
How to Secure Your NFTs
Securing NFTs means putting enough barriers in place to keep bad actors at bay. None of these pieces of advice are satisfactory alone: you must have a few of these elements in place to guarantee the safety of your NFTs. So without further ado, let’s dive into how to secure your NFTs.
1. Choose an NFT-compatible wallet and keep your keys offline
To start with, you need an NFT-compatible wallet. You can manage your NFTs with two main types: software (hot) and hardware wallets. However, you will typically need a software wallet, such as Metamask, to access NFT marketplaces and minting apps.
It’s important to note that using a software wallet alone is not recommended. Hot wallets are connected to the internet and thus are vulnerable to the risk of hacking. Luckily, you can use a hot wallet with a hardware wallet. This allows you to benefit from the accessibility of a software wallet while keeping your private keys safe offline using the hardware wallet.
Ledger devices connect to a range of software (hot) wallets. All you have to do is connect your Ledger device to a third-party wallet interface.
For the Ethereum network, you can connect your Ledger to Metamask and benefit from exploring whichever Ethereum app you like while keeping your private keys secure. To manage Bitcoin ordinals, you may want to connect your Ledger device to Leather wallet instead.
2. Avoid Blind Signing
Another way you can keep your NFTs safe is by avoiding blind signing. To explain, a lot of decentralized apps and services don’t include the details of a transaction in human-readable language, and your wallet doesn’t know how to translate the information either. In these instances, you are forced to sign a transaction without fully understanding the consequences. This is called blind signing. This blind spot gives scammers a great opportunity to access your NFTs. They hide a malicious transaction within a situation that “seems” normal, and in the process, they convince you to give them access to your wallet. If you can, it’s always best to avoid signing these types of transactions.
Using any app or service within Ledger Live this is not a risk you have to worry about. Ledger Live’s clear signing plugin allows you to check the results of any transaction before you sign. In addition, your device’s Trusted Display is connected directly to the Secure Element chip—a tamper-proof environment. This lets you verify the address of each recipient is consistent with what your laptop or smartphone shows, alerting you to any potential malware if it isn’t.
However, when you transact outside the Ledger ecosystem, clear signing is a little trickier. Most wallets don’t give you the full details of each transaction, and even when they do, you can’t always trust your smartphone or laptop’s screen.
To mitigate some of these risks, use a transaction-checking tool such as WalletGuard or Pocket Universe. These browser extension tools will show you the intent of a transaction in human-readable terms so you can decide whether to sign (or not!). That said, they aren’t infallible so you will want to invest in a hardware wallet too (if you haven’t already).
3. Split Your NFTs Into Multiple Crypto Accounts
While avoiding blind signing is the most secure practice, it can also limit your options. For this reason, many Ledger users will enable blind signing to use third-party wallet interfaces alongside their Ledger devices. Blind signing can be risky, but you can put some barriers in place to mitigate your risk.
A great way of keeping your NFTs safe when blind signing is by segregating your crypto assets into multiple accounts. To explain, most modern wallets are HD wallets. Both software and hardware wallets of this kind allow you to generate and manage multiple accounts within the same interface. Each of these accounts is controlled by a separate key pair which means the security of one does not impact the security of another—as long as your seed phrase isn’t compromised.
Using this method if you sign a malicious transaction with one account, the NFTs in your other accounts remain secure. As a result, a great way to keep your NFTs safe is by generating several accounts and only signing transactions on potentially malicious platforms using an account containing nothing of significant value. That way, if you sign a malicious transaction a hacker can only access a minimal amount of assets.
4. Revoke Approvals
If you’ve ever sold an NFT on any marketplace, you’ve signed a smart contract approval to allow the marketplace to remove that token from your wallet. The same goes for any NFT swapping service or NFT borrowing platform: they need your signature to move your assets.
However, it’s important to note that these approvals stay active until you revoke them. This is not always a big risk when you’re interacting with a trusted platform, but that’s not always the case. If you sign an approval that allows an NFT marketplace to remove NFTs from your account and the marketplace’s smart contract has a vulnerability, your NFTs will be at risk. The same can be said when using a blockchain bridge or minting platform.
If you want to guarantee your NFTs are safe from approvals, use a revoke tool such as revoke.cash to remove an app’s permission to manage specific assets. Bear in mind that each revoked approval transaction will cost a fee though!
5. DYOR
A little bit of research goes a long way. Don’t get duped by influencers shilling their “favorite” NFT projects. If you’re hearing a buzz about an NFT project on social media, you’re always best off researching it properly. Some projects will pay crypto marketers to flood your social media feeds with enthusiastic recommendations to buy a certain NFT. More times than not, these are scams!
Make sure you read the smart contract, and if you’re not so technical, try and find some forum posts from people who have read it for you. Reading the smart contract will often tell you if the project is a honeypot scam or even if there’s a contract bug. If it’s an Ethereum project, look up the contract on Etherscan. Typically, if it’s a malicious smart contract, community members will have reported it.
6. Don’t trust verify
Finally, make sure you verify each step of any transaction process. If you initiate a transaction on a DeFi marketplace, it shouldn’t ask for access to your NFTs. If you decide to sell a specific NFT, make sure the transaction shows the correct NFT. Finally, make sure to double-check the intended recipient of NFTs before you hit send and ensure you are accessing the official site of any platform you use. These simple verification steps can stop you from signing away your NFTs without meaning to.
Securing your NFTs: Just as important as keeping your coins safe
Of course, the general crypto security rules still apply with NFTs: you’ll want to keep your seed phrase secure and in a real-world place rather than storing it digitally. You’ll also need to keep your private keys offline, opting for a paper or hardware wallet.
But primarily, the biggest threat to your NFTs is carelessness. Only you have the power to keep your assets safe, putting enough barriers in place to mitigate the risks of interacting with web3. More often than not, NFTs are stolen because the victim literally agrees to hand the tokens over to the scammer.
Fully embracing the world of digital assets means making security your top priority. So why make it complicated? With a Ledger device, you can explore the multi-faceted NFT scene with security and ease of use on your side. So start managing your NFTs with a Ledger NFT wallet: it’s easy once you know how!