Are you sure your NFTs are safe?
Some NFTs cost a few dollars, others are like an expensive car or apartment. But when it comes to security, price does not matter – all tokens must be well protected.
So, let’s figure out together how well the NFT is protected and learn about possible dangers.
What is NFT?
“I know I don’t know anything” – this statement of Socrates perfectly fits NFT, especially if you haven’t been interested in blockchain and cryptocurrency before. Therefore, before we move on to NFT security issues, it doesn’t hurt to learn more about the technology itself.
Contrary to popular belief, the NFT itself (or a non–interchangeable token) is not a work of art, but only proof of ownership of a cryptographically signed version of a particular work of art. Each token is unique.
For example: in the real world, you can exchange a dollar for a dollar, since they both have the same value. But you will not exchange a house for a house “without looking”: each house is unique in area, interior, decoration and location.
So, when you buy an NFT, you buy a token that proves that you own a digital artwork file. This file can be a picture, video, sound, or even a GIF image. You can buy NFT using Ethereum, the second most expensive cryptocurrency in the world. There are also collections of tokens, the most popular of them are CryptoPunks, Bored Ape Yacht Club and World of Women.
Where are NFTs stored?
Since NFT is an encrypted token, it, like cryptocurrency transactions, can be stored in the blockchain. The blockchain is very well protected. It uses distributed registry technology, which prevents attackers from forging tokens. After purchasing an NFT, you receive a private key that can be stored in a digital wallet (if this wallet supports NFT). A private key is required to access the NFT, so it must be kept secret. Remember, if you lose your private key, you lose access to your NFT, and therefore the money spent on the token.
What dangers can you face when buying an NFT?
Now cybercriminals are actively developing the fast-growing NFT industry, because potential victims simply do not know about the possible dangers.
To steal your NFT, attackers need two pieces of information: a private key and a seed phrase. Having obtained a private key, a hacker can impersonate you and conduct any transactions with the token. And if an attacker learns the seed phrase, he will be able to gain access to your NFT wallet.
Hackers use fake mailings and phishing sites to access the necessary information. For example, scammers can impersonate ordinary marketplace users who have problems buying your NFT. To solve these “problems”, attackers can send a fake link to the marketplace. after that, they will ask you to log in to your account. As soon as you enter your data, cybercriminals will steal it and gain full control over your account.
Let’s look at another example of fraud. An attacker can impersonate an NFT artist who played his work among random users. This method is quite common on Discord, Twitter and Instagram, so we recommend that you be as vigilant as possible when receiving a personal message with a link to the drawing of any prizes. A link from such messages usually leads to a website where you are asked to enter a private key or seed phrase to receive a prize. Remember – you don’t need a private key or a seed phrase to send an NFT, it’s enough to know only the address of the recipient’s NFT wallet.
How to protect your NFT?
To reduce the chance of NFT theft, it is enough for you to follow the usual security rules. Connect two-factor authentication to your NFT accounts and accounts on marketplaces, check suspicious links using special services. Also, do not forget to check the accounts of users who send you messages about the distribution of NFT. If the account owner pretends to be a famous NFT artist, but he has only a few subscribers, then he definitely should not be believed.
Make sure that your private keys and seed phrases are securely protected. You can use digital wallets to store NFT, but many of them are connected to the Internet, which exposes your digital assets to potential risk.
Therefore, we recommend using either a “cold wallet” (which does not have an Internet connection), or a capsule with seed phrases to store confidential data.
In the end, you can just write down all the information you need on paper or store it on your hard drive, but before that, make sure that your piece of paper or drive is in a safe place.