nft

Everything You Need to Know About NFT and Wallet Security

Getting into NFTs? Then you better read up.

LOCK MOBILE
Michael Caloca / ONE37pm

In the world of Web 3, crypto and NFTs, prioritizing security is the most important move you can make. There is a ton of malware that users are susceptible to every day that they are using their phones and computers. 

If your devices are targeted and compromised, you will lose everything.

This is why it is paramount to take the proper precautions to secure your devices, your wallet and—most importantly—your seed phrase. 

Every time you log on to your computer, expect that you are susceptible to attacks. There is always someone looking for vulnerabilities, willing to take advantage of the platforms users interact with daily. The best way to secure your wallet is to take the proper measure to protect yourself.

Best Practices for Wallet Security:

Every time you register your wallet, you get a seed phrase. A seed phrase is a 12-24 word phrase that is your way to accessing your wallet anywhere from any device. It is the KEY. Make sure your seed phrase is written on a piece of paper and that you have more than one copy. (If you ever lose one, you have another). For additional security, you can split your seed phrase in half and store it in two separate locations. That way, if one place ever becomes compromised, no one will be able to access your wallet. 

Never store your seed phrase on a computer where hackers can access it, and never screenshot or take a photo of your seed phrase.

To reiterate: NEVER, EVER store your seed phrase on your computer/devices where hackers can access it. 

Never type in your seed phrase. Never share your seed phrase with anyone. 

You can also store your seed phrase using something more resilient than paper—like a cryptotag: https://cryptotag.io/

In Metamask, there are three ways to externally access/import full control of your wallet.

-Seed phrase

-Private Key

-Private Key QR code.

They can be found in your Metamask settings. Never share them with anyone. 

Use a Secure Hardware Wallet:

The most secure way to secure your crypto is by using a hardware wallet. 

If you are buying/selling/creating NFTs, cryptocurrency or any digital assets, the most secure place to store them is in a hardware wallet. Buy one or more hardware wallets. 

Suggestion: Ledger Nano

Read more here.

Never buy a hardware wallet from secondary vendors or Amazon. These are susceptible to supply chain attacks in which hackers compromise the wallets when someone purchases a resold wallet. Always buy directly from the website. 

Strategies to identify and avoid scammers:

Scammers get more creative each day, and try a variety of phishing and hacking techniques to get you to hand over your information. The seed phrase is the heart of your wallet, but your actions are what protect it. Even the most tech-savvy individuals fall to traps set by scammers.

You need to stay educated and aware of the digital landscapes you interact with daily in order to adapt and avoid scams. 

Some of the most common places scammers go to target you are Twitter and Discord. There are a variety of fake Metamask support accounts, Opensea support accounts and others that are deceitful and have creative techniques to get you to sign over your information. If you are ever suspicious that you are at risk, consult others and the community before trusting anyone blindly. There are many accounts that also impersonate influencers on social media that ask for you to send them money or share your passwords and other information. Double and triple-check before engaging. Even if the account has 1 million followers, it might be a scam. 

Official accounts like Metamask, Opensea, and Ledger will never ask you for your Seed phrase. 

On Discord, similar accounts will reach out asking for your information, or to click on a link for giveaways/sales. Never click on a link if you do not know who is sending it. It does not matter if it is your favorite celebrity. Discord scammers will copy the exact profiles of twitter influencers, project founders, celebrities, moderators and developers. The real accounts will never ask you for your seed phrase, to send them ETH or to fill out a form. Do not engage with them. 

A foolproof way to legitimize an account reaching out to you on discord is to message them on their official Twitter account. Slow down, and follow up with every single message to verify that who you are interacting with is who they say they are. 

Additional steps to follow to secure your accounts:

Protect your passwords.

Never store your passwords on your browser. When a site asks you to save your password, never accept.

The best way to protect your passwords is to write them down and store them offline. If you are using a password manager, never store your recovery data on your computer. Always print out or write down all recovery data on multiple copies of paper and place them in more than one safe place.

Enable 2FA on all of your accounts.

Using 2FA (two-factor authentications) is the best way to make sure no one can access your accounts without your permission. 

Do not use SMS authentication if possible. Sophisticated attacks can compromise your phone.

Read more here.

Never share your computer screen with anyone.

Sharing your computer screen through a live feed or screen shots can make you vulnerable to a variety of attacks.

Did you like this article?
Thumbs Up
Liked
Thumbs Down
Disliked