When the world of non-fungible tokens first started its take-off, people had a lot of questions about NFT security. And now, after the BOOM has finally settled, weâ€™re still asking the same questions. But, security and safety are the main concern.
Is your NFT safe?
There are risks associated with NFT ownership. And weâ€™re not talking about red flags and rug pulls. Securing your non-fungible token goes beyond that! All NFTs are built-in smart contracts that can be broken, manipulated, or exploited. Granted, this will be done PUBLICLY on the blockchain. But, think about it, who will be the one to reinforce any punishment?
Therefore, it is absolutely important to understand the risks that come with being an NFT owner! And, above all, understanding non-fungible tokens themselves. So, before we get into NFT security, make sure you check out our FREE hub for NFTs. It has everything you need to understand non-fungible tokens and how they work!
NFT SECURITY 101
Non-fungible tokens carry similar types of NFT security risks as other crypto assets on the blockchain. This mainly comes from the fact that both require the usage of crypto wallets that usually have private keys. The wallet is the place where you store your non-fungible tokens and other crypto assets. However, that is definitely not the only security risk that comes with NFTs. Here are some security risks you should be aware of:
#1 Marketplace Security
Since the main form of trade for NFTs is through NFT marketplaces, their security is KEY. Centralized platforms like OpenSea, Rarible, Nifty Gateway, and so much more require that you connect your wallet. This means that compromising marketplace security is compromising your wallet.
This happened once before with Nifty Gateway with several compromised accounts. The attacker purchased NFTs, exchanged them, and even sold some for profit. The platform reimbursed all the affected people, but they couldn’t retrieve the NFTs. To avoid this, use strong passwords, 2FA, and reliable email addresses.Â
#2 Smart Contract Issues
Also, another part of NFT security (one of the biggest parts) is the smart contract. A lot of people can exploit smart contract loopholes â€“ like the incident with CryptoPunks back because of a BUG. In 2017, CryptoPunks suffered a bug that prevented sellers from getting paid ETH tokens. So, the attacker was able to buy a Punk and take the money back! The creators eventually had to re-launch the Punks with updated smart contracts.
Another similar situation happened with the Meebits where the attacker exploited the rules of the smart contract. This was during what could only be considered an ownership privilege. Larva Labs wanted to award all CryptoPunks holders a chance at minting Meebits at random. However, one user discovered that the smart contract contained an archived file with each tokenâ€™s ID. This ultimately helped him get an ultra-rare NFT worth over $700K! Therefore, always make sure you check the NFT smart contract before purchasing!
#3 Fake NFTs & Phishing
Also, another type of concern regarding NFT security is fake or counterfeit non-fungible tokens. A lot of people could impersonate certain artists, create fake accounts, and attempt to sell fake NFTs. This is actually much more common than you might think â€“ especially on Discord, Twitter, and Instagram. And, it could also happen through NFT marketplaces if they arenâ€™t careful.Â
More often than not, this account will have a random assortment of NFTs without a particular theme. Or, they will place an NFT for sale that is extremely and suspiciously underpriced. OR, even put up a sale for an NFT that you KNOW belongs to another artist.
The same goes for phishing scams that try to access and steal your private key or seed phrase. Scammers use phishing tactics to access this information usually through fake emails or websites to steal data. So, make sure that you always use verified marketplaces and do not open shady emails!
Keeping Your NFTs Safe
For optimum NFT security, you have to do a little extra effort to make sure you donâ€™t lose! It doesnâ€™t require too much effort and you wonâ€™t be sorry later. So, to decrease the chances of NFT risks, follow these steps:
- Use two-factor authentication (2FA)
- Check any account validity before accepting airdrops or giveaways
- Use link-checking websites before clicking any link related to crypto
- Always store your private keys and seed phrases in super secure locations or cold wallets