It has become a daily event. I'm scrolling through Twitter when I read about another person who lost all, or most, of their NFTs. Every time I see one of these tweets I get sad, first because I know how devastating it is for people to lose valuable NFTs, and second because 99.9% of the time it was easily preventable.
Before I go any further I'll let you know that neither of the two security practices I'm going to cover in this article are - use a hardware wallet. You should know this by now, and if you aren't using a hardware wallet yet, stop reading this and go buy one now.
That being said, I think hardware wallets sometimes give people a false sense of security. The reality is, most scams are effective whether you're using a hardware wallet or not. The reason is - hardware wallets won't protect you from making some of the most common security mistakes, and, just like hot wallets, they can be drained by scammers using the exact same methods.
Luckily, there are two very simple security practices that every NFT owner can and should be following, and I'm going to outline these below. Honestly, if you follow these two practices, you'll avoid a lot of potential pain now and in the future. So let's get into it.
NFT Security Practice #1 - mint new projects from an empty wallet
This is an incredibly easy security practice that you can start following instantly. MetaMask allows you to create new wallets in a few seconds. Create a new wallet just for minting new projects.
Why do this?
One common technique scammers use to drain wallets today is to hype up an exciting new NFT project. Then when people go to mint, rather than minting, everything in their wallet is sent to the scammer, along with the mint fee.
By using an empty wallet, if you do fall privy to one of these scams, all you lose is the mint fee, not your NFTs. It really is that simple.
What a lot of people miss is that hardware wallets are just as susceptible to this scam as hot wallets. In both cases you're signing the transaction and authorizing this unknown smart contract to do whatever it wants. It doesn't matter if you're authorizing it from a hot wallet or a hardware wallet, in both cases, all the NFTs in your wallet - poof, they're gone before you know it.
You can avoid this scam 100% of the time by simply minting from an empty wallet. There's absolutely no cost to create a new wallet in MetaMask and it takes a few seconds to do it...so stop reading for a second and go create a new wallet just for minting.
Note: yes - you can also create a wallet just for minting on a Ledger or Trezor too so feel free to do that as well. That being said, I personally prefer to use a hot wallet when minting unknown projects, then if the mint turns out not to be a scam, I can send the NFT I mint to a hardware wallet.
Additional note: if I do mint an NFT from a project that seems legit. I still take one additional security precaution. If I transfer to my Ledger or Trezor, I transfer to a wallet that doesn't have any valuable NFTs in it. Remember, another relatively popular scam is to let people mint NFTs that can later be used (since they're tied to a smart contract themselves) to drain whatever wallet they end up in.
NFT Security Practice #2 - if you are trading NFTs with someone you don't know, trade from a wallet that only has the NFTs you are trading in it
Another common NFT scam that I'm seeing happen more and more lately is where someone offers to trade NFTs and sends a link to a site that either looks identical to NFT Trader, or appears to be another trustworthy NFT trading site...but isn't.
First things first - if someone sends you to any NFT trading site that you haven't heard of, head for the hills. I personally recommend that everyone uses NFTTrader (located at https://www.nfttrader.io/) and verifies the URL very carefully when doing so.
If someone insists on using an NFT trading site you've never heard of, that's a scammer, head for the hills. There is absolutely no good reason why anyone who wants to hold a safe and secure trade, wouldn't agree to use NFTTrader instantly.
That being said, fake NFTTrader sites are out there, the URLs look confusingly similar, and they trick people all the time. So, to be extra safe, I recommend that anyone trading NFTs trade from a wallet that has only the NFTs they are trading in it. This means that if you do end up getting scammed, you only lose the NFTs you were going to trade, not every single NFT (and all the crypto) in your wallet.
While this will cost a bit more in gas fees to transfer whatever NFTs you want to trade to an empty wallet, it's a security precaution that I think absolutely everyone should take.
And that's it. Like the title of this article says - seriously, just do these two things. Scammers are stealing NFTs from people every single day, and most of the time, it's very easily preventable. These scammers aren't super hackers, they aren't reverse engineering any code or following any complex process, they're just taking advantage of the fact that so many people aren't following basic security protocols.
If this article helps just one person avoid a scam, then it has served its purpose. Be safe out there, slow down, and trust nobody. Scams are only going to be increasing - stay safe out there and thanks for reading!