NFT Safety Tips & Best Practices

The NFT/Crypto/Web3 space is constantly changing and evolving, and for as much good as can be had within the space there are undoubtedly some bad actors as well.

I’m writing this to try and help give a foundational level of safety tips and tricks to keep your (and your wallet) safe while navigating the space. This is a living document, so things will be added and removed as time goes on and things change.

To add some credibility to this, I’ve been working in the cybersecurity space for three years now, and have been working in the general IT space for the past ten. Naturally, I recommend taking everything I say with a grain of salt, and continue to do your own research past what is written here.

Links

  • As a general tip, keep your DMs closed. Most reputable project teams will never DM you, and will instead work through some sort of ticketing system in order to keep both parties safer and more secure.

  • If you are presented with a link that you’re not sure you should trust, I would recommend using a site such as urlscan.io (https://urlscan.io/) or any.run (https://app.any.run/) to check the link prior to visiting it. Urlscan.io is a quick check, and will show you a screenshot of the site that the link resolves into, while any.run will let you interact with the link in a sandboxed environment.

Seed Phrase

  • Never share your seed phrase with anyone.

  • Never share your seed phrase with anyone.

  • Do not store your seed phrase in the digital space.

  • Make sure you have a copy of your seed phrase somewhere safe, you may even consider keeping it in a safe or safety deposit box within a bank.

  • Never share your seed phrase with anyone.

Hardware Wallets

  • A hardware wallet is a great investment to keep your NFTs and cryptocurrencies safer. It helps to keep your private key safe, and adds another layer of verification before a transaction can be completed (as you have to verify and sign everything on the hardware wallet itself).

  • Some popular hardware wallets are Ledger (https://www.ledger.com) and Trezor (https://trezor.io). Personally, I use a Ledger Nano S.

  • When buying a hardware wallet, make sure you’re buying direct from the site. If someone else has had access to the hardware wallet prior to you, you have no guarantee that it is not compromised.

2FA (Two Factor Authentication)

  • If you can set up an account with 2FA, do so.

  • I recommend using an authenticator app (such as Google Authenticator) as opposed to the SMS/text message option where available. This is because SMS/text messages are easier to intercept and take advantage of.

Multi-Wallet Strategy

  • One common strategy is to use multiple wallets for all of your crypto/NFT activity, such as the following:

    • One wallet strictly for minting

    • One wallet for risky / “degen” plays when you don’t fully trust the project (this would be a burner)

    • One wallet for cold storage (likely a hardware wallet), etc.

  • This helps to protect your assets in case one of your wallets is compromised. With a multi-wallet portfolio you would be much less likely to lose everything in one go.

  • Additionally, you’ll want to keep your cryptocurrencies out of the minting wallets, and only transfer in what you’ll need for the transactions. Again, this is to lower the risk of losing all your funds, should the wallet become compromised.

  • Once you’ve minted, you would then transfer those tokens to your cold storage wallet.