As the number of NFT users, transactions and market capitalization continue to climb, phishers, hackers and other miscreants have begun to target this market, further threatening the security of the NFT ecosystem.

Tables prepared by blockchain security and data analysis firm PeckShield show that 254 NFTs with a total value of approximately $1.7 million were stolen in a phishing attack; Jay Chou's NFT BAYC#3738 was stolen on April Fool's Day, an incident typical of a phishing site inducing mint and thus gaining the right to operate a user's NFT; a project called MoonManNFT, the project lends itself to the name of free mint and steals nearly 400 NFTs ......

Generally speaking, hackers will lock collectors through Discord and Telegram and steal users' NFT assets through baiting mint, phishing attacks, etc. With today's technology, it is important for NFT investors and collectors to stay up to date on the latest methods to protect their assets.

NFT Secure Storage Basics

Please keep in mind.

Your NFT is not stored on a computer or mobile device, but in a decentralized space like IPFS or Arweave.

Having a private key gives you full access to the blockchain/your assets.

The Shamir private key partitioning scheme can provide secondary protection for helper words.

Where is your NFT stored?

NFT is not stored in cold wallets, PC's or hot wallets. nft is a token located on the ethereum blockchain and is hosted by over 2400 running network nodes worldwide. nft is backed by a fully decentralized system that ensures that the nft ecosystem is functioning properly and is also able to verify online transactions. When you make an NFT transaction, the actual activity that takes place is the database making changes to the address of that NFT.

Where are your images, motion pictures and music?

The NFT's URI (Uniform Resource Identifier) marks the location of the image. the NFT is typically located in a decentralized storage space like IPFS or Arweave. In Web2, there are also centralized stores like AWS.

Wallet

A wallet is a piece of software that stores private keys and can support transactional activity. There are two types of wallets: hot wallets (software wallets) and cold wallets (hardware wallets).

Hot wallets (software wallets): software capable of running on a universal device, capable of Web3 connectivity, and receiving assets with a single mouse click.

Cold wallet (hardware wallet): dedicated to a hardware device that can connect to Web3 and receive assets. The main difference between it and a hot wallet is that the cold wallet's helper is never connected to the internet and to make a transaction, it must be approved by physical means (e.g. a touch screen).

After choosing the right wallet, you need to understand its functionality.

First of all, a hot/cold wallet will ask you to create a password, which is unique on a particular device. Only if you know the password, you can access the wallet.

You can freely share the public address of the wallet. this address is no different from a Web3 email address, and knowing your address, anyone can send you an NFT. this also gives rise to new hacking vectors. Hackers will send NFTs to people, and when people interact with that NFT (for example, by sending it to another wallet, or selling it), the hacker will steal the assets in that person's wallet. Remember, don't click on unfamiliar NFTs! In addition, people will use rogue signatures or approvals to get your IP address.

Phishing emails are also unusual forms of scams. The purpose of the email is to lure you into connecting your wallet to a fake website so that hackers can steal assets. So, never click on unfamiliar links! Be sure to check the name of the website from time to time. Currently there is a single method of hacking, only from public addresses and emails, just ignore them.

You have to keep the private key, which is the password to access your public address. The functions of the private key are

Move your NFT out of the address.

Sign a contract to prove that you have the private key for that address (similar to verifying that you have the public address).

The biggest difference between a public address and a private key is that you can never reveal your private key to anyone. Otherwise, they can import your private key into their wallet and steal all your assets.

With the concepts of private key and public address clarified, let's look at the helper words. A mnemonic typically consists of 12, 18 or 24 words and is used to retrieve your wallet. If you lose your private key, you can use the mnemonic to create a new one. Like the private key, the mnemonic can never be known by a second person, nor can it be stored in an electronic storage device or service provider (e.g. google drive, icloud, photo albums, cell phone notes and copies). The ideal way is physical storage, such as writing on paper. Some people also use iron products to store mnemonics because it is more fireproof. Other methods, such as passphrases, can also increase wallet security. A passphrase is a string of symbols or words that can be combined with a mnemonic to create a new wallet based on the original one. As an analogy, to create a new wallet based on an existing wallet, simply enter.

mnemonic + "NFTGo"

mnemonic + any number

mnemonic + any letter

mnemonic + any phrase

Either of these methods will create a new wallet with a different private key public address, but the passphrase feature is only available for cold wallets.

Add a second layer of protection

Purchasing a cold wallet is an effective way to increase security; Trezor, Ledger and Keystone are some of the most popular hardware wallets, but each has strengths and weaknesses. Each type of cold wallet has its own characteristics. Keystone, for example, uses QR codes for data transfer, avoiding the risk of Trojan viruses being transmitted to the hardware wallet via the USB interface or Bluetooth, and is the first hardware wallet to support ENS (Ethereum Name Service), eliminating the need to verify the original address. In addition, users can customize their 4-inch screen with NFT.

Let's take Keystone as an example for setup.

Purchase Keystone wallet from the official website.

Install the Keystone kit.

Launch Keystone.

Set your wallet's PIN - a password that is unique to this device.

For enterprise use, it is recommended to use Shamir private key splitting scheme, splitting 2 sets of helpers into 3 sets, or splitting 3 sets of helpers into 5 sets, and you can keep these 3 sets of private keys in different places. If you have 3 of the 5 Shamir backups and lose 2 of them, you can still use the remaining 3 backups to recover your wallet.

Let's look specifically at the use of NFT hardware wallets by transferring a BAYC as an example. In Keystone, the user can quickly confirm the authenticity of the address using the ABI data file uploaded on the microSD card, which will appear next to the address with "Board Ape Yacht club" in blue font, and also confirm that the transaction does not involve any malicious behavior, so as not to give your NFT to a fraudster or hacker.

As the number of NFT users, transactions and market capitalization continue to climb, phishers, hackers and other miscreants have begun to target this market, further threatening the security of the NFT ecosystem.

Tables prepared by blockchain security and data analysis firm PeckShield show that 254 NFTs with a total value of approximately $1.7 million were stolen in a phishing attack; Jay Chou's NFT BAYC#3738 was stolen on April Fool's Day, an incident typical of a phishing site inducing mint and thus gaining the right to operate a user's NFT; a project called MoonManNFT, the project lends itself to the name of free mint and steals nearly 400 NFTs ......

Generally speaking, hackers will lock collectors through Discord and Telegram and steal users' NFT assets through baiting mint, phishing attacks, etc. With today's technology, it is important for NFT investors and collectors to stay up to date on the latest methods to protect their assets.

NFT Secure Storage Basics

Please keep in mind.

Your NFT is not stored on a computer or mobile device, but in a decentralized space like IPFS or Arweave.

Having a private key gives you full access to the blockchain/your assets.

The Shamir private key partitioning scheme can provide secondary protection for helper words.

Where is your NFT stored?

NFT is not stored in cold wallets, PC's or hot wallets. nft is a token located on the ethereum blockchain and is hosted by over 2400 running network nodes worldwide. nft is backed by a fully decentralized system that ensures that the nft ecosystem is functioning properly and is also able to verify online transactions. When you make an NFT transaction, the actual activity that takes place is the database making changes to the address of that NFT.

Where are your images, motion pictures and music?

The NFT's URI (Uniform Resource Identifier) marks the location of the image. the NFT is typically located in a decentralized storage space like IPFS or Arweave. In Web2, there are also centralized stores like AWS.

Wallet

A wallet is a piece of software that stores private keys and can support transactional activity. There are two types of wallets: hot wallets (software wallets) and cold wallets (hardware wallets).

Hot wallets (software wallets): software capable of running on a universal device, capable of Web3 connectivity, and receiving assets with a single mouse click.

Cold wallet (hardware wallet): dedicated to a hardware device that can connect to Web3 and receive assets. The main difference between it and a hot wallet is that the cold wallet's helper is never connected to the internet and to make a transaction, it must be approved by physical means (e.g. a touch screen).

After choosing the right wallet, you need to understand its functionality.

First of all, a hot/cold wallet will ask you to create a password, which is unique on a particular device. Only if you know the password, you can access the wallet.

You can freely share the public address of the wallet. this address is no different from a Web3 email address, and knowing your address, anyone can send you an NFT. this also gives rise to new hacking vectors. Hackers will send NFTs to people, and when people interact with that NFT (for example, by sending it to another wallet, or selling it), the hacker will steal the assets in that person's wallet. Remember, don't click on unfamiliar NFTs! In addition, people will use rogue signatures or approvals to get your IP address.

Phishing emails are also unusual forms of scams. The purpose of the email is to lure you into connecting your wallet to a fake website so that hackers can steal assets. So, never click on unfamiliar links! Be sure to check the name of the website from time to time. Currently there is a single method of hacking, only from public addresses and emails, just ignore them.

You have to keep the private key, which is the password to access your public address. The functions of the private key are

Move your NFT out of the address.

Sign a contract to prove that you have the private key for that address (similar to verifying that you have the public address).

The biggest difference between a public address and a private key is that you can never reveal your private key to anyone. Otherwise, they can import your private key into their wallet and steal all your assets.

With the concepts of private key and public address clarified, let's look at the helper words. A mnemonic typically consists of 12, 18 or 24 words and is used to retrieve your wallet. If you lose your private key, you can use the mnemonic to create a new one. Like the private key, the mnemonic can never be known by a second person, nor can it be stored in an electronic storage device or service provider (e.g. google drive, icloud, photo albums, cell phone notes and copies). The ideal way is physical storage, such as writing on paper. Some people also use iron products to store mnemonics because it is more fireproof. Other methods, such as passphrases, can also increase wallet security. A passphrase is a string of symbols or words that can be combined with a mnemonic to create a new wallet based on the original one. As an analogy, to create a new wallet based on an existing wallet, simply enter.

mnemonic + "NFTGo"

mnemonic + any number

mnemonic + any letter

mnemonic + any phrase

Either of these methods will create a new wallet with a different private key public address, but the passphrase feature is only available for cold wallets.

Add a second layer of protection

Purchasing a cold wallet is an effective way to increase security; Trezor, Ledger and Keystone are some of the most popular hardware wallets, but each has strengths and weaknesses. Each type of cold wallet has its own characteristics. Keystone, for example, uses QR codes for data transfer, avoiding the risk of Trojan viruses being transmitted to the hardware wallet via the USB interface or Bluetooth, and is the first hardware wallet to support ENS (Ethereum Name Service), eliminating the need to verify the original address. In addition, users can customize their 4-inch screen with NFT.

Let's take Keystone as an example for setup.

Purchase Keystone wallet from the official website.

Install the Keystone kit.

Launch Keystone.

Set your wallet's PIN - a password that is unique to this device.

For enterprise use, it is recommended to use Shamir private key splitting scheme, splitting 2 sets of helpers into 3 sets, or splitting 3 sets of helpers into 5 sets, and you can keep these 3 sets of private keys in different places. If you have 3 of the 5 Shamir backups and lose 2 of them, you can still use the remaining 3 backups to recover your wallet.

Let's look specifically at the use of NFT hardware wallets by transferring a BAYC as an example. In Keystone, the user can quickly confirm the authenticity of the address using the ABI data file uploaded on the microSD card, which will appear next to the address with "Board Ape Yacht club" in blue font, and also confirm that the transaction does not involve any malicious behavior, so as not to give your NFT to a fraudster or hacker.

As the number of NFT users, transactions and market capitalization continue to climb, phishers, hackers and other miscreants have begun to target this market, further threatening the security of the NFT ecosystem.

Tables prepared by blockchain security and data analysis firm PeckShield show that 254 NFTs with a total value of approximately $1.7 million were stolen in a phishing attack; Jay Chou's NFT BAYC#3738 was stolen on April Fool's Day, an incident typical of a phishing site inducing mint and thus gaining the right to operate a user's NFT; a project called MoonManNFT, the project lends itself to the name of free mint and steals nearly 400 NFTs ......

Generally speaking, hackers will lock collectors through Discord and Telegram and steal users' NFT assets through baiting mint, phishing attacks, etc. With today's technology, it is important for NFT investors and collectors to stay up to date on the latest methods to protect their assets.

NFT Secure Storage Basics

Please keep in mind.

Your NFT is not stored on a computer or mobile device, but in a decentralized space like IPFS or Arweave.

Having a private key gives you full access to the blockchain/your assets.

The Shamir private key partitioning scheme can provide secondary protection for helper words.

Where is your NFT stored?

NFT is not stored in cold wallets, PC's or hot wallets. nft is a token located on the ethereum blockchain and is hosted by over 2400 running network nodes worldwide. nft is backed by a fully decentralized system that ensures that the nft ecosystem is functioning properly and is also able to verify online transactions. When you make an NFT transaction, the actual activity that takes place is the database making changes to the address of that NFT.

Where are your images, motion pictures and music?

The NFT's URI (Uniform Resource Identifier) marks the location of the image. the NFT is typically located in a decentralized storage space like IPFS or Arweave. In Web2, there are also centralized stores like AWS.

Wallet

A wallet is a piece of software that stores private keys and can support transactional activity. There are two types of wallets: hot wallets (software wallets) and cold wallets (hardware wallets).

Hot wallets (software wallets): software capable of running on a universal device, capable of Web3 connectivity, and receiving assets with a single mouse click.

Cold wallet (hardware wallet): dedicated to a hardware device that can connect to Web3 and receive assets. The main difference between it and a hot wallet is that the cold wallet's helper is never connected to the internet and to make a transaction, it must be approved by physical means (e.g. a touch screen).

After choosing the right wallet, you need to understand its functionality.

First of all, a hot/cold wallet will ask you to create a password, which is unique on a particular device. Only if you know the password, you can access the wallet.

You can freely share the public address of the wallet. this address is no different from a Web3 email address, and knowing your address, anyone can send you an NFT. this also gives rise to new hacking vectors. Hackers will send NFTs to people, and when people interact with that NFT (for example, by sending it to another wallet, or selling it), the hacker will steal the assets in that person's wallet. Remember, don't click on unfamiliar NFTs! In addition, people will use rogue signatures or approvals to get your IP address.

Phishing emails are also unusual forms of scams. The purpose of the email is to lure you into connecting your wallet to a fake website so that hackers can steal assets. So, never click on unfamiliar links! Be sure to check the name of the website from time to time. Currently there is a single method of hacking, only from public addresses and emails, just ignore them.

You have to keep the private key, which is the password to access your public address. The functions of the private key are

Move your NFT out of the address.

Sign a contract to prove that you have the private key for that address (similar to verifying that you have the public address).

The biggest difference between a public address and a private key is that you can never reveal your private key to anyone. Otherwise, they can import your private key into their wallet and steal all your assets.

With the concepts of private key and public address clarified, let's look at the helper words. A mnemonic typically consists of 12, 18 or 24 words and is used to retrieve your wallet. If you lose your private key, you can use the mnemonic to create a new one. Like the private key, the mnemonic can never be known by a second person, nor can it be stored in an electronic storage device or service provider (e.g. google drive, icloud, photo albums, cell phone notes and copies). The ideal way is physical storage, such as writing on paper. Some people also use iron products to store mnemonics because it is more fireproof. Other methods, such as passphrases, can also increase wallet security. A passphrase is a string of symbols or words that can be combined with a mnemonic to create a new wallet based on the original one. As an analogy, to create a new wallet based on an existing wallet, simply enter.

mnemonic + "NFTGo"

mnemonic + any number

mnemonic + any letter

mnemonic + any phrase

Either of these methods will create a new wallet with a different private key public address, but the passphrase feature is only available for cold wallets.

Add a second layer of protection

Purchasing a cold wallet is an effective way to increase security; Trezor, Ledger and Keystone are some of the most popular hardware wallets, but each has strengths and weaknesses. Each type of cold wallet has its own characteristics. Keystone, for example, uses QR codes for data transfer, avoiding the risk of Trojan viruses being transmitted to the hardware wallet via the USB interface or Bluetooth, and is the first hardware wallet to support ENS (Ethereum Name Service), eliminating the need to verify the original address. In addition, users can customize their 4-inch screen with NFT.

Let's take Keystone as an example for setup.

Purchase Keystone wallet from the official website.

Install the Keystone kit.

Launch Keystone.

Set your wallet's PIN - a password that is unique to this device.

For enterprise use, it is recommended to use Shamir private key splitting scheme, splitting 2 sets of helpers into 3 sets, or splitting 3 sets of helpers into 5 sets, and you can keep these 3 sets of private keys in different places. If you have 3 of the 5 Shamir backups and lose 2 of them, you can still use the remaining 3 backups to recover your wallet.

Let's look specifically at the use of NFT hardware wallets by transferring a BAYC as an example. In Keystone, the user can quickly confirm the authenticity of the address using the ABI data file uploaded on the microSD card, which will appear next to the address with "Board Ape Yacht club" in blue font, and also confirm that the transaction does not involve any malicious behavior, so as not to give your NFT to a fraudster or hacker.

As the number of NFT users, transactions and market capitalization continue to climb, phishers, hackers and other miscreants have begun to target this market, further threatening the security of the NFT ecosystem.

Tables prepared by blockchain security and data analysis firm PeckShield show that 254 NFTs with a total value of approximately $1.7 million were stolen in a phishing attack; Jay Chou's NFT BAYC#3738 was stolen on April Fool's Day, an incident typical of a phishing site inducing mint and thus gaining the right to operate a user's NFT; a project called MoonManNFT, the project lends itself to the name of free mint and steals nearly 400 NFTs ......

Generally speaking, hackers will lock collectors through Discord and Telegram and steal users' NFT assets through baiting mint, phishing attacks, etc. With today's technology, it is important for NFT investors and collectors to stay up to date on the latest methods to protect their assets.

NFT Secure Storage Basics

Please keep in mind.

Your NFT is not stored on a computer or mobile device, but in a decentralized space like IPFS or Arweave.

Having a private key gives you full access to the blockchain/your assets.

The Shamir private key partitioning scheme can provide secondary protection for helper words.

Where is your NFT stored?

NFT is not stored in cold wallets, PC's or hot wallets. nft is a token located on the ethereum blockchain and is hosted by over 2400 running network nodes worldwide. nft is backed by a fully decentralized system that ensures that the nft ecosystem is functioning properly and is also able to verify online transactions. When you make an NFT transaction, the actual activity that takes place is the database making changes to the address of that NFT.

Where are your images, motion pictures and music?

The NFT's URI (Uniform Resource Identifier) marks the location of the image. the NFT is typically located in a decentralized storage space like IPFS or Arweave. In Web2, there are also centralized stores like AWS.

Wallet

A wallet is a piece of software that stores private keys and can support transactional activity. There are two types of wallets: hot wallets (software wallets) and cold wallets (hardware wallets).

Hot wallets (software wallets): software capable of running on a universal device, capable of Web3 connectivity, and receiving assets with a single mouse click.

Cold wallet (hardware wallet): dedicated to a hardware device that can connect to Web3 and receive assets. The main difference between it and a hot wallet is that the cold wallet's helper is never connected to the internet and to make a transaction, it must be approved by physical means (e.g. a touch screen).

After choosing the right wallet, you need to understand its functionality.

First of all, a hot/cold wallet will ask you to create a password, which is unique on a particular device. Only if you know the password, you can access the wallet.

You can freely share the public address of the wallet. this address is no different from a Web3 email address, and knowing your address, anyone can send you an NFT. this also gives rise to new hacking vectors. Hackers will send NFTs to people, and when people interact with that NFT (for example, by sending it to another wallet, or selling it), the hacker will steal the assets in that person's wallet. Remember, don't click on unfamiliar NFTs! In addition, people will use rogue signatures or approvals to get your IP address.

Phishing emails are also unusual forms of scams. The purpose of the email is to lure you into connecting your wallet to a fake website so that hackers can steal assets. So, never click on unfamiliar links! Be sure to check the name of the website from time to time. Currently there is a single method of hacking, only from public addresses and emails, just ignore them.

You have to keep the private key, which is the password to access your public address. The functions of the private key are

Move your NFT out of the address.

Sign a contract to prove that you have the private key for that address (similar to verifying that you have the public address).

The biggest difference between a public address and a private key is that you can never reveal your private key to anyone. Otherwise, they can import your private key into their wallet and steal all your assets.

With the concepts of private key and public address clarified, let's look at the helper words. A mnemonic typically consists of 12, 18 or 24 words and is used to retrieve your wallet. If you lose your private key, you can use the mnemonic to create a new one. Like the private key, the mnemonic can never be known by a second person, nor can it be stored in an electronic storage device or service provider (e.g. google drive, icloud, photo albums, cell phone notes and copies). The ideal way is physical storage, such as writing on paper. Some people also use iron products to store mnemonics because it is more fireproof. Other methods, such as passphrases, can also increase wallet security. A passphrase is a string of symbols or words that can be combined with a mnemonic to create a new wallet based on the original one. As an analogy, to create a new wallet based on an existing wallet, simply enter.

mnemonic + "NFTGo"

mnemonic + any number

mnemonic + any letter

mnemonic + any phrase

Either of these methods will create a new wallet with a different private key public address, but the passphrase feature is only available for cold wallets.

Add a second layer of protection

Purchasing a cold wallet is an effective way to increase security; Trezor, Ledger and Keystone are some of the most popular hardware wallets, but each has strengths and weaknesses. Each type of cold wallet has its own characteristics. Keystone, for example, uses QR codes for data transfer, avoiding the risk of Trojan viruses being transmitted to the hardware wallet via the USB interface or Bluetooth, and is the first hardware wallet to support ENS (Ethereum Name Service), eliminating the need to verify the original address. In addition, users can customize their 4-inch screen with NFT.

Let's take Keystone as an example for setup.

Purchase Keystone wallet from the official website.

Install the Keystone kit.

Launch Keystone.

Set your wallet's PIN - a password that is unique to this device.

For enterprise use, it is recommended to use Shamir private key splitting scheme, splitting 2 sets of helpers into 3 sets, or splitting 3 sets of helpers into 5 sets, and you can keep these 3 sets of private keys in different places. If you have 3 of the 5 Shamir backups and lose 2 of them, you can still use the remaining 3 backups to recover your wallet.

Let's look specifically at the use of NFT hardware wallets by transferring a BAYC as an example. In Keystone, the user can quickly confirm the authenticity of the address using the ABI data file uploaded on the microSD card, which will appear next to the address with "Board Ape Yacht club" in blue font, and also confirm that the transaction does not involve any malicious behavior, so as not to give your NFT to a fraudster or hacker.