2022 was not a good year for crypto. First, we had the bear market, which came with all sorts of baggage for the industry. Cryptocurrencies such as Bitcoin and Ethereum lost over 60% of their value. And investors grew skeptical about investing in crypto.
To add to the list, FTX, Voyager, and Celsius all met untimely ends, giving the industry a bad reputation. However, security concerns wreaked more havoc than possible. On a monthly basis, crypto protocols suffered hacks, especially NFTs and DeFi projects.
1/ Don’t get your NFTs stolen, kid.
As a bitcoin boomer, I know a thing or two about digital asset security.
And I can tell you most security advice on Twitter is pretty bad.
Maybe that’s why you’re all getting your wallets emptied…
Let’s do a lil thread 👇🧵
— Udi Wertheimer (@udiWertheimer) January 22, 2023
In terms of statistics, more than $1 billion was lost to hacking. This pattern has continued into 2023. According to a study conducted by blockchain analytics firm Elliptic, $100 million in NFTs were reported stolen through scams between July 2021 and July 2022.
NFTs are pretty valuable. For example, Beeple’s “Everydays: The First 5000 Days” sold for a whopping $69 million. This shows how lucrative digital arts can be and why they need to be protected.
Without a doubt, the NFT industry has grown from what it was a couple of years ago. So, the more lucrative it got, the more fraudsters became interested in it. NFT enthusiasts stand to lose a lot if they fail to learn the appropriate security measures.
There is a hack/scam(bypasses 2fa) that scammers are using to compromise discord accounts. If you are a project founder/admin, this is IMPORTANT.
Our server just got attacked.
Here's how, a🧵
— Little Lemon Friends (@LittlelemonsNFT) January 3, 2022
What Threats do NFT Holders Face?
As mentioned earlier, there are several threats that NFT holders face daily. And learning about these loopholes could make all the difference. Let’s look at some of the threats.
1. Losing access to your assets: Lots of crypto and NFT holders have lost their assets by simply losing their device and not having access to their seed phrase. With no access to your seed phrase (which is like your password), you literally have no access to your assets.
2. Leaking your seed phrase: The importance of the seed phrase in blockchain cannot be overemphasized. Seed phrases are pretty flexible. So, it’s easy to input them into a fake app or website and leave yourself exposed.
8/ If your TX asks you to sign a message like 0x6fe64a…..87, you are signing a transaction that could be malicious, verify the source website and that you are indeed signing something you want to sign. pic.twitter.com/DtnGAgDTfe
— richerd.eth (@richerd) February 2, 2022
3. Falling victim to malware: Sadly, some scammers have impressive tech skills. This means they can build phony sites that look like the real deal. You can, for example, go to a BAYC website and download a game or receive a PDF file that a client has sent you to sign. If you double-click and realize the file is fake, it could be costly. Your assets could be stolen.
4. Approving malicious transactions: An NFT minting website or app may promise one thing but deliver on another. So, users can get deceived into thinking they are joining a Discord group, but instead, they are giving access to scammers.
NFT scammers love to impersonate marketplaces and artists doing giveaways. So, verifying sites before inputting sensitive details is a good place to start securing your assets.
Now, let’s look at other ways to secure your NFTs.
10/ Honestly, the best form of security is education. Take your time to learn what the best practices are. If you bring someone into to space educate them and set them up properly.
Stay safe and my DMs are always open to anyone who needs help with any security issues. 💙❤️
/fin
— richerd.eth (@richerd) February 2, 2022
Securing Your NFT Assets
Crypto expert Udi Wertheimer shared an impressive thread on NFT security. According to the tweets, NFT users should perform three major tasks:
- Minting and degening on random websites
- Trading on trusted apps
- Long-term HODLing
10/ I suggest recognizing that as an NFT user, you do 3 types of activities:
– Minting and Degening on random websites
– Trading on trusted apps
– Long-term HODLingFor each activity, you'll have a separate wallet.
If one wallet gets compromised, the others remain safe.
— Udi Wertheimer (@udiWertheimer) January 22, 2023
Udi proposes that you have a separate wallet for each activity. The idea behind that is that “if one wallet gets compromised, the others remain safe.” Now, according to Udi, your degen wallet is your highest-risk wallet. It should be used for mints and cringe games.
Udi also recommends that your degen wallet be a browser extension on your computer for ease of use. Secondly, he suggests that you keep it empty. Also, Udi recommends that “you should only transfer assets into it from other wallets as needed.” Then send them out when you’re done.
12/ Trading wallet – medium-risk.
Use this one for buying/selling NFTs on websites you trust, like OpenSea.
Sites you don't trust are for your Degen Wallet.
Use a mobile app for this one. They're more resistant to malware but more convenient than hardware wallets.
— Udi Wertheimer (@udiWertheimer) January 22, 2023
Your trading wallet contains items with a medium level of risk. This one serves a single purpose: for buying and selling NFTs on websites you trust, like OpenSea. Udi recommends that you use a mobile app for this wallet.
Final Recommendations
Lastly, your HODLing wallet serves as your vault for long-term storage of NFTs and funds. You should take a low-risk approach here. Also, Udi recommends that you never connect this to any app or contract. You only use it to send jpegs and coins to one of your other wallets. For increased security, use a hardware wallet for this.
Furthermore, treat your seed phrase as a priority, because it is. Preferably, write it on a piece of paper and protect it from exposure. Never store your seed phrase on an internet-connected device.
14/ As for seed phrases… they suck.
But for now, we're stuck with them.
I recommend writing them down on a piece of paper, noting "ONLY TYPE INTO RAINBOW MOBILE APP" or "LEDGER HARDWARE WALLET" etc
Make sure you never type it anywhere else but where the piece of paper says.
— Udi Wertheimer (@udiWertheimer) January 22, 2023
Also, enabling two-factor authentication is an added layer of security. Hackers will still need to bypass your 2FA even if they have access to your password. So, if your device supports 2FA, it is best to enable it.
Finally, DYOR. The NFT world could be scary. So, research the collection, the seller, the contract, the link, and other details before buying.
⬆️ For more cryptocurrency news, check out the Altcoin Buzz YouTube channel.
⬆️ Our popular Altcoin Buzz Access group generates tons of alpha for our subscribers. And for a limited time, it’s Free. Click the link and join the conversation today.