With all the benefits that NFT’s and blockchain bring there are still a few downsides and vulnerabilities that are inherent to the technology, among these are a few security risks. That’s not to say that the technology is insecure, only that if the correct procedures and protocols are not followed, the results can lead to irreversible catastrophic lose. In the following article, we will go over a few of the basic safe practices that you should know before interacting and transacting with non-fungible tokens.
When you initially create a digital wallet to store your tokens, you will be required to take note of the ‘Seed Phrase’ a string of words that is essentially your master recovery key. Anyone who has access to this phrase will have complete access to your wallet and its contents, without needing your password or any other additional information. It is therefore imperative that you secure and store this phrase correctly. It is generally recommended that you don’t store it digitally, electronic devices, especially those that connect to the internet, are notoriously susceptible to outside attacks and eventually always malfunction given enough time and use.
The safest way to secure your seed phrase is by purchasing a dedicated device designed solely for this reason. These work in a variety of ways, but all essentially allow you to record your seed phrase using a robust, non-flammable and non-perishable material. Virtually eradicating the threat from water and fire, however these devices are usually rather expensive, especially if just beginning on your NFT journey.
Perhaps the most practical way to secure your phrase is to simply use pen and paper, and then store multiple copies securely in different locations to protect from fire and water damage.
Equally, just as important is keeping your seed phrase to yourself. Short of inheritance, there is virtually no reason why you would need to share it with anyone else. No genuine company, project, or customer service advisor will ever ask for your seed phrase.
There are multiple types of wallet, and not all are equal in terms of security. ‘Hot Wallets’, usually exchange wallets, browser adds on and mobile and desktop applications are still susceptible to attack due to them usually being connected to external networks. On the other hand, ‘Cold Wallets’, such as Paper and Hardware Wallets, are more secure due to the private keys of the wallet being stored offline.
While being quite cool, paper wallets are somewhat clumsy to use in practice. However, hardware wallets on the other hand are relatively easy to use and the enhanced security they offer far out weighs the small learning curve of the device itself. After the initial setup, you use the device simply to sign and confirm transactions that you initiate on your regular device.
When it comes to selecting a hardware wallet, it’s best to stick to a tried and tested wallet manufactures such as Ledger and Trezor, rather than trusting your assets to a new evolving technologies and brands. But the most important thing to remember is to only ever purchase and use a sealed hardware wallet from the manufacture’s official website. This is the only way to ensure the device you receive has not been tampered with or compromised. Also ensure you stringently follow the instructions that come with the Hardware Wallet and never allow anyone else to set up the device on your behalf.
Interacting with Smart contracts and wallet integrations
When interacting with NFT projects and other dapps you will often be required to connect to the application using your wallet, mostly a browser based wallet, in order to interact with the protocol. However, there have been instances of criminals cloning official sites in order to steal the funds of wallets that mistakenly connect to the illegitimate site. So it’s imperative that you only ever connect your wallet to sites that you have complete faith in. Ensure you are using the official URL.
Similar to the threat posed from interacting with smart contracts, unknown and suspicious tokens can also pose a risk to security. If you suddenly notice an unsolicited token in your wallet, it’s best to leave it alone and not interact with it. Always confirm the Policy ID before interacting with an unknown token.
Subscribe to our mailing list below and never miss the latest updates