NFTs (non-fungible tokens) have soared in popularity among global brands and investors alike, and played a large role in bringing broader mainstream awareness to cryptocurrencies.
Over the past year alone, more than 28 million NFTs have been bought and sold at a total volume of more than $19 billion, according to data provider nonfungible.com.
Key Takeaway Tips
- Tip #1 - Never share your wallet private key, seed or recovery phrase
- Tip #2 - Avoid fake giveaways
- Tip #3 - Avoid fake wallet recovery sites and chat rooms
- Tip #4 - Avoid fake wallet browser extensions
- Tip #5 - Beware of email phishing scams
- Tip #6 - Beware of imposters
- Tip #7 - Use a password manager
NFTs have brought a new paradigm shift to artists by:
- bestowing digital ownership rights to artists for their original creative works like art and music by digitally representing them in token form
- allowing for these works/tokens to be easily bought and sold over the Internet to a global audience
However, due to the infant nature of NFTs and cryptocurrencies in general, this popularity boom has also led to a rise in NFT thefts, scams, and other unscrupulous behavior.
In this Fiborite basic user guide, we will outline some of the best tips for users to protect their NFTs from thefts and scams.
Tip #1 - Never share your wallet private key, seed or recovery phrase
The most critical point of security for any NFT and crypto user is their wallet private key or seed phase or recovery phrase.
This all-important private key/seed phrase consists of a string of words, sometimes 12, 15, or 24 words, that is used to grant the user full control of the assets in their crypto wallet.
The seed phrase is a mnemonic representation of the private key of the wallet.
The person in possession of this private key ultimately has full control of the assets deposited in that crypto wallet, and so it should be safely stored in a location known only to the user.
**This is why your private key/seed phrase is the most valuable piece of information for any crypto user, and should never be shared or revealed to anyone. There is no company or anyone you can depend on to recover your private key. Hence, the private key holder is the only one with access to the accompanying wallet.
Storing the private key on one’s computer or phone is highly risky and makes the private key vulnerable to hackers.
These hackers have many enticing ways to approach users unfamiliar with cryptocurrencies, which are discussed below.
Tip #2 - Avoid fake giveaways
Free crypto giveaways or airdrops are very common in the cryptocurrency space.
They are a popular method to attract users to a new project.
To participate in one of these, users often have to provide their wallet’s address to receive the tokens of NFTs of the prize.
Here is where the vulnerability lies.
Many hackers ask new crypto users for their seed phrase to enter the giveaway, sometimes disguising themselves as help staff, customer service representatives, and other affiliated personnel.
Once your private key/seed phrase is shared, the hacker is in complete control of the crypto assets deposited in that wallet.
**The solution is simple, never input your seed phrase in any third party site, chat room, or share with anyone else.
Tip #3 - Avoid fake wallet recovery sites and chat rooms
Another major function of a seed phrase is crypto wallet recovery/restoration in case a user forgets their password.
Everytime a user wants to recover or restore their crypto wallet because of a forgotten password, their original seed phrase has to be used.
To take advantage of this function, hackers manipulate search engine results, lurk in fake chat rooms, and then display fake crypto wallet sites in these search engines and chat rooms to lure users.
Unsuspecting users wishing to desperately restore their wallets send their seed phrases and then get their cryptocurrencies stolen.
This is the most dangerous scam method as most of us have forgotten a password at some point in the past.
The ways to avoid this are:
- Never access a wallet site from an Internet search or anonymous user comment. It’s better to search for the main site of the crypto wallet and then navigate from there.
- Always double check the spelling of the official site. Names for official products are registered, so attackers have to make subtle variations in the name to trick people.
- Check the URL certificate before using it. Official sites for crypto wallets will always have an up-to-date certificate.
**The private key/seed phrase is the most important piece of any crypto wallet. It’s imperative to guard it and always double check any instance where it has to be used. No other party can recover it for you.
Tip #4 - Avoid fake wallet browser extensions
Most light wallets, such as Yoroi Wallet for Cardano ADA users, use a desktop browser extension to connect with a certain blockchain and to authorize transactions.
These desktop extensions are often installed from a web store of the parent company of the browser.
However, these providers have come under attack by hackers who have created fake extensions that use the name of the original service.
**To avoid this attack, always go first to the official site of the crypto wallet and utilize the listed links there to download a browser extension.
Never trust ads on third party sites that promote crypto wallets.
It’s impossible to verify the authenticity of these ads, and it’s better to always go via the official channels.
Tip #5 - Beware of email phishing scams
Email phishing is an old problem on the Internet.
But now, hackers have begun designing viruses that specifically target the places in a computer or smartphone where some private keys tend to be stored (Best not to store private keys on a computer/smartphone regardless).
With this method, they are able to extract the private key from an unsuspecting victim who has conveniently stored their private key there.
**Never click on links or attachments sent by unknown people.
Also, ads shown in pages can be vectors of attack, so avoid clicking on them, or better yet, use an ad blocker.
Attackers target the usual folders where private keys are stored, and then move them to different directories.
Additionally, everyone should consider using a cold wallet.
Cold wallets are crypto wallets not connected to the Internet.
This way, your assets are always out of the reach of hackers.
Tip #6 - Beware of imposters
There are a lot of scammers that impersonate official administrators (admins) and moderators (mods) in official Twitter replies, Internet forum threads, and official chat rooms.
Please always make sure to double check their identities by clicking on their profiles to see if they match up with the official account profiles or have a verified checkmark.
Better yet, always remember to NEVER send your private key/recovery phrase/password to anyone at all times.
If you have questions at any time, please refer to the official Q&A on our websites or EMURGO’s official Zendesk for assistance.
Tip #7 - Use a password manager
Crypto wallets use passwords to authorize transactions and sometimes even access the wallet.
These are also a source of vulnerability, especially if they are being reused on multiple sites and services.
Reusing passwords is always a bad idea, but that holds especially true for keeping crypto assets, like NFTs, safe.
At the same time, it can be tedious to have different passwords for every Internet service we interact with.
The best solution is to use a trusted password manager that can create different ones for each site and wallet.
Where Can I Download Yoroi Wallet?
Download Yoroi Wallet here!
Developed by EMURGO, Yoroi is a light wallet for Cardano ADA and Ergo’s ERG holders, allowing users to easily and securely store, send, and receive these cryptocurrencies through mobile app and web browser extension versions.
Yoroi also enables users to connect to Cardano-based dApps such as Fiborite NFT marketplace, stake ADA for rewards, vote for Cardano’s Project Catalyst, and more!
Yoroi Wallet supports both mobile and desktop web browser extension versions.
Via the Yoroi desktop version, users can access the Yoroi dApp Connector page within their Yoroi Wallet to connect to Cardano dApps.
You can visit Yoroi Wallet’s site directly or access the links above to download your preferred version.
About Yoroi Wallet
- Official Homepage: emurgo.io
- Twitter (Global): @EMURGO_io
- YouTube: EMURGO channel
- Telegram: EMURGO Announcements
- Facebook: @EMURGO.io
- Instagram: @EMURGO_io
- Medium: EMURGO Announcement
- LinkedIn: @EMURGO_io