How to keep your NFTs safe from scammers

According to Wikipedia, the first known non fungible token (NFT) was created in 2014 and the first NFT project was launched in late 2015. It took a few more years and more projects for the concept to trickle into the consciousness of the general public, and then a few more for the massive investments into NFTs to follow.

2020 and 2021 saw hundreds of millions of dollars being spent on NFTs. The boom was obvious but baffling to many, as buying an NFT of a piece of digital art – a song, a photo, a video, an in-game collectible item, etc. – does not mean that you get copyright, intellectual property, or other legal rights to the digital asset the NFT represents.

What is, then, the allure of NFTs?

We’ve asked Satnam Narang, staff research engineer at Tenable, to shed some light on the matter for the uninitiated and to offer some security advice for those who have already invested in them.

What do buyers use NFTs for?

“Most often associated with digital art, NFTs are considered to be the modern equivalent of an art collection. Only a certain number of NFTs are produced for a project and they have a variety of traits, which can contribute to the value of an NFT from a rarity standpoint,” Narang explains.

“Most of the popular NFT projects are what are called PFPs (profile pictures) projects like CryptoPunks or Bored Apes. Buyers acquire these and use them as their profile pictures on social media, because social media has become our digital art gallery. While it’s true that anyone can right click and save a PFP from one of these projects and claim it for their own, because these are blockchain based projects, there is a way to verifiably prove ownership. Twitter recognized the value of NFTs as PFPs, which is why they started offering the ability for cryptocurrency enthusiasts to verify ownership of their NFTs on the blockchain in a more transparent way.”

He attributes the recent popularity of NFTs partly to the fact that, for many cryptocurrency enthusiasts and investors that missed out on the early days of Bitcoin and Ethereum, NFTs have become another investment vehicle and potential earning opportunity.

Several noteworthy projects have seen their NFTs skyrocket in value over the last year even as the broader cryptocurrency market entered a bear market, he pointed out.

Though, it has to be noted that the NFT market has cooled somewhat since then.

How are they NFTs secured?

NFTs are bought and sold on NFT marketplaces (e.g., OpenSea).

“NFTs are usually stored in hot wallets: cryptocurrency wallets readily accessible via the internet through browser extensions like MetaMask. This allows users to easily access their NFTs for the purpose of selling,” Narang says.

“Some experienced users may choose to store their NFTs in cold wallets, which are offline wallets (physical devices) that aren’t connected to the internet. Cold wallets include hardware wallets like a Ledger or Trezor, which require a user to safely store a private key offline in order to access their funds or NFTs in their cold wallet.”

NFTs: A treasure trove for scammers

As documented by software engineer Molly White in her Web3 Is Going Great project, NFT projects getting compromised has become an almost a daily occurrence, and rug pulls on dubious NFT projects have also been known to happen.

It’s difficult for those looking to buy NFTs or get the possibility of minting some to be absolutely sure they are not being taken in.

“There’s often a window of opportunity afforded to scammers to target NFT projects that are trying to add more value for their holders. These projects will do things like offer airdrops of tokens that are only granted to NFT holders or plans to pivot into things like the metaverse, where holders of these NFTs can get first dibs on a piece of digital land in the project’s metaverse,” Narang explains.

“If users miss out on these airdrops or opportunities to procure digital land deeds, they’re more likely to be susceptible to getting scammed by unexpected offers. The scammers also really leverage the urgency factor, saying that an NFT project is only reopening airdrops or granting access to procure digital land deeds for a limited time or for a certain number of users.”

Beware of phishing

Scammers can go after owners of NFTs through impersonations of the various projects or through generalized cryptocurrency phishing that gives an attacker control of the victim’s wallet.

Skepticism is a NFT collector’s best friend, Narang notes. “Unsolicited messages on social media claiming you can get in on an airdrop or an NFT mint are more likely to be scams. If you’re unsure, you should visit the respective NFT projects’ social media accounts or Discord to validate these claims, but I can assure you that in 9 out of 10 cases, these are simply scams designed to pilfer your digital wallets.”

It’s better to miss out on a potential up and coming NFT project than to have all of your cryptocurrency and NFTs stolen from your wallet, he opines, and advises NFT owners to consider using cold storage for their NFTs and other digital assets.