NFT Self Defense: Staying Safe in Web3

Source: Adobe/

John Ennis, Ecosystem Lead of Gnosis Safe, a multi-signature (multisig) wallet solution. 


Rugs. Rugs everywhere 

From BAYCCryptopunksMeebits, NFT collections are gaining mainstream attention from brands to celebrities to everyday individuals, but not all this attention has been positive. NFT hacks, phishing scams, and YOLO signed rug pulls are plaguing the metaverse. The OpenSea phishing hack recently resulted in the theft of more than 250 NFTs worth USD 1.7m.  

These NFT hacks are upsetting to see, but not entirely unpredictable given the security practices of many NFT collectors. Today, the NFT marketplace is not well equipped to deal with security threats, or as punk6259 explains: “… we have cars before seat belts”.

There is much work to be done to improve security for NFT holders everywhere. 

That said, people can still take preventative measures to mitigate security compromises. In response to punk6259, there are ‘seatbelts’ that can protect prized NFTs, but people have to take these matters into their own self-custodial hands. 

Spotting a Rug

The first step of prevention for users is to keep their eyes peeled for potential signs of scams. Even the best can be fooled. Here’s how to recognize some common, dubious  tactics: 

  • Malicious NFTs – Hackers will sometimes airdrop NFTs to user accounts as a trojan horse. Interacting with these malicious NFT airdrops will prompt the user to sign a message to gain access and drain the account.
  • The FOMO-inducing shady URL – A cool new project comes up with a timer counting down on the purchase page, inducing serious FOMO. The second the user signs the transaction and makes that purchase, hackers would have obtained access to their wallets. Unknown to the user, the purchase page was linked to a scam URL.
  • The classic email phishing scam – This is the oldest trick on the internet. Users get a legit-looking email from seemingly a platform or exchange they frequently use, with a malicious link embedded within that lures them to make a transaction. Or, it may even inject malware that scans for seed phrases stored in laptops. (Reminder: don’t store seed phrases on your laptop!)
  • A central exchange or project gets ‘targeted’ – An NFT exchange or project that users engage with, gets attacked, or even worse, pretends to be hacked. In this scenario, user-owned tokens/JPEGs that have previously interacted with the project’s platform are vulnerable to a rug.

Vaulting up your grail NFTs with that extra bit of safety

Before vaulting up your NFTs, a good clean-up practice is to “revoke” token approvals and permissions from any sketchy platforms you may have accidentally used. You can do this through Etherscan’s token approval tool and Opensea’s accompanying tutorial.

Choosing an NFT Vault: Wallets for courses

Abstracting away your precious assets from your daily activities makes sense. You don’t go shopping with your entire bank account savings sitting in your pocket. Same way, you don’t go buying digital art with your entire art collection.