A Complete Newbie Learns How to Protect Your NFTs
Two weeks ago, Jazz took her first steps into the NFT space. Today, she encounters those who wish to take her precious collectibles – and how to prevent them from doing so.
As a newbie in the crypto sphere, and an even newer-bie in the NFT space, I’ve been having a great time delving into this lively community and all that comes with it. My WAX wallet is filling quickly with blockchain-backed collectibles, I’m supporting indie artists and chatting with them in real time, and I’m inching ever closer to launching my own NFT art.
Everyone out here seems to be warm, welcoming, and friendly – not to mention generous. In fact, just the other day, someone called Ray messaged me to let me know I’d won a giveaway for 0.194 BTC, and all that I had to do was sign in with my wallet!
I was struck by this amazing offer. So struck in fact… that I immediately reported and blocked him.
Thus began my adventure into scam-spotting and wallet security – something everyone needs to learn at some point, preferably the easy way.
“Too good to be true” phishing scams like the one above are simple enough to spot, but as someone taking her first steps into what has the potential to be a very lucrative venture, it can be easy to be blinded by the get-rich-quick hype that pervades this space.
Couple that with the steep learning curve on some of the finer points of this technology, and you have the perfect environment for bad actors to run rife.
Within NFT-related Telegram channels, help requests will often be met with a flurry of private messages from scammers claiming to be support personnel.
Inevitably they’ll ask for my login details or private keys to ‘help solve the problem’, and should I have handed them over, my precious Waxy and Cat Stickers NFTs would have been whisked away, along with my WAXP.
This all has a perk though. For most scams, it’s the user who gets tricked into handing over information or assets, which means the best way to avoid that is to simply be aware.
A lot of these lessons can be learned without the painful first-hand experience. One of the great things about the NFT space is the tendency for users to look out for each other, and there’s an abundance of information and warnings from the community about current scams.
The #report-scams threads in the AtomicHub and WAX Discord servers are a treasure trove of screenshots chronicling the various ways scammers are trying to lure in unsuspecting users. My old friend Ray was even featured there a couple of times – seems like a lot of people won that Bitcoin giveaway…
My main takeaway here is to be very wary of any private messages from unknown users – and to never sign in to anything that I’m not 100% certain is from a legitimate source.
As a rule of thumb, I won’t click on any links from strangers, and even if using a link from a trustworthy source, it always pays to double-check the URL to make sure it’s not a sneaky misspelling of a trusted site sent by a compromised account.
This, unfortunately, is just the tip of the iceberg. Whilst phishing scams are the most common, they’re also the least sophisticated, and therefore relatively easy to recognise.
Trade and buy offers are very useful marketplace features. Scammers know this, and have tried to take advantage of them at every corner. Even in the short time I’ve been dabbling in this space, efforts have been made to make scam offers as obvious as possible, but it’s still always in my hands to check that what I’m accepting is the real deal.
These are scams that I’m lucky to have only seen from afar, but the most common tricks lure people into accidentally selling their precious NFTs for a pittance compared to their actual market price.
The scammer will write what appears to be an official message, citing a decent sale offer, but if you take a moment to look at it properly, it’s clearly designed to fool those who cast only a cursory glance over the window. Thankfully, the AtomicHub team have gone to great lengths to eliminate this form of deception, and as a result this type of scam is falling by the wayside.
Others are a little trickier though. You may see bots that will duplicate a legitimate trade offer that you’ve been sent – sometimes just seconds after the real offer – which, without being alert, could lead to those NFTs landing in the wrong hands.
Again though, all it takes is a little attention to check the wallet address is correct to thwart these dodgy trades.
Perhaps the most deceitful scam to look out for is fake NFTs. It’s not uncommon to find counterfeit assets made by accounts impersonating big players.
Farmers World, for example – currently the biggest project on WAX – is constantly being impersonated by scammers who’ll make collections with similar names to the original, such as farmerswerld or farmsrsworld in an attempt to fool collectors with fake copies of legitimate Farmers World NFTs.
All major marketplaces have a process that allows for collections to undergo a series of checks, adding an additional layer of legitimacy. I’m quickly learning, however, that this should, by no means, be taken as a guarantee against scammers.
While whitelisting does act as a first barrier to entry, it is in no way infallible. Ultimately, even projects with the best of intentions may turn sour down the line and do unscrupulous things, so doing your own research is always paramount.
As with phishing scams, the thing to do here is check, double check, and triple check what I’m clicking on and what I am purchasing. I must have checked about eight times before buying my first NFT, out of paranoia for potential scams, but it’s because of such diligence that I know my Waxy NFT is a certified original which I will sell for millions one day.
Just kidding, I would never.
One of the reasons I value my Waxy so highly is because I like the creator, I believe in his work, and I trust his character – and this brings me to probably the most insidious of scams: the rug pull.
From time to time, entire projects will just disappear, taking with them the oftentimes enormous upfront investment that collectors have made.
Many projects, particularly games, will start selling “useable” assets before releasing the system in which they can be used. These assets are sold on hype – on the promise that, once that game is released, those assets will give players early access, or a huge advantage.
Often times, this may be legitimate – but every so often these projects turn out to be fraudulent, with buyers being left with their now-useless NFTs as a painful memento.
These are a bit harder to avoid, as rug pull scams will usually go to great lengths to appear legitimate. That said, there are still some red flags to look out for.
Robert Baggs wrote a brilliant article for NFT Insider several months ago about how to choose projects to invest in, and I’ve adopted his advice as guidelines for all of my future NFT purchases.
The topic of security doesn’t just include scammers – it includes hackers too. Whilst far less common, it always pays to be careful, especially as my collection continues to grow.
Until now I’ve been using the newbie-friendly WAX Cloud Wallet with 2-Factor Authentication enabled, but I understand that it’ll be better to switch to something called a custodial wallet in the near future.
Hardware wallets such as Ledger are the gold standard – ensuring that access to my wallets is achievable only through a dedicated physical device that I hold – but that’s an adventure for another day.
For now, I know to be wary of links, double check my trades, and look at the collections behind the NFTs I buy – as well as never, ever giving anybody access to my wallet.
As long as I do that, I can enjoy the good parts of the NFT space and rest easy knowing Ray and his immoral friends can’t get their hands on my Waxy.