NFTs or non-fungible tokens have recently generated a lot of buzz with several artists and celebrities wanting to join the brigade and sell their artworks in the NFT market. However, the growing popularity of NFTs has not just allured artists but also bad actors and cyber thieves who wanted to make use of this new digital technology.
In March 2021, users of Nifty Gateway, one of the most popular NFT marketplaces reported that hackers have stolen NFTs worth millions from their accounts. In addition, these malicious actors have also used their credit card details to purchase new NFTs. This incident led to users questioning the security of NFTs as well as these platforms.
In this article, we look at the difference between fungible and non-fungible tokens and which are the best practices that users must deploy to secure their NFTs.
Fungible vs Non-Fungible Tokens
Fungible tokens are currencies that can be exchanged with each other and their value will always remain the same. Examples of fungible tokens are Bitcoins and Ethereum. Fungible assets like fiat currencies also work on the same principle. So, the value of one Bitcoin will always be equal to another Bitcoin. The same goes for fiat currencies like the Dollar or EURO.
Non-fungible tokens on the other hand are non-interchangeable which means that they cannot be exchanged for another non-fungible token.
NFTs are non-fungible tokens or digital assets that are not interchangeable or cannot be replaced. They are one-of-a-kind cryptocurrencies that are linked to the blockchain and give proof of authenticity or ownership to the asset. That is why they are rare and used to buy digital artworks, musical videos, and even virtual real estate.
How to protect your NFTs
Similar to cryptocurrencies, NFTs are stored in crypto wallets. A crypto wallet essentially stores the private key of your digital assets, in this case, NFTs. By storing them online or offline, they provide security and accessibility to your NFTs.
To buy or sell in an NFT marketplace, you need a software wallet. A software wallet is a web-based wallet installed on your computer or desktop that holds the private key of your NFTs. A private key, depicted in the form of alphanumerical numbers, allows users to access their tokens. It is the key to unlock cryptocurrencies and losing private keys can subsequently result in the loss of digital assets. On the other hand, a public key is used to send or receive tokens and proves the ownership of digital tokens. In a software wallet, the private keys are stored online which allows you to directly operate in the market. MetaMask is by far the most popular wallet for storing NFTs.
On the other hand, hardware wallets like Ledger Nano or Trezor, are cold storages where all the private keys are stored offline. They may be safer compared to software wallets but cannot be used in the NFT marketplaces. Since digital assets in cold storage are stored offline, they cannot be directly used to access NFT marketplaces online. Experts believe that a mix of both software and hardware wallets can ensure a more secure approach to protecting NFTs.
Now, since NFTs are stored on blockchain networks when a malicious actor gets access to NFTs, it becomes practically impossible to reverse the transaction or return the stolen NFTs to the owner. This is because transactions on blockchain are irreversible and immutable. Once a transaction occurs, it is permanently recorded and ownership of NFTs are transferred.
NFT ownerships are controlled by these private keys. So, anyone who has access to these private keys can have access to the NFT wallets. Therefore, it is extremely important to securely protect the private keys with which NFTs are controlled.
Best practices to secure your NFT account
Here are some of the best practices that can be deployed to secure your NFT account.
- Security — Metamask is one of the widely used software mobile wallets for NFTs. It operates on almost all NFT marketplaces like OpenSea or Rarible. Hardware wallets like Ledger Nano can be easily linked to Metamask. Once linked, the private keys including the 12 to 24-word seed phrase can be stored securely in the hardware wallet. Whenever a transaction is requested, it has to be first approved by the hardware wallet using the private key. Other leading wallets to store your digital assets and NFTs include Coinbase.
- Seed Phrase — Remember to keep a record of your seed phrase in a safe place. Seed phrases are recovery keywords that can be used to recover your wallet if it is stolen or lost. Paper wallets are one of the most secure ways to store private keys and seed phrases for NFTs.
- PIN — As discussed in the earlier section, you need a wallet to buy, store, and/or sell NFTs. Tokens stored inside the software wallets are secured using PIN codes and additional security like 2 Factor Authentication(2 FA). Use PIN codes that are hard to guess. Do not disclose PIN codes to anyone.
- IPFS — Using IPFS (InterPlanetary Filesystem) that uses CIDs (content identifiers) can safeguard NFT data from being hacked or lost. Due Diligence — Conduct thorough research before venturing into an NFT trade. Check the NFT platform or the website address before creating an account. Check for typosquatting or phishing attacks. It is also advisable to do a background check on the seller or the artist and see whether they are authorized to sell the NFT products.
- 2 FA — Unlike usual practices, you do not require to create an account on marketplaces to buy or sell NFTs. Instead, you are required to connect your wallet with the marketplace platform. Always use layered security features like two-factor authentication to secure your account.
- Distribute Storage — It is better to distribute your NFT assets rather than storing them in one place to minimize the loss. In other words, you can store your NFTs on multiple hardware and software wallets. For instance, it is a good practice to store the NFTs that you do not need immediate access to on hardware wallets.
- Watermarks — Artists can use visible or invisible watermarks to safeguard their products from plagiarism. It is possible to mint an NFT with a watermark and buyers would receive a high-resolution and watermark-free copy after purchasing the NFT.
- VPN — Using a VPN (virtual private network) can hide the IP address of the user. With a VPN, your data is encrypted from end-to-end adding an extra layer of security.
NFTs are a lucrative market but it is still in their infancy. The market is vulnerable and is a soft target for malicious actors and needs additional security coverages. Though there has been a lot of talk about non-fungible token insurance, there are no insurance policies available yet.
The NFT market needs constant network monitoring and a robust security framework to safeguard the interests of the NFT token holders.