How to Stay Safe in NFTs

We are dealing with a place in technology where many are riddled with uncertainty. This leaves many of us who are eager to learn in a vulnerable position, and a lot of folks have been learning things the hard way. I have witnessed countless web3ers, we'll call them, fall victim to scammers and it is something I wish on no one. I want to make sure that you aren't finding yourself in that position, and hope that some of what you'll read here today can make you feel more confident about entering the world of NFTs.

So let's get into it, what can we do to stay safe?

Verify ALL links

Malicious links are distributed in so many ways. If you have your DMs (Direct Messages) open in Discord, you'll find a lot of spammers trying to convince you to join a server or mint an NFT by leveraging FOMO. Sometimes they'll be in the same server as you, and sometimes they may not be. Nonetheless, if your DMs are open they will send you what looks like a very real announcement about minting a project, and in reality it is a link to a URL that is a duplicate of the real project's website.

Tip: Always block and report the user that is sending spam links if you do decide to keep your DMs open. Find the server you have in common, if there is one, and share their info with the team in their report scam channel.

Any NFT project will have their own version of an official links channel where they will put their verified information. When you first join a project, look at their official links channel and take a mental note of the spelling of their URLs. Scammers can hack discords and replace official link channel content with their fake URL on mint day as well, so be mindful of that if you are joining a project in the midst of minting. Scammers will also tweet URLs on mint day that look to be real, and the website looks legitimate, but it is fake. Confirm your source, and confirm the URLs look to be what is listed in other areas for that project.

Tip: Save website URLs in advance of mint day in case a discord gets hacked.

You will see links get thrown in the middle of chats if a project doesn't have that feature disabled. Always be sure those links are coming from a verified source before you follow them. I have seen countless bot attacks that send a faulty URL in every channel of a Discord. Some folks only pay attention to one specific channel and don't make the connection, or see it and immediately interact only to find out later that it was something called a Bot Attack. If you haven't interacted with someone before, and it isn't a project Admin, think twice before clicking.

Tip: Do not let FOMO get the best of you.

Prepare to give yourself ample time to do the research to validate anything you are interacting with. This is such a fast-paced space that it is easy to get distracted and feel like something is happening unexpectedly and you need to act fast and act now. If you don't take the time to make sure you are on a trustworthy website, you could end up connecting your wallet to a site and giving away all your assets unwillingly. If you know a mint is approaching, open the website a few days in advance so you aren't scrambling at the last minute.

Never Give Out Your Seed Phrase

Sometimes if you are asking the public for help via a Tweet on Twitter or in a general channel of Discord, you'll get a seemingly overwhelming amount of nice people ready to help you. There are so many willing to help and lend a hand, but there are also so many who know how to manipulate and smooth talk that you just have to second-guess everything.

If you do end up in a DM with someone, and they start asking you to send money somewhere, log into a specific area, or offer to log into your account to do things for you, it's time to block them and report them.

Fake support links are everywhere. This happens frequently on Twitter, where one Tweet can land you with 10-12 comments of people directing you to the wrong place. It looks good on the surface level, but it's really a scam. They even go so far as to drive you to forms that ask you way too many personal things. Do not trust this.

If you're in a Discord server, most project admins will have a message in their name, like Won't DM You First. This is the safest way to ensure that you are speaking with the right person. Many scammers will change their profile picture, and username, to reflect an important person in the NFT project resulting in an established trust that was misrepresented.

Tip: If someone asks for your seed phrase, say no and stop talking to them.

DYOR (Do Your Own Research)

Make sure that you are doing your own research to keep yourself safe. That means picking projects that you can see who the core team is and validate their credibility. Don't just trust their word and that they're telling you the truth. It is good to have faith in humanity, but in a space full of so many unanswered questions, there is a lot of opportunity for untrustworthy people to take advantage of others.

Read the Smart Contract

This one is probably the hardest piece of advice in this article. It is the equivalent of reading those lovely terms and conditions nobody wants to, and then mixing in some code to make it even more complicated. If you don't know how to read a smart contract, it is well worth your time to learn what to look for that could be concerning in a contract. One thing to note, is soft wallets like MetaMask will typically display some sort of message to confirm, at a high level. Even the presentation of that message will help you weigh if you should be concerned or not, but sometimes they can look just as valid. You'll thank yourself later if you learn how to decipher smart contracts.

Confirm the Source Before You Buy

If you are buying an NFT on the secondary market, which means on OpenSea or MagicEden, you should always confirm you are buying from the official project. Just like scammers will impersonate an Admin within a discord, they will also directly copy a project on OpenSea, and create fake NFTs that are exact replicas of the NFTs in the project. They will change or add one character to a username, think sourorchid becomes sour0rchid, and suddenly you're executing an irreversible transaction on a fake account. I would reference the official links in the Discord, or verified Twiiter account, and cross-check everything before purchasing.

Move Valuable Assets to a Different Wallet

There are a few ways I've seen people approach keeping their assets safe, but they all involve having a primary and secondary wallet. One wallet to execute transactions, and one wallet to store the assets. Some people use a hard wallet, which is a physical ledger that can store your tokens and coins, and a soft wallet. Other people will create two separate soft wallets (like MetaMask for Ethereum or Phantom for Solana). Either approach will work, and it's a matter of preference which direction you take.

The wallet you use to buy typically only ever has the amount you think you'll need to mint a project on mint day. What you'll do is buy and store your coins on one wallet, and then transfer your coins to the soft wallet you will use to connect to a minting website or NFT platform. This will help ensure that in the worst case scenario you are only losing the specified amount of money in your wallet. This wouldn't be all of your crypto, or all of your NFTs. It is unfortunate to lose anything unwillingly, but if it is going to happen, at least you can ensure there will be minimal damage done.

Be Careful and Have Fun!

This is probably one of the biggest drawbacks to onboarding folks into the world of NFTs. It is really scary knowing that there people preying on the newbies around every corner, and you don't want to be their next victim. That's why it is important to be certain you are staying as safe as possible while enjoying all that NFTs have to offer. So instead of letting these things scare you away, take it as knowledge to make you feel more confident about the decisions you're making.

The more questions you ask, the safer you are.