New: Wallet recovery made easy with Ledger Recover, provided by Coincover

Get started

Up your Web3 game

Ledger Academy Quests

  • Test your knowledge
  • Earn POK NFTs
Play now See all quests

How to Secure NFTs in 2023

Read 5 min
NFT computer screen on a black background
— With scams that are more sophisticated than ever, it’s never been more important to understand the threats to your NFTs.

— Avoid blind signing wherever you can; where smart contract details are available, make sure you understand what you’re agreeing to!

— Don’t trust – verify. Make sure the entity you’re transacting with is legitimate, and never respond to private messages.

— Never share your secret recovery phrase. Ever.

— Ledger offers the most secure device for housing the private keys to your online assets and a wealth of information so that you’re up to date with the tricks of trade.

The NFT market has exploded over the past few years, with NFT volumes totaling around $24.9 billion in 2021 alone. It’s an exciting scene and the potential is only growing as more sectors and traditional industries engage with it.

Best Practices to Secure NFTs

The rising popularity of NFTs has not only attracted artists, communities and buyers. However, it has also drawn the attention of scammers. These bad actors have started to employ sophisticated practices to scam users. In this article, we look at the best practices to secure your NFTs in your wallet and protect your assets against scams.

1) Secure your NFT private keys offline

Digital assets live online, but your private keys shouldn’t. Private keys define the ownership over your blockchain assets. The way you store them determines the security of the assets. 

Many people store their private keys in online wallets, or hot wallets. This allows a person to easily trade, buy, sell, and move their digital assets around. Sounds perfect, right?

Well, not quite. While online wallets do offer the ease of convenient trading and interaction, it comes at the cost of security. This is because online wallets can be hacked remotely. This means that no matter what security measures are in place, your private keys are vulnerable to an attack.   

Big industry leaders like Metamask and Phantom keep your private keys in an interface that lives online – which is not immune to the risk of a hack. In August 2022, Solana’s network was attacked and the hacker was able to take off with $6 million in the raid. Phantom and Slope accounts – both online wallets – were impacted by the attack, which targeted addresses through the browser extension. 

So what’s the alternative?

Secure your private keys in an offline wallet. Hardware wallets like Ledger Nano are completely untouchable by digital hacks like the one above – since they are isolated from your internet connection and so they simply cannot be reached. So although a hardware wallet may take a few extra seconds to confirm your transactions, they are the only way to be really sure your NFTs are safe from hacks.

2) Never blind sign NFT transactions

Many wallets are unable to extract and display the full details of smart contract transactions because the data is too complex for the wallet to display. Because this situation is so common, many Web3 users think it is normal to sign the transaction even though they can’t actually see what they’re agreeing to – they’re basing the decision on trust, instead of verification.

This blind spot gives scammers a great opportunity to access your NFTs. Hiding a malicious transaction within a situation that “seems” normal, and getting you to give them access to your wallet.

Ledger devices are built with a Trusted Display to show you full, reliable smart contract details for a growing number of transactions. Using this wherever possible (any time you’re using an app within Ledger Live) safeguards you against signing something malicious because you weren’t able to see all the details. 

If you can’t see all the details on your Ledger Nano, you can still minimize your blind signing risks. 

  • Make 100% sure you’re only transacting with reputable dApps and platforms.
  • Always double-check that the URL is genuine.
  • Never respond to private messages on Discord or Twitter. 

3) Learn to read smart contract functions

Being able to see the details of a smart contract is incredibly important. But it’s only one part of the equation. You also need to be able to understand what you’re reading.

Would you sign a contract that gave someone access to your bank account? Of course, you wouldn’t! But what if the contract was written in a foreign language, and you thought you were signing to make a small donation to charity?

This is the scenario for smart contract functions. Many people aren’t sure how to interpret them, and this gives scammers a huge opportunity to get access to their wallet.

In July 2022, mint registration site PreMint was hacked. The scammer created a pop-up that claimed to be an innocent “wallet confirmation”. 

The transaction in question permitted the scammer to access the victims’ wallets, by posing as something innocuous. But anyone able to interpret the fine details of the pop-up would have noticed there was a gas fee attached – meaning it was really a transaction.

The lesson? Learning to read smart contract functions is an essential skill for Web3 – it’s not optional! Luckily, Ledger Academy is leading the charge for degens everywhere, by providing a course on Web3 literacy, so you can protect yourself.

4) Never give your recovery phrase to anyone

Scammers use social engineering to stage scenarios where you offer private information like your recovery phrase.

Your recovery phrase, also known as your seed phrase, is the only backup to your crypto and NFT assets; only you should have access to it. It’s the master key and should be kept secret, safe, and left offline. Ledger will never ask for your recovery phrase. If anyone asks for your recovery phrase, it’s a red flag and you should proceed to interact with utmost caution.

Avoiding phishing and social engineering scams starts with where you put your trust. Learning to read smart contracts and getting as much information as possible can also help you avoid the unseen dangers in social engineering attacks. The more you know, the more you’ll know where to say no.

Secure Your NFTs – You’ll Be Glad You Did

Fully embracing the world of digital assets means making security your top priority. Keeping your private keys offline, learning about Web3, and how to interpret it are crucial ways to make sure your NFTs stay in your wallet.

Ledger’s got your back with both. With Ledger devices to keep your private keys and recovery phrase offline; meanwhile, Ledger Academy provides a database of crypto knowledge that is constantly evolving with the scams, so you have everything you need to properly secure your NFTs. We’re here to make sure you stay up to speed!

Knowledge is Power

Stay in touch

Announcements can be found in our blog. Press contact:
[email protected]

Subscribe to our

New coins supported, blog updates and exclusive offers directly in your inbox

Your email address will only be used to send you our newsletter, as well as updates and offers. You can unsubscribe at any time using the link included in the newsletter.

Learn more about how we manage your data and your rights.