Staying Safe in the NFT Boom

On hardware wallet security, counterfeit NFTs, fake DMs, and more!
Jan 11, 20214 min read

Dear Bankless Nation,

As Ryan Sean Adams likes to put it, those of us delving into Ethereum, DeFi, and NFTs are like people going west to the frontier.

There’s adventure. There’s wonder. And there’s absolutely danger, too.

That said, the relatively small NFT ecosystem is really starting to veer into the limelight and attract new users. So what are the fundamental safety practices these newcomers can use to competently address the early dangers they’ll face?

I’ve got 5 tips for your consideration below that in the very least will help you get started on de-risking your NFT activities.


Let’s Talk About Securing NFTs!

The NFT sector, like DeFi, was one of the stars of the Ethereum ecosystem in 2020, and that trend seems easily poised to continue into the New Year and well beyond. We’re staring down a revolutionary new media paradigm, is all!

In the ongoing NFT boom, then, there’s no shortage of possibilities and potential. But this “media lego” sector is still young, so that means many new arrivals to the rising NFT space aren’t yet savvy on the risks and pitfalls around these assets, at least not as things stand.

Accordingly, in today’s post we’ll be looking at a handful of considerations that will help NFT novices become safer collectors.

1) Hardware wallet still your best bet

Hardware wallets are the safest, best bang for your buck way for everyday users to secure their ETH and DeFi tokens. For the same reasons, these wallets are great for storing NFTs, too.

Why? Because these little devices are like pocket-sized digital vaults that can’t be easily attacked, unlike software wallets like MetaMask which face considerably more attack vectors.

We’ve already seen some NFTs stolen by blackhats. If you’re interested in digital collectibles and want to start diving in, a hardware wallet is certainly where you want to start security-wise.

2) Watch out for counterfeits

Ethereum is permissionless infrastructure: anyone can mint any media into an NFT, particularly on DIY platforms like Rarible and OpenSea. This means we have to be vigilant against bad actors who hawk counterfeit NFTs.

For example, I’ve been trading CryptoPunks in recent weeks via Wrapped CryptoPunks, a wrapper token that makes Ethereum’s OG collectibles project (which preceded ERC-721) readily tradable.

That said, the other day I saw what I thought was an interesting Wrapped CryptoPunk on Rarible, but after some researching I quickly confirmed it was a fake, i.e. just a minted picture of a CryptoPunk and not, in fact, a real one.

Of course, there are curated and application-only NFT platforms like SuperRare and NiftyGateway where this problem doesn’t exist. On the DIY marketplaces, though, you’ll definitely want to double or even triple check all available info before you buy. Go to primary sources for the truth, like an Ethereum block explorer. Among other things, I went to the official CryptoPunks site to cross check the aforementioned fake listing, for instance.

Source: larvalabs.com

3) Beware fake private messages

Let’s say you wake up one day to a DM from one of the NFT space’s biggest names. They’re talking to you, seem real, and need just a pinch of help until they can access their main wallet again.

Will you front them that ETH they promise to pay you back for?

Hell no!

In recent weeks, we’ve started to see a flurry of fake profiles pop up and impersonate prominent figures in the NFT ecosystem and attempt to scam users accordingly. These nefarious campaigns are getting more sophisticated, so be on high alert! If someone is promising something too good to be true, it is, and the profile’s undoubtedly fake.

4) Think about metadata

If an NFT project hosts their metadata off-chain, e.g. 3rd-party servers, and that project eventually goes bust, all the users that ever collected that project’s NFTs will henceforth be holding worthless, empty assets.

We’ve seen it before, and we’ll unfortunately see it again.

NFT projects approach metadata in varying ways, of course. The best guarantees for collectors are from NFTs whose metadata is entirely on-chain, because that means you can always pull everything you need to know and see about that asset entirely from the Ethereum blockchain itself, for example.

Be savvy, consider how different platforms tackle metadata. Assets that will stand the test of time are less risky, in the very least.

5) Understand NFT liquidity

NFTs aren’t as liquid as their ERC-20 token counterparts.

If you buy a non-fungible token, you can’t necessarily go exchange it back for ETH any time you want like you could with a DeFi token on Uniswap. It rather just depends on if another collector ever wants to bid on or buy a piece you own.

If you’re looking to get into NFTs, look for ones you personally enjoy and wouldn’t mind simply just paying for and having forever. To be sure, you might flip it later for profit, but just know you may have to sit on your hands for a while. Don’t expect quick, easy flips, and don’t invest more money than you can afford to lose into NFTs.


The NFT ecosystem has its share of risks just like any of Ethereum’s rising niches.

Just because NFTs are starting to catch fire doesn’t mean you should throw caution to the wind and ape into projects without basic due diligence. Be smart, collect safely, and take measures so you don’t fall prey to the blackhats who are increasingly paying attention to NFTs!

Action Steps

  • Create a short to-do list of actionable things you can do in the near future to improve the security of your NFT activities.

Not financial or tax advice. This newsletter is strictly educational and is not investment advice or a solicitation to buy or sell any assets or to make any financial decisions. This newsletter is not tax advice. Talk to your accountant. Do your own research.

Disclosure. From time-to-time I may add links in this newsletter to products I use. I may receive commission if you make a purchase through one of these links. Additionally, the Bankless writers hold crypto assets. See our investment disclosures here.

Account Light mode Log Out