Here’s how to prevent NFT theft, according to industry professionals
As non-fungible tokens (NFTs) attract more users, they also catch the eye of fraudsters. Bad actors in Web3 have set their sights on digital collectibles, with millions being lost through fraud and various attacks.
However, according to professionals working in the Web3 space, there are several ways and tools to prevent becoming a victim of NFT theft. Additionally, users can also perform various actions after losing their digital collectibles to hacks.
Ronghui Gu, co-founder and CEO of blockchain security firm CertiK, told Cointelegraph that the first and most important step is always due diligence. “Avoid clicking on suspicious links and be very careful when signing token approvals,” Gu shared.
Taking it a step further, the director shared other best practices such as periodically checking and revoking unnecessary permissions and splitting NFTs into different wallets according to purpose. He also explained that:
“Long-term holdings should be held in a secure wallet that interacts minimally, if at all, with applications. Hardware wallets have a somewhat steep learning curve, but the time investment is worth it.”
When asked what can be done when the assets are lost, Gu shared that it is unfortunate, but there is “not much” users can do to recover the assets. However, NFT marketplaces may blacklist the NFTs so that they can no longer be traded. “Raising awareness of common scams is an ongoing effort. Educating users about the safest ways to shop and how to minimize risk is the first step,” he added.
While hardware wallets can be a great solution, Michael Pierce, CEO of Web3 security firm NotCommon, said there are still risks involved. He explained that:
“People should buy the hardware directly from the manufacturer to minimize the chance that the wallet has been tampered with before the person receives it.”
Meanwhile, if the scam or attack had already occurred, Pierce recommended victims report it to databases like NotCommon “to keep others safe and identify the scammer.” If the potential losses are significant, management encouraged victims to take legal action if possible.
Mohamed Issa, senior strategist at data firm Chainalysis, also shared some insights on the topic. According to Issa, as NFTs become one of the fastest growing areas of crypto, it becomes a “go-to target for hackers.” He explained that:
“NFT transactions create a new challenge for cryptocurrency investigations as decentralized protocols are more complex and very difficult to trace compared to traditional centralized services.”
Issa also told Cointelegraph about the importance of being proactive when falling victim to theft. While reporting fraud and hacks to law enforcement is very important, he believes NFT holders can protect their investments with tools like Storyline, an analytics software created by his firm.
Issa believes the tool could enable users to assist investigators after being hacked and help them focus on the transactions and funds that matter most.
Related: New NFT private auction scam threatens OpenSea users
Director of BNB Chain growth operations Alvin Kan also shared that users can use tools such as revoke.cash – a way to check wallet status and revoke approvals – and browser extensions that provide risk warnings before signing contracts.
Within the BNB Chain ecosystem, Kan told Cointelegraph that there are community efforts to provide more NFT-specific security tools. The executive talked about an NFT authenticity-detecting NFT tool called GoPlus and other chain-wide initiatives like DappBay’s Red Alarm and AvengerDAO, which Kan believes help users stay one step ahead of fraudsters. He explained that:
“These tools, with contributions from the ecosystem projects, assess project risk levels in real-time and alert users to potentially risky DApps, so that users do not interact with malicious DApps and contracts.”
After becoming a victim of a hack or scam, Kan highlighted the importance of reaching out to NFT marketplaces. When all else fails, the executive said burning the token can be a last resort. Approaching the NFT project and asking them to burn the affected or stolen token may be the final solution.