How do I prevent my NFTs from getting stolen?

They need to know what is an NFT (okay maybe this requirement is redundant). Ways to prevent NFTs from getting stolen. Warning signs or red flags that your NFT might get stolen. How do people actually steal your NFT.

To post an answer, please !

3 answers

44 views

In order to steal an NFT, the thief needs to be able to call the transfer() function on the contract of the NFT to steal. That's their end goal. But there's multiple ways to get there.

As far as I know, these are the ways to do this:

If they get your seed phrase or private key, the thief would submit the transaction to transfer your NFT to their wallet as you.
If they get you to call an approval() function to allow them transfer it. Then they can call transfer themselves to take it.
If they can get you to sign a message that convinces another smart contract, that you've already approved, to transfer your NFT to the thief's.
Malware modifies your wallet app, so that the transaction you submit to the network is not the one you see on screen.

#1 and #2 costs you gas. If you get presented something that calls transfer() or approval(), look very carefully to make sure the wallet or contract you're transferring or approving is what you expect.

#3 doesn't cost gas. But the contents of the message matters. If you go to an authentication system like CollabLand, and you get a message that says "Verify account ownership." , you're safe. But if it turns out to be something incomprehensible like "0x1a2b3c4d5e6f99887766554433...." or something that doesn't seem to fit the context like "Sign to approve listing this NFT for 0.0ETH", you should not sign it. If you sign what looks like a hash, it could be signing a transaction you can't read that will transfer your NFT or something else. You simply don't know the effect. If you sign something that doesn't sound right, like an approval listing, you may have just posted it in a way for the thief to "buy" your NFT for 0.0ETH, by convincing a marketplace to transfer it for them.

A hardware wallet can help with #1 by making it impossible to steal the seed phrase or private key from your computer directly. And that you would think twice before you go looking for your seed phrase or private key written down somewhere safe. A hardware wallet does NOT save you from #2 or #3. For #4, some hardware wallets will show transaction data. So if you're looking carefully, you can see your computer and the wallet's transaction info is different.

For #2 and #3, you have to be careful about what you're signing or approving. Reading the data that MetaMask or whatever wallet you're using is showing you is important.

For #4, stay up to date on security updates. Most of the malware target Windows and Android devices, but that doesn't mean there can't be one for Macs, Linux, or iOS devices someday.

Great answer, thank you! Interesting viewpoint on how to prevent my NFTs from getting stolen. I have accepted your answer!

Just remember a couple of things. Generally nothing comes for free so dont fall for the freebies trap. Never share your password and seedphrase. Also dont save the seedphrase on any device or platform connected to the internet.

" Give me your seed pharse " so of someone say this to you he is trying to do something wrong ... how people will try to SCAM you in many different ways: one way is sending you private messages saying, because an action you did you have won something.. ei you join a discord channel you could get private messages of people impersonating the team members asking you to conect the wallet to some website so they have accest to your walllet, this message will have sane logos and look super identical to the original menbers... Another way is like fake minting pages you will recieve messages or see tweets that end of the minting of a collection is happening and you have the last chance to get in, you may feel FOMO and rush, not thinking and not cheacking if the place is real, then you will conect your wallet and they will have access to your nfts ...Another way is thet will create fake pages on opensea faking real and popular projects this are really similar pages so you will click try buy something that you think is a good deal but is not just fake...Another one you leave your walllet conected in a public place where many people have access people can get in your laptop and transfer the NFTs....another one you keep your seed pharse in your computer people or hackers can access and get access to ur wallet..... as you see could be infinite ways Ok ways to prevent; 1- Never share your seed pharse and keep it away from the digital world 2- Dont trust people on private messages especially if dont know them ignore them 3- reserch every project you are getting into dont jump in because someone tell you is good 4-Every time you conect your walket make sure you understand what arevyou doing if not reserch first 5-Dont rush take your time to understand things if you miss out is ok there is more oportunities 6- another way to keep your NFT safe is using a cold wallet also make sure you keep this on a safe place .... hope this helps keep learning & reading

Not the answer you're looking for? Browse other questions tagged #NFTs #General #DeFi or ask your own question.

How to write an amazing answer

Share as much detail as you can

Provide resources when possible

Have fun sharing your knowledge with others!

Our top contributors this week 👏

View All