Academy

Keeping your collection safe in a changing web3 landscape

Written by SuperRare Labs | May 23, 2023 2:35:04 PM

You’ve been collecting NFTs and you’re now wondering how to keep your collection safe. Maybe you’ve heard about scams and stolen NFTs, which are a scary possibility on the blockchain. While there is no airtight protocol to protect your collection forever (after all, we are humans and prone to error when setting up and maintaining our own security measures), there are a host of good practices you can adopt to make an attack on your NFTs very (very!) difficult.

It starts with good habits

Securing your blockchain-based assets starts with your behavior online and with your devices in general. It’s important to first ask yourself, are your devices (laptop, phone, tablet, etc.) secure? Do you update your softwares regularly? Do you have anti-malware protection? Do you adopt enhanced security measures to protect your data, such as encryption, two-factor authentication, passwords managers? It can be time-consuming and even expensive, but now that you’re embarking on a journey to hold valuable cryptoart, it might be time to start thinking about these questions seriously. 

The following measures focus on five areas: 

  1. Choosing the right wallet for your collection
  2. Safeguarding private keys and seed phrases
  3. Ensuring safe NFT transactions 
  4. Insuring your cryptoart collection 
  5. Backing up your NFTs
"Playing the Crypto Art Game" by Max Osiris on SuperRare. 

Choosing the right wallet for your collection

The first step in keeping your NFT art collection safe is selecting the right digital wallet. A digital wallet is a software application or hardware device that allows you to securely manage, and transact with your NFTs. It’s important to note that, unlike a normal wallet that holds real cash, crypto wallets don’t actually store your crypto or NFTs. Your holdings live on the blockchain, but can only be accessed and traded using a private key. It’s your private keys that are stored in your wallet. 

There are two primary types of digital wallets: hot wallets and cold wallets.

  • Hot wallets: Hot wallets are connected to the internet, which makes them more accessible and convenient for everyday use. They come in the form of mobile apps, browser extensions, and desktop applications. While hot wallets offer greater ease of use, they are more vulnerable to cyber-attacks due to their constant internet connection.
  • Cold wallets: Also known as hardware wallets, cold wallets are physical devices that store your private keys offline. These wallets provide an added layer of security as they are not connected to the internet, significantly reducing the risk of hacking or theft. However, cold wallets can be less convenient for frequent transactions as they require physical access to the device.

When choosing a digital wallet, it's essential to consider the following factors:

  • Security features: Look for wallets with robust security measures, such as end-to-end encryption, biometric authentication, and secure PIN protection. Cold wallets are typically more secure, but some hot wallets also offer advanced security features. 
  • User-friendliness: The wallet should have an intuitive interface and be easy to navigate, even for those new to the world of NFTs. A good wallet will provide clear instructions on setting up and managing your NFT assets.
  • Wallet reputation: Research the wallet provider's reputation within the NFT community. Look for user reviews, testimonials, and any reported security issues. Reputable wallets will have a track record of reliable performance and responsive customer support.
  • Backup and recovery options: In case of loss or damage to your wallet, it's crucial to have a backup and recovery plan. Ensure the wallet offers a straightforward backup process and a recovery method for retrieving your assets.

There are numerous digital wallets available, but here are a few popular options to consider:

  • MetaMask: A widely-used hot wallet in the form of a browser extension, compatible with Ethereum-based NFTs.
  • Trust Wallet: A mobile hot wallet that supports multiple blockchains, including Ethereum, Binance Smart Chain, and more.
  • Ledger: Cold wallet devices that offer a high level of security and support various blockchains, including Ethereum and many others.
  • Trezor: Another set of reputable cold wallet devices, known for their robust security features and support for multiple blockchains.

Remember that the security of your NFT art collection depends on the digital wallet you choose. Invest time in researching the best wallet that suits your needs and priorities, and always stay updated on wallet-related news to ensure the ongoing safety of your assets.

"Seed Phrase Words Visualization RGBVSC Black Edit." by Martin Lukas Ostachowski on SuperRare. 

Safeguarding Private Keys and Seed Phrases

Private keys and seed phrases are critical components of your NFT security. They grant you access to your digital wallet and, ultimately, control over your NFT collection. As such, it's essential to take proper measures to secure your private keys and seed phrases. First, let’s understand what they are: 

  • Private keys: A private key is a unique and secret alphanumeric code that allows you to access and manage the assets within your digital wallet. It's crucial to keep your private key confidential, as anyone with access to it can control your NFTs and cryptocurrencies.
  • Seed phrases: A seed phrase, also known as a mnemonic phrase or recovery phrase, is a sequence of 12 to 24 words issued by your wallet that it can then use to generate your private keys. Think of it as your private key in a human readable format. Seed phrases act as a backup, allowing you to restore your wallet and recover your assets in case of loss or damage.

To protect your NFT art collection, consider the following secure storage methods for your private keys and seed phrases:

  • Hardware wallets: These cold wallet devices store your private keys offline, providing an added layer of security against hacking and theft. When using a hardware wallet, your private keys never leave the device, significantly reducing the risk of exposure. Hardware wallets will provide you with a seed phrase, but won’t store it. You’ll need to write it down or engrave it somewhere else, such as:
  • Paper wallets: A paper wallet is a physical document containing your private key and seed phrase, often in the form of a QR code. Paper wallets should be stored in a safe and secure location, such as a safe deposit box or a fireproof safe, to protect against physical damage, theft, or loss.
  • Metal backup solutions: Metal backup solutions involve engraving or etching your seed phrase onto a durable, corrosion-resistant metal plate. This method provides protection against fire, water, and physical damage, ensuring the long-term safety of your seed phrase.

To further secure your private keys and seed phrases, follow these best practices:

  • Create multiple backups: Store at least two copies of your seed phrase in separate, secure locations. This ensures that if one backup is lost or damaged, you still have another to fall back on.
  • Do not store digital copies: Avoid storing your private keys or seed phrases on electronic devices or online platforms, as this increases the risk of hacking or accidental exposure.
  • Keep your backups confidential: Limit access to your seed phrase backups to only those who absolutely need it. The more people who know your seed phrase, the greater the risk of unauthorized access.
  • Regularly check your backups: Periodically inspect your backup locations and materials to ensure they remain safe and intact.
"unconfirmed transaction" by uczine on SuperRare.

Ensuring Safe NFT Transactions

Transacting with NFTs requires caution and diligence to avoid potential pitfalls and ensure the safety of your art collection. Before purchasing an NFT, it’s critical to always verify its authenticity to ensure you're acquiring a genuine piece of digital art. Take the following steps:

  • Research the artist: Confirm the artist's identity and their connection to the NFT. Look for a verified social media presence or an official website to validate their work.
  • Examine the token metadata: Check the token's metadata for essential information, such as the artist's name, the artwork's title, and a description of the piece. Ensure the details match the information provided by the artist or the marketplace.
  • Check the provenance: Review the NFT's transaction history on the blockchain to confirm its ownership and authenticity. Reputable NFT platforms often provide a built-in feature for viewing provenance.

Next, choose well-established and reputable NFT marketplaces for buying and selling your art pieces. Trusted platforms typically offer better security measures and are more likely to have reliable customer support.

When sending or receiving NFTs, always double-check the wallet address to ensure it's accurate. A minor mistake in the address can result in the permanent loss of your assets. Consider the following tips:

  • Copy and paste addresses: Avoid manually typing wallet addresses, as this increases the risk of errors.
  • Verify the address before sending: Double-check the wallet address before initiating a transaction. If possible, send a small test transaction first to confirm the address is correct.
  • Use ENS (Ethereum Name Service) domains: ENS allows users to register a custom domain (e.g., yourname.eth) that resolves to their wallet address. Using ENS domains can reduce the risk of errors and simplify transactions.

It’s also important to keep in mind phishing scams, which involve malicious actors attempting to steal your private keys or seed phrases by impersonating legitimate platforms or services. Protect yourself from phishing attacks by:

  • Verifying URLs: Always double-check the URL of the website or platform you're using. Look for the padlock icon in the address bar, indicating a secure SSL connection.
  • Being cautious with emails and messages: Don't click on suspicious links or download attachments from unknown sources. Be wary of emails or messages urging immediate action, as they may be phishing attempts.
  • Using browser extensions: Install browser extensions, such as MetaMask or EAL (EtherAddressLookup), that warn you when you visit a known phishing site.

For more on avoiding common crypto scams, read [this article](link to scam article).

"lady with a fox" by fabielloArt on SuperRare.

Insuring your NFT art collection

As the value of your NFT art collection grows, it's essential to consider insurance as an additional layer of protection. NFT insurance can safeguard your assets against theft, loss, or damage, providing financial coverage in the event of a mishap. NFT insurance offers several benefits, including:

  • Financial protection: Insurance can reimburse you for the loss of valuable NFT assets due to theft, hacking, or other unforeseen circumstances.
  • Peace of mind: Knowing that your NFT collection is insured provides a sense of security and helps you focus on growing and enjoying your collection.
  • Professional support: Insurance providers often offer expert advice and assistance in the event of a claim, guiding you through the process and helping you recover your assets.

Different insurance providers offer various types of NFT coverage, which may include:

  • Theft coverage: This type of insurance protects against the theft of your NFTs, whether through hacking, phishing scams, or unauthorized access to your digital wallet.
  • Loss coverage: Loss coverage provides protection in case your NFTs are accidentally lost or become irretrievable due to issues like wallet corruption, misplaced private keys, or seed phrases.
  • Damage coverage: Some insurance policies may also cover damage to the underlying digital art files, such as corruption or loss of data, impacting the value of the associated NFT.

While the NFT insurance market is still relatively new, several companies have begun to offer coverage for digital assets. If this is something you’re interested in, research it further and look out for newcomers in the space. Some providers include:

  • Metaversal: Metaversal offers specialized insurance for NFTs, covering theft, loss, and damage to digital art assets.
  • Coincover: Coincover provides cryptocurrency insurance that extends to NFTs, protecting against hacking, theft, and other risks.
  • Marsh: Marsh, a global insurance brokerage firm, has partnered with Ledger to offer insurance for digital assets, including NFTs, stored on Ledger wallets.

When selecting an insurance provider, thoroughly research their policies and coverage options to ensure they align with your specific needs. Consult with an insurance expert or legal advisor to help you understand the terms and conditions of the policy before committing.

"nft alchemy" by fabielloArt on SuperRare. 

Backing up your NFTs

The NFT space is relatively new and in constant flux. There is a very real nightmare scenario where a marketplace on which you’ve purchased NFTs goes offline. On November 12, 2022, for example, Hic et Nunc (HEN) shut down with no notice or explanation. In such cases, it's essential to have a backup plan to ensure you maintain access to your NFT collection. 

It’s important to note that, though NFTs are stored permanently on-chain, that’s just the token itself. The associated files, like artwork images, are often stored off-chain and, in turn, at risk of deletion if a marketplace folds. According to ClubNFT, 10% of NFT files are on-chain, 40% are on private servers and at risk, and the remaining 50% are on IPFS. You can use ClubNFT’s free service to backup your NFTs and protect them. It doesn’t hurt to learn more about IPFS and how you can use it yourself. 

InterPlanetary File System (IPFS) is a decentralized, peer-to-peer network for storing and sharing data. IPFS clusters operate like blockchain nodes, as in, anyone can host an auto-updating copy of the file system, creating database redundancy. Many high quality marketplaces use IPFS to store artworks, and you too can use them independently to protect your NFTs by ensuring the persistence and accessibility of the digital content associated with them. To protect your NFTs using IPFS, you can follow the steps below. Please note that some steps are quite technical, so when in doubt, please conduct additional research, reach out to experts who can help you, or use a custodial service to back up your collection: 

  • Install and set up IPFS: Download and install the IPFS software from the official website. Follow the instructions provided to set up IPFS on your device. This will allow you to interact with the IPFS network and store your NFT-related files.
  • Upload your NFT content to IPFS: To add your NFT-related digital content (such as images, videos, or audio files) to IPFS, use the command line or an IPFS desktop app to add the files to your local IPFS node. When the files are added, IPFS will generate a unique hash (called a Content Identifier, or CID) for each file, which serves as the address for accessing the content on the IPFS network.
  • Pin your content: To ensure the persistence of your NFT content on IPFS, "pin" your files. Pinning is the process of marking a file as important, which tells the IPFS network to keep a copy of the file and prevents it from being automatically deleted during garbage collection. You can pin your content using the IPFS command line or desktop app, or use a pinning service like Pinata or Infura, which will store and manage the content on your behalf.
  • Link your NFT metadata to IPFS: In the metadata of your NFT, include the IPFS CID for the associated digital content. This establishes a permanent link between the NFT and the content hosted on IPFS. When creating an NFT on a platform or marketplace, look for an option to input the IPFS CID or use a custom metadata JSON file that includes the IPFS link.
  • Verify the IPFS link: After creating your NFT, use a blockchain explorer (like Etherscan or BscScan) to confirm that the NFT metadata contains the correct IPFS CID. You can also check the accessibility of your content by visiting an IPFS gateway, such as "https://ipfs.io/ipfs/[your_CID_here]" (replace "[your_CID_here]" with the actual CID).

By hosting your NFT content on IPFS and linking it to your NFT metadata, you can protect your NFTs from central points of failure and ensure their accessibility even if the original hosting platform or marketplace goes offline. However, keep in mind that using IPFS doesn't secure your NFT ownership or wallet—follow the best practices outlined above for securing your digital wallet, private keys, and seed phrases to protect your NFTs.