Skip to main content

NFT Boom, How to Protect Your NFT Assets

Release Date: 24 Jan 2022 13230 Views

What is NFT?


NFT stands for Non-Fungible Token which is issued in according to the Ethereum ERC721 standard. Different from other cryptocurrencies, each NFT token has a unique ID, so it cannot be duplicated. Also, it can only be traded in its entirety at transaction.


With its value escalating and market expanding continuously, NFT platforms and accounts have become a new prey for cyber criminals. In March 2021, a batch of accounts on a well-known NFT platform, Nifty platform, that had not enabled two-factor authentication were stolen, with one of them reporting a loss of US$150,000. In July 2021, Stazie, the anonymous developer of NFT game Hedgie, fell prey to a phishing website, and 16 CryptoPunks and some cryptocurrencies was stolen. In December 2021, the crypto exchange, AscendEX, was hacked to steal cryptocurrencies and NFT assets, which worth about US$77M, from the crypto wallet. In regard to NFT security issues, HKCERT has the following suggestions:



Security Measures

  • Hackers imitate the promotions of NFT platforms and distribute fake NFT assets for free, thereby tricking victims into providing sensitive information
  • Verify senders' identities and links carefully. Do not provide sensitive information to suspicious persons and websites
  • Hackers compromise NFT accounts
  • Set up NFT phishing websites to trick user and steal account passwords
  • Exploit the security vulnerabilities of platforms to invade users' account and transfer users' assets away
  • Bookmark the URL of the NFT platform
  • Enable multi-factor-authentication
  • Enable asset transfer whitelist to prevent hackers to transfer assets away
  • Use official tools, such as official App
  • Avoid putting all assets into a single crypto exchange and wallet



How to store NFT assets


Before trading NFTs on NFT platforms, the users need to ensure to store their NFT assets safely. Same as other types of cryptocurrencies, they can choose an Internet-connected wallet (hot wallet) or a non-Internet-connected wallet (cold wallet), or even use a combination of the two. Different types of wallets have different benefits and security risks, and the users must choose the wallet(s) based on their own needs.


The wallet contains at least one pair of the user's public and private keys, with the private key(s) also containing the information to obtain the assets, which is especially important.



Hot Wallet

Cold Wallet


Connected to Internet


  • Exchange (Online) wallet: NFT assets and cryptocurrency are stored in the crypto exchange account, and the exchange will store NFT assets and cryptocurrencies in the same hot wallet


  • Desktop wallet / Mobile wallet: Take the form of either as a web application or a mobile App. Once a desktop / mobile wallet is created, it will store the private key in the program


Not connected to Internet and used to store private key offline


  • Hardware wallet: Like USB storage, it stores NFT assets and private keys


  • Other: Private keys are printed on paper or rely on memory, for example blockchain address and private key are printed in the format of a QR code



More secure


Potential cyber attacks, such as intrusion and data breach

Physical lost, storage device malfunction, physical damage or even forgetfulness

Security Measures


  • Backup your wallet and set up password protection. Also, do not disclose the recovery phrase for the password recovery. For backup methods, please refer to the guidelines of the specified wallets.
  • Always update wallet software, as latest software usually resolves identified security issues or optimizes security mechanisms.
  • Check the functionalities of storage devices regularly