NFT Boom, How to Protect Your NFT Assets

Release Date: 24 Jan 2022 13134 Views

What is NFT?

NFT stands for Non-Fungible Token which is issued in according to the Ethereum ERC721 standard. Different from other cryptocurrencies, each NFT token has a unique ID, so it cannot be duplicated. Also, it can only be traded in its entirety at transaction.

With its value escalating and market expanding continuously, NFT platforms and accounts have become a new prey for cyber criminals. In March 2021, a batch of accounts on a well-known NFT platform, Nifty platform, that had not enabled two-factor authentication were stolen, with one of them reporting a loss of US$150,000. In July 2021, Stazie, the anonymous developer of NFT game Hedgie, fell prey to a phishing website, and 16 CryptoPunks and some cryptocurrencies was stolen. In December 2021, the crypto exchange, AscendEX, was hacked to steal cryptocurrencies and NFT assets, which worth about US$77M, from the crypto wallet. In regard to NFT security issues, HKCERT has the following suggestions:

Risks	Security Measures
Hackers imitate the promotions of NFT platforms and distribute fake NFT assets for free, thereby tricking victims into providing sensitive information	Verify senders' identities and links carefully. Do not provide sensitive information to suspicious persons and websites
Hackers compromise NFT accounts Set up NFT phishing websites to trick user and steal account passwords Exploit the security vulnerabilities of platforms to invade users' account and transfer users' assets away	Bookmark the URL of the NFT platform Enable multi-factor-authentication Enable asset transfer whitelist to prevent hackers to transfer assets away Use official tools, such as official App Avoid putting all assets into a single crypto exchange and wallet

How to store NFT assets

Before trading NFTs on NFT platforms, the users need to ensure to store their NFT assets safely. Same as other types of cryptocurrencies, they can choose an Internet-connected wallet (hot wallet) or a non-Internet-connected wallet (cold wallet), or even use a combination of the two. Different types of wallets have different benefits and security risks, and the users must choose the wallet(s) based on their own needs.

The wallet contains at least one pair of the user's public and private keys, with the private key(s) also containing the information to obtain the assets, which is especially important.

	Hot Wallet	Cold Wallet
Nature	Connected to Internet Exchange (Online) wallet: NFT assets and cryptocurrency are stored in the crypto exchange account, and the exchange will store NFT assets and cryptocurrencies in the same hot wallet Desktop wallet / Mobile wallet: Take the form of either as a web application or a mobile App. Once a desktop / mobile wallet is created, it will store the private key in the program	Not connected to Internet and used to store private key offline Hardware wallet: Like USB storage, it stores NFT assets and private keys Other: Private keys are printed on paper or rely on memory, for example blockchain address and private key are printed in the format of a QR code
Benefit	Convenient	More secure
Risks	Potential cyber attacks, such as intrusion and data breach	Physical lost, storage device malfunction, physical damage or even forgetfulness
Security Measures	Backup your wallet and set up password protection. Also, do not disclose the recovery phrase for the password recovery. For backup methods, please refer to the guidelines of the specified wallets. Always update wallet software, as latest software usually resolves identified security issues or optimizes security mechanisms. Check the functionalities of storage devices regularly

Related Tags

Share with

Introduction of QR code attacks and countermeasures

20 Jan 2022 11626 Views

What You Know about the Cyber Security of NFT

11 Mar 2022 11560 Views