Get Started Wallets Trading Security DeFi Staking NFT Glossary About
Home/NFT/NFT Security

NFT Security Guide

Essential 12 minutes 4 steps
0% Complete
NFT Theft Is Rampant

Millions of dollars in NFTs are stolen every month. Even experienced collectors get scammed. This guide could save your entire collection.

Step 1

Know the Common Scams

Phishing Sites

Fake websites that look identical to OpenSea, Blur, etc. When you connect, they drain your wallet.

  • Always type URLs directly or use bookmarks
  • Check the URL letter by letter
  • Never click links from Discord/Twitter DMs

Malicious Airdrops

Random NFTs appear in your wallet. If you try to sell/interact with them, they drain your wallet.

  • Never interact with unexpected NFTs
  • Leave them in "Hidden" forever
  • Don't try to sell or transfer them

Fake Support

"Support" DMs you about a "problem" with your account and asks you to verify or connect wallet.

  • Real support NEVER DMs first
  • Real support NEVER needs your seed phrase
  • Block and report immediately

Fake Collections

Copies of popular collections with stolen art but different contracts.

  • Always check the blue verification badge
  • Verify contract address matches official
  • If price is too low, it's probably fake
Step 2

Secure Your NFT Wallet

The Multi-Wallet Strategy:

Wallet Use For Security
Burner Wallet New mints, risky sites Only small amounts
Active Wallet Regular trading on trusted sites Moderate amounts
Vault Wallet Valuable NFT storage Never connect anywhere

Hardware Wallet for NFTs:

  • Store valuable NFTs on Ledger/Trezor
  • Transactions require physical button press
  • Immune to most remote attacks
  • Can use with MetaMask for trading
The Vault Strategy

Keep your most valuable NFTs in a wallet that NEVER connects to any website. Only transfer in/out as needed. This eliminates most attack vectors.

Step 3

Verify Everything

Before Buying - Verify:

  1. Blue checkmark on OpenSea/marketplace
  2. Contract address matches official project
  3. Floor price is reasonable (not suspiciously low)
  4. Volume/activity looks legitimate
  5. Official links from project's real Twitter/Discord

Before Connecting - Verify:

  1. URL is correct (every character)
  2. HTTPS padlock is present
  3. Site is official (check on Twitter)
  4. What permissions are being requested

Before Signing - Verify:

  1. What transaction does - read the details
  2. Amount being approved - is it what you expect?
  3. Contract address - is it the right one?
  4. If unsure - DON'T SIGN
"SetApprovalForAll" Warning

If you see "SetApprovalForAll" in a transaction, be VERY careful. This gives complete control over an entire NFT collection to the requester. Only approve for trusted marketplaces.

Step 4

Daily Safe Practices

DO:

  • ✓ Bookmark official sites
  • ✓ Use a hardware wallet for valuable NFTs
  • ✓ Regularly revoke old approvals (revoke.cash)
  • ✓ Keep software updated
  • ✓ Use strong, unique passwords + 2FA
  • ✓ Be paranoid about DMs and links

DON'T:

  • ✗ Click links from DMs/emails
  • ✗ Connect to unknown sites
  • ✗ Rush into "limited time" mints
  • ✗ Share screens while wallet is open
  • ✗ Use public WiFi for transactions
  • ✗ Trust anyone asking for seed phrase
The 10-Second Rule

Before signing ANY transaction, pause for 10 seconds and ask:
- Did I initiate this?
- Do I understand what it does?
- Is the site/contract legitimate?

This simple pause has saved many people from scams.

If You're Compromised:

  1. Don't panic
  2. Create new wallet immediately
  3. Transfer remaining assets to new wallet
  4. Never use compromised wallet again
  5. Report to marketplace if applicable

NFTs Protected!

You know how to keep your NFTs safe. Stay vigilant!

More Security Tips
OpenSea Guide Next: Creating NFTs
Copied to clipboard!