Protecting Your NFT and Tokens

Protect Yourself

So you have bought your first NFT or Crypto and are using browser wallets such as Metamask.

Browser based wallets are highly risky and all it takes is for a malware to get into your computer to pull browsers data and all your NFTs and Coins goes to the hackers.

At the minimum, you should have a hardware wallet. Hardware wallet acts as a 2FA, ensuring the hardware device must be connected to the computer for you approve outgoing transactions.

Generally Ledger and Trezor are the most trusted wallet provider, there are many other hardware wallets too.

On purchasing hardware wallets. ONLY buy from the original website. Never buy from 3rd party sites like Amazon, eBay, other country versions of the original site. DO NOT try to save money on this on trying to buy a slightly cheaper version, this is financial advice.

Hardware wallets can help to prevent most hacks, but it's not 100% foolproof.

  • If you physically approve the connection/transaction to a scammer's website, you will still lose your NFTs and coins.

  • If scammers get your seed phrase, they can restore your hardware wallet on another hardware wallet thus cloning your 2FA device.

  • If you bought a hacked device, the seedphrase you are using actually belongs to the hackers.

Here are some major ways that scammers have used very successfully to scam NFTs and Coins worth millions.

Fake NFT websites

Scammers can create websites that looks exactly the same as the official site in an attempt to confuse people and get them to connect their wallet to the fake site and approve some transactions

Once you do, they are able to quickly drain your wallet of its NFTs and coins.

How to defend against such scams:

  1. Check URL before connecting any wallet.

  2. Instead of clicking on links, open a new tab and type in the URL directly and visit that marketplace. Even searching for them on search engine can be dangerous as ad placements can easily be mistaken for a real search result.

Phishing Emails

You may receive emails on offers your NFTs with a link provided for you to click through to the marketplace. Usually high offers are used to get people's emotions up and forget about possible phishing links.

How to defend against such scams:

  1. Treat every emails as if its a scam, never trust anyone.

  2. Instead of clicking on that link, open a new tab and type in the URL directly and visit that marketplace.

Phishing Messages

Whenever you send a message on social media such as Discord or Telegram asking for help, you are guaranteed to get a lot scammers pretending to be an admin, a support staff, a mod trying to help you.

They may send you links to another discord server or website that looks exactly the same as official server or website.

They may even include multiple scammers pretending to be fellow buyers, users, gamers, mods, admins telling you that it is safe.

How to defend against such scams:

  1. Treat every message as if its a scam, never trust anyone.

  2. Never click on any links in any messages.

  3. Switch off DM and private messages

  4. If you have to send a private message to any mods, try to send them a message first. Almost no admins, mods, staff will ever message you first. If they do, send them a random string of text and ask them to type out the exact same text in the official server to prove that they are real.

Trade Scam

There are many cases in the NFT space where collectors got scammed by traders when they are trying to save a bit on the fees from the marketplace.

If you are in the space long enough you would definitely heard of cases where someone tried to save 2.5% fees by directly trading with a potential buyer, but lost multiple Bored Apes in the process, at the time of this writing, each Bored Ape is worth 70 ETH. It's not worth it to lose US$233k to save $6k.

How to defend against such scams:

  1. Use the official marketplace provided, it's there to help regulate against scammers.

  2. If you really want to go offsite, don't trust anyone, and only use sites that you have used before by directly typing in the URL, no searching, no clicking on links.

Other Potential Dangers


There are many dangers with Metamask, 99% comes from the user.

(i) Users can get tricked into revealing their QR code or private keys by fake admins and support staff telling them to share their screen and switching to another language before navigating to screen containing the keys.

How to defend against such hacks: Don't share screen, if you really have to, please use another user, browser, wallet.

(ii) Fake Metamask popup some websites make a fake metamask popup, that tricks you into keying in your password and approval the transactions.

How to defend against such hacks: Do no sign into any random popups that you are not expecting, and ideally sign in before you open any tabs.

(iii) Old connected sites, as we use MM more, we will have older connected sites to our wallet. If the contract that you have previously given access to gets hacked, it's possible for them to drain your funds depending on the permissions given.

How to defend against such hacks: We should remove those connected sites as often as possible.


These can hide in your computer and capture your seed phrase when you type them into your computer.

How to defend against such hacks:

  1. Never key in your seed phrase on your computer, phone, or any other digital device. If it's digital it can be hacked.

Address Switching Malware

There are malware which hides in your computer and whenever you copy and paste crypto address, it changes the recipient address to the hackers address very slightly.

It can be really hard to detect this type of hacks, as it appears randomly even if your PC is infected.

How to defend against such hacks:

  1. Use a completely new and separated PC/Mac system. Ideally use a Mac.

  2. Do not download torrents or any other software on it, keep it completely empty of software apart from essentials.

  3. Connect it to the internet via cable only, no wifi.

  4. Never connect any USB, phones, random stuff to it.

  5. Run anti-virus scans on it frequently.

Last updated