Be Safe Out There! - TokenSmart NFT Humpday Report #40

Welcome to the 40th issue of the NFT Humpday Report, a weekly column covering and providing embedded analysis on the NFT economy’s biggest topics du jour. Brought to you by WIP meetup collaborators and nft42 community hub TokenSmart.

Hey everyone, William M. Peaster here! It’s with a heavy heart I announce this 40th TokenSmart NFT Humpday Report will be my final one, as I’m moving on to double down on other projects. It’s been an absolute treat writing this column for you these past many months, and I can only hope it helped you learn more about NFTs. I know I certainly learned a lot along the way!

That said, let’s finish up this 40th report on a high note by focusing on something we really can’t highlight enough, which is NFT safety

Indeed, in recent weeks we’ve seen a wave of elaborate attacks targeting NFT users. The main ploy at hand is malicious agents tricking these users into opening malware, often veiled in the guise of legitimate work opportunities/documents. 

From command & control attacks (C&Cs) to screenscrapers, these bad actors have no shortage of tools at hand they can use to try and pry your NFTs from you so safety is paramount. Here are some huge safety considerations to take to heart: 

  • Learn to tell the signs of attack messages — This is getting harder, as attackers are becoming increasingly adept at impersonating reputable sources like Coinbase or high-profile NFT community members via DMs, emails, etc. Accordingly, approach every opportunity cautiously knowing that impersonators are afoot. Triple check URLs, accounts, email addresses, everything. And ask solicitors to confirm and verify — if it’s a sincere opportunity, the other person won’t mind at all verifying themself to you. If in doubt, don’t click anything!

  • Don’t reuse passwords — Maybe your old email account was compromised years ago unbeknownst to you, but you’re using it now for your MetaMask wallet. Abort, abort, abort! Get into the practice of not reusing your passwords, and never do it in/around crypto. Don’t make it easy for the scumbags. 

  • Get multiple hardware wallets — Hardware wallets are extremely resistant to attackers so if you have crypto on one of these devices blackhats won’t be sweeping your funds any time soon. I say multiple hardware wallets, too, because this makes it easier to maintain security via multiple wallets and to have readily available backups in case one of your devices ever fails or gets lost. I’ve personally used Trezor, Ledger, and GridPlus and can recommend any of them. 

  • Watch out for token approvals — Ever tried using a new dapp and had to sign an approval transaction first? This is fine when the project is reputable, but it’s dangerous if the project is nefarious. Even a hardware wallet’s only as good as your outstanding token approvals. This is because if you’ve approved a sketchy contract to spend your funds, it can do exactly that: spend ‘em! So don’t be willy nilly about what contracts you approve, even if you see everybody aping around you. If you need to remove some of your approvals, consider a tool like the Token Allowance Checker

Well, that’s it for me folks. Again, it’s been a real treat being able to write this column for you. I wish you all the very best in your respective NFT journeys, and I implore you to be safe and helpful to others. In the meantime, be well! William, signing off ❤️

Thanks for reading the 40th NFT Humpday Report! Check the nft42 Substack archives for excellent NFT ecosystem coverage! Cheers 🌠