5 Quick Tips to Stay Safe When Minting NFTs
As NFTs gain in popularity, NFT scams are getting more common. Here are 5 quick tips to stay safe when you're about to mint those NFTs.
How to stay safe when minting NFTs?
To begin with, NFT scams are everywhere. As NFTs gain in popularity, hackers tend to target buyers who want to mint NFTs. Although scams might not happen as frequently in the GameFi space, knowing some of the common tactics used by hackers will help safeguard your gaming NFTs as well. Nonetheless, here are 5 quick tips on how to stay safe:
1. Do not fall for stealth mint or hacked Discord/Twitter scams
Without a doubt, this is one of the most common ways to get scammed in the NFT space. More often than not, after taking over the NFT project's Discord or Twitter account, scammers will post phishing links to mint NFTs through these channels. Once you connect your wallet to the malicious website, the site will start various scams or phishing attacks to steal your holdings. To avoid this, just keep in mind that established NFT and Web3 gaming projects would not have any stealth or surprise mints ever.
2. Mint directly from the smart contract if you can
Next, try to mint NFTs directly from the smart contract whenever you can. This is especially so when you're not too sure of the legitimacy of the NFT project. To do that, you will need to know the contract address first. Then, follow this simple guide (only for Ethereum-based NFT projects) to mint NFTs from the smart contract.
3. Be wary of what you're asked to approve
According to Azuki NFT dev @cygaar_dev, there are 2 functions in the EIP-217 standard that will allow someone else to transfer your NFTs. These are the approve() and setApprovalForAll() functions. Marketplaces such as OpenSea will often use the latter (see above) so that users will only need to approve once to sell their NFTs. Make no mistake, this is not an issue at all when you're dealing with trusted sites.
However, when you're minting NFTs from a website, always make sure that you're not signing any transactions that call for approve or setApprovalForAll functions. According to Cygaar, there is no such approval required when minting NFTs. Thus, any website that asks you to do so is most likely a scam.
4. Use a burner wallet
In essence, a burner wallet is just a separate wallet from your main wallet. This can be a hot or cold wallet. How it works is that you only need to keep a minimum amount of tokens in the burner wallet to mint NFTs and pay for gas fees. After minting, proceed to transfer your NFTs to your main wallet or cold wallet for safekeeping. If your burner wallet is connected to a malicious website, bad actors won't be able to access your entire holdings.
5. Use a cold wallet (and make sure it's not connected to the Internet!)
Lastly, moving your high-value NFTs to a cold wallet such as those offered by Trezor or Ledger will help as well. But, make sure it's not connected to the Internet! The reason for this is that certain hot wallets like MetaMask will allow users to link up with their hardware wallets as shown above. In the event that you signed the setApprovalForAll permission in a scam contract, hackers will still be able to access any hardware wallets that are connected to MetaMask.