How to secure your NFTs?
NFTs (Non-Fungible Tokens) represent a rapidly growing area, but they also raise critical questions about their security. Where are they located? How can they be securely stored? How can one prevent theft and ensure safe transmission? Finally, how can one avoid their loss? This article aims to provide an in-depth overview of NFT security, addressing fundamental aspects for beginners while exploring advanced strategies for the more experienced.
The security of NFTs is a complex and evolving topic. Cyber threats are diversifying, and new forms of hacking regularly emerge. Here, as of November 2021, we present the solutions deemed most appropriate for securing your digital assets. However, these solutions are likely to evolve, and it is important to emphasize that absolute security does not exist. The information provided cannot constitute an infallible guarantee for the protection of your NFTs.
General Concepts
The first part of this page will not focus specifically on a particular wallet, but will address general concepts related to blockchain, particularly how a blockchain, such as Ethereum, stores and secures its tokens. For the sake of clarity and simplicity, we will primarily refer to the Ethereum blockchain throughout this discussion. However, these concepts also apply to most other blockchains like Solana.
For some readers familiar with cryptocurrencies, these concepts will likely be obvious, even trivial. For others who are new to the world of NFTs, they may seem complex and require careful, even repeated, reading.
It is therefore essential to understand these so-called fundamental concepts before proceeding further, as without this basic understanding, you will never be able to fully grasp what you are doing with your digital wallet, whether it be for NFTs or cryptocurrencies. Let us focus on these concepts now.
Where are your NFTs located?
Let’s start with this simple question: where are your NFTs actually located? No, let’s redirect this thought by starting with what they are not.
- Your NFTs are not located in your Metamask wallet;
- They are also not stored on your computer;
- They do not reside on your Ledger or Trezor key either;
In reality, an NFT is a token that is recorded on a blockchain. This token is part of the decentralized database of Ethereum, with a copy maintained by approximately 3,000 active nodes distributed around the world. This geographical distribution of copies provides the blockchain with an exceptionally robust level of backup and redundancy. In other words, for your ETH tokens, you have around 3,000 backups at any given time, accessible and distributed globally.
When an NFT is sold or transferred to a third party, no file or asset physically moves from one device to another, nor from one Ledger key to another. The only event that occurs is a modification of the record in the Ethereum blockchain database, indicating the new address to which the NFT is assigned.
What about the associated files (JPG, GIF, etc.)?
The metadata of your NFT contains a URI field (similar to a URL) that specifies the location of the JPG file. The best practice is for this file to be hosted on decentralized storage solutions such as IPFS (InterPlanetary File System) or Arweave. These platforms ensure a decentralized and resilient storage infrastructure. Conversely, if the file is stored on a server owned by a centralized entity like Amazon AWS, OVH, or Google Cloud, it remains subject to the inherent risks of centralization. It’s important to note that regardless of the nature of the cloud—centralized or decentralized—it is still a server located somewhere.
The essential distinction between solutions like AWS and IPFS lies in the fact that, through IPFS, any user can join the network from their own computer and choose to store any item within the system, including your JPG file.
Some artworks, particularly those derived from generative art, are fully stored on the blockchain and are referred to as on-chain. This means that the instructions for generating the artwork are included directly in the token, and the artwork is thus entirely stored on the Ethereum blockchain.
Public Key and Private Key
A public key, represented by an address in the format 0x—— for Ethereum, can be likened to an email address in its use. You can share it safely, allowing others to send you various items such as:
- Ethers (ETH Ξ): the native unit of the Ethereum blockchain. Each Ethereum address can receive and hold ETH, which is used to pay transaction fees (gas) and can be sent between users.
- ERC-20, ERC-721, ERC-1155, ERC-777, ERC-223, ERC-4626: these are the main types of Ethereum tokens, encompassing standards for fungible tokens, non-fungible tokens, mixed tokens, enhanced tokens, and specialized tokens.
- Layer 2 Assets: Although tokens or assets on Layer 2 solutions (such as Arbitrum, Optimism) are linked to second-layer blockchains, they can be represented on Ethereum through smart contracts that lock the original assets and replicate them on Layer 2.
- ENS (Ethereum Name Service): An Ethereum address can also receive and store an ENS domain name, which allows for the transformation of a long address into a more readable format like kawlet.eth.
- Soulbound Tokens (SBTs): Although this technology is still under development, it represents a new class of non-transferable tokens used to represent identity information or attestations in decentralized networks.
- Off-chain messages and data: Smart contracts and certain applications can use an Ethereum address to send or store information and message signatures off-chain.
Similar to an email inbox, you have no control over the items sent to your Ethereum address. Thus, it is not uncommon for public addresses, especially those of well-known collectors, to receive unwanted or spammy NFTs. These unsolicited messages may be sent to capture the recipient’s attention or to create the illusion that they have acquired an artwork from a specific collection.
However, unlike an email inbox, all transactions made from an address, as well as the digital assets it contains, are public and can be viewed by the entire network. Therefore, every transaction executed and every asset held in an address is visible and traceable by anyone.
It is therefore essential to understand that the public key is not the element you need to protect at all costs. The private key, on the other hand, must be treated with the utmost care. It serves, in a way, as the “password” that allows you to control access to your Ethereum public address or public key. The main functions it enables are as follows:
- The transfer of tokens to another address;
- The signing of messages, attesting that you indeed possess the private key associated with the relevant address.
Unlike the public key, you should never, under any circumstances, reveal your private key to anyone. If a third party were to obtain it, they could, in a matter of moments, seize all of your digital assets, whether they are cryptocurrencies, fungible tokens, or NFTs associated with your Ethereum address. Your private key is, in essence, the key to your digital vault.
The Wallet
We have reached a fundamental point! A wallet is software that contains a set of private keys. It is essential to remember that a private key controls a public key. Thus, all wallets, whether software or hardware, are essentially tools for managing private keys. A wallet allows you to execute transactions on specific addresses (public keys) by manipulating the associated private keys.
Seed Phrase and Pass Phrase
Now, let’s introduce two crucial elements. The first is the seed phrase (or mnemonic phrase). This is a sequence of 12, 18, 24, 30 words (or more). If the private key represents the password for your public key, the seed phrase serves as the recovery method for that password in case of forgetfulness or loss. Indeed, if you lose your private keys, you can recreate them using your seed phrase. However, just like your private keys, it is imperative never to disclose this seed phrase. Anyone who possesses it can empty your entire wallet, including all the assets (tokens) associated with the public addresses it contains.
The second element to consider is the passphrase. Although rarely used, the passphrase has no direct equivalent in the physical world. It is a string of characters or a word that, combined with your seed phrase, creates a unique wallet, generating a distinct set of private keys. Thus, for example, combining your seed phrase with passphrases such as:
- seed phrase + "apple"
- seed phrase + "nft"
- seed phrase + "kawlet"
Using a passphrase will produce distinct wallets, each associated with different private and public keys. One unique feature of passphrases is that there is no “wrong” answer. If you enter an incorrect passphrase, no error message will appear, but a wallet will still be generated, albeit without your tokens. Even more surprisingly, if you do not use a passphrase, a default passphrase consisting of empty characters (“”) is still utilized. Finally, it is important to note that there is no recovery method if you lose your passphrase.
In summary:
- Public key or address: comparable to an email address, it can be shared freely.
- Private key: equivalent to the password of your email account; it must never be shared.
- Wallet: a tool that contains your private keys.
- Seed Phrase: a recovery system that allows you to recreate your private keys; never share it.
- Pass Phrase: optional, additional password that allows the creation of multiple wallets; it should never be lost.
Ultimately, any discussion regarding wallets, whether hardware or software, as well as the security of NFTs, is based on two major axes:
- Security: how to prevent a malicious individual from accessing your private keys?
- Resilience: how to ensure that you never lose control and access to your private keys?
Security and resilience: sometimes contradictory goals
Transcribing your private keys onto paper might seem to provide great resilience, but it won’t prevent the loss of your NFTs if that paper is misplaced or destroyed. On the other hand, you can easily ensure the security of your assets by destroying or refraining from using your private keys. However, this would also deprive you of access to your NFTs. Thus, the challenge lies in finding a delicate balance between these two seemingly contradictory goals: security and resilience.
To summarize the most common scenarios resulting from a lack of security:
- A malicious individual gains access to your private keys;
- Or they gain access to your seed phrase and your passphrase (if you opted to use one).
Conversely, situations frequently associated with a lack of resilience include:
- The loss of your private keys, seed phrase, and pass phrase (if you have used a pass phrase).
To go further with wallets
Now that the general concepts are established, let’s take a moment to delve into the topic of digital wallets.
- A software wallet is an application installed on a general-purpose device, such as a mobile phone or a computer.
- A hardware wallet, while still a software, is installed on a dedicated hardware device, such as a Trezor or a Ledger.
Let’s now address terms that often attract attention: Metamask and Phantom. It’s highly likely that mentioning these names will trigger interest from various malicious entities or bots, often on the lookout for seed phrases to exploit through fraudulent comments. Rest assured, this page is carefully moderated. It is widely known that any suggestion like “enter your private key or seed phrase at this link” is a blatant scam.
To interact with DApps (decentralized applications) in the Web3 space, such as Uniswap or Opensea, you’ll need a browser extension (or plugin). The most widely used and accessible option is Metamask, although other alternatives are available. Metamask is also offered as a mobile app, making it a software wallet on your phone.
The two most popular hardware wallet brands, Trezor and Ledger, both excel in security but have their own specific features and limitations, particularly concerning NFTs. A brand like SecuX focuses exclusively on NFTs through its Nifty product.
Some of these hardware devices—especially the less expensive ones—were originally designed for managing cryptocurrencies long before the emergence of NFTs. As a result, their respective documentation regarding NFT integration is often incomplete or poorly adapted.
Our recommendations regarding digital wallets: software or hardware?
Some guiding principles:
- Case No. 1: If your investment in NFTs is below $1,000 in the short term, a software wallet will suffice in this situation. Metamask, whether as a browser extension or mobile app, will meet your needs perfectly.
- Case No. 2: If you plan to invest more than $1,000 in NFTs, it is highly advisable to set up a hardware wallet from the outset. The Trezor and Ledger hardware wallets are both wise choices, providing high security assurances.
- Case No. 3: If you hold NFTs valued between one and three million euros, work in a professional or institutional setting, or own irreplaceable NFTs, it is essential to implement a multi-signature (multisig) system such as Safe (formerly Gnosis Safe), thereby ensuring enhanced security through the requirement of multiple signatures to validate any transaction.
Software Wallet
This type of wallet is only recommended when your investments are under $1,000. Why? Because software wallets do not provide optimal long-term security. They merely store your private key on your phone or computer. Thus, if your device is infected by a virus or you lose your phone, your private keys will be compromised. When setting up a software wallet, a seed phrase (a series of words) will be provided to you. It is imperative to securely record it on a physical medium such as a piece of paper, a notebook, or another secure means. This seed phrase will allow you to recreate your wallet on another device if necessary. It is essential to never enter this phrase on an electronic device, photocopy it, or save it on a computer. It should only be used to restore your wallet on a new device (computer or phone).
When installing Metamask, you will be asked to create a password. This password is specific to Metamask and will be used solely to access the application on the computer where it has been installed. It is important to understand that this is not your seed phrase. In the event of a computer failure, corruption of the Metamask application, loss of your device, or forgetting your password, you will need your seed phrase to regain access to your wallet.
The seed phrase thus represents your essential backup. Ideally, it should be stored outside of your home in a safe location. Some individuals choose safes or steel containers to protect their seed phrase from risks such as fire. While this is a very advanced (and possibly excessive) security measure for using a software wallet like Metamask, it is generally more appropriate to consider using a hardware wallet at this level of precaution.
Hardware Wallet
Hardware wallets are available in a price range from $50 to $400. If you have invested a substantial amount in NFTs or anticipate a significant increase in their value, it is imperative to use a hardware wallet. But which model should you choose? Generally, any hardware wallet will provide an adequate level of security. However, for those with higher demands, the question of the best hardware wallet for NFTs arises.
In 2024, several hardware wallets are recommended to ensure the security of NFTs, each offering specific features tailored to different needs:
- Ledger Nano X is often cited as one of the best hardware wallets for NFTs, thanks to its compatibility with over 5,500 crypto assets and its Bluetooth support, allowing for convenient use on mobile devices. It also includes Ledger Live, an application that enables easy management of your NFTs and other assets from a secure interface.
- Trezor Model T is another popular option, particularly for those seeking enhanced security. It supports essential EIP improvements for NFTs (such as EIP-1559) but requires integration with wallets like MetaMask to transfer and manage NFTs.
- SecuX Nifty stands out as a wallet exclusively dedicated to NFTs, providing a user-friendly interface and advanced features for management and transfer across several major blockchains.
Depending on your specific needs—whether it’s for multi-chain compatibility, mobile integration, or maximum security—each of these wallets is suitable for managing NFTs while ensuring the safety of your assets.
Enhanced Security for Significant NFT Collections
This section is intended exclusively for holders of collections with significant financial value, requiring a considerably higher level of security. Here, we will discuss the highest level of protection available today. Although this setup provides exceptional security, it comes with notable costs and some drawbacks. Ultimately, one of the main concerns for a large NFT owner is to guard against a so-called wrench attack.
What is a wrench attack?
The wrench attack refers to a method by which a malicious individual extorts your digital assets from you through physical coercion, forcing you to provide access to your accounts. The most effective defense against this type of attack lies in the use of a decoy wallet, facilitated by a Pass Phrase. If you find yourself in such a situation, you can open a wallet without a pass phrase, which contains a small amount of cryptocurrency, transfer that balance to the aggressor, and resolve the incident. At no point will the attacker suspect that using the pass phrase would have allowed access to a significantly larger amount. However, this method has a limitation: it is ineffective against particularly well-known and iconic NFTs, for which you could be specifically targeted.
Safe and decentralized multi-signature
In the context of a targeted attack on a specific NFT, a malicious individual would likely not be fooled by a decoy wallet. To achieve a more sophisticated level of protection and enhanced security, it is essential to use Safe (formerly known as Gnosis Safe) or Snowflake (for Solana). In simple terms, these wallets require multiple approvals to execute transactions. This makes them particularly sought-after as a digital vault, especially in the realm of decentralized finance (DeFi), but increasingly also for managing high-value NFT collections.
One of the most remarkable aspects of Safe is its ability to configure a multi-signature protocol for transaction validation. This mechanism allows you to define that a transaction can only be approved if multiple distinct signers validate it, for example, two out of three (2/3) or three out of five (3/5) signers. This approach ensures a significantly enhanced level of security, as multiple approvals are required before an action can be executed.
In an advanced configuration, each signer can use either a software wallet or a hardware wallet. However, the most secure setup typically involves multiple signers equipped with hardware wallets, combined with the Shamir’s Secret Sharing Scheme (SSSS). This scheme allows the private key to be fragmented into several pieces, distributed among different holders or devices, preventing any single person from accessing the entire key.
Large NFT collections are therefore often hosted in multi-signature wallets, recognized on the blockchain as smart contracts, rather than simple public addresses. These multi-signature wallets have multiple signature keys, each of which is fragmented and distributed among several people or institutions around the world. Thus, even the wallet owner does not know the precise location of each constituent element of the key. This architecture makes the recovery of private keys extremely complex, if not impossible, for anyone who does not have access to all the required fragments.
Another significant advantage of Safe is the possibility of collective ownership. A group of individuals or an institution, such as a company or an investment fund, can thus jointly manage a collection of NFTs. However, it is worth mentioning that displaying NFTs in the Safe interface can sometimes be slightly unstable. For optimal visualization of your gallery, it is recommended to use platforms like Opensea or other marketplaces.
What is the operation of major collectors?
On a daily basis, common interactions are carried out through a hardware wallet. Once these operations are completed, each NFT is transferred to a multi-signature wallet, such as Safe, which acts as a highly secure vault. This process doubles the transaction costs due to additional gas fees, but it is a necessary compromise to ensure this enhanced level of security.
However, it is important to note that this approach significantly reduces flexibility. Indeed, moving assets out of the multi-signature wallet, whether for collateral operations or staking, requires approval from multiple parties, thus extending the duration of these processes to several days (if the signature is on-chain, which is more secure). Therefore, movements and transfers of assets are conducted only when their significance fully justifies the associated delays and costs.
It goes without saying that this arrangement is only relevant for collections of substantial value that anticipate few movements among their works.
In Summary
- Collection valued at less than $1000: software wallet;
- All other collections: hardware wallet;
- High-value collection: multi-signature wallet—off-chain tolerated—from any wallet;
- Companies, Institutions, Funds: multi-signature wallet on-chain from hardware wallets;
If you choose to distribute your seed phrases, PIN codes, hardware wallets, and pass phrases according to the Shamir’s Secret Sharing Scheme (SSSS), it is imperative to carefully consider the individuals or entities to whom you will entrust this information. It is essential to ensure that a quorum is defined to allow access to your assets. Trust is therefore paramount, and you are the main guarantor.
A crucial aspect to consider: we all face the inevitable reality of leaving this world. If you hold NFTs, regardless of their financial or emotional value, it is necessary to consider how you will pass these assets on to your heirs. The anecdotes, sometimes tragic, of private keys lost forever with their owners are not uncommon. Every situation is unique, but thanks to the possibilities offered by mechanisms such as SSSS or multi-signature wallets, it is possible to plan a thoughtful and secure succession.
The major advantage of the solutions discussed above lies in their decentralized and open nature, in line with the fundamental principles of blockchain. However, centralized solutions offered by traditional actors such as notaries are expected to emerge soon regarding the succession and protection of digital assets. Although they may be viable, they will not necessarily guarantee a higher level of security. The risks of social engineering or targeted attacks (wrench attacks) could simply be transferred to a trusted third party, compromising digital autonomy, one of the essential values of blockchain.
Although all this information may seem complex and setting up these solutions may feel tedious, it is essential to commit to securing your assets now. In reality, with some perspective, this process is not as complicated as it seems, and once configured, it does not need to be repeated. Like any learning process, it requires a bit of time and patience, but this knowledge will give you a significant advantage in the Web3 economy and protect you against potential disasters.
If you have any doubts or need assistance, feel free to reach out to us through the comments or directly via email.
No Comments