Tips for safely minting NFTs

Some practices for improving security when minting NFT collectibles!

Metaversal is a Bankless newsletter for weekly level-ups on NFTs, virtual worlds, & collectibles


Dear Bankless Nation,

Hackers are probing NFT Discords for weak spots. We saw a tragic example this week when the CreatureToadz Discord was temporarily compromised. 

During the incident, the blackhat used the opportunity to publish a fake “stealth drop” link to what appeared to be an NFT minting interface. People then sent ETH thinking they were minting, but instead all the money just went straight to the attacker’s address with no NFTs involved. 

Fortunately the CreatureToadz team regained control of the Discord and are going to compensate those affected. Yet the episode serves as a stark reminder that us NFT minters have to keep our guards up because we are, in fact, being increasingly targeted. 

For today’s post then, I’ve gathered some tips for safely minting NFTs. Taken altogether, these tips can help you avoid or minimize NFT minting woes. Shields up, NFTers 🛡️

-WMP


🙏 Sponsor: Zerion—Your Gateway to the Metaverse


How to mint NFTs safely

I wouldn’t consider this a comprehensive “best practices” for safely minting NFTs, as I may have missed some ideas. In the very least, though, the following tips can help you start running a much tighter ship when it comes to minting! 


🚨 Familiarize yourself with common scams

If you know the enemy and know yourself, you need not fear the result of a hundred battles. Sun Tzu, The Art of War

The first step to approaching NFT security in general? Familiarize yourself with the main scams that NFT users face these days. Current and future scams may evolve from these kinds of ploys.

Attack vectors can include artist or brand impersonations, fake storefronts, and beyond as MyCrypto notes in its helpful Common NFT Scams guide. 


👛 Use a dedicated minting wallet

Let’s say you have a “headquarters” wallet where you create your best cryptoart, publish your Mirror blogs, and handle most of your DeFi activities.

That said, protect your headquarters by using a separate dedicated wallet for minting from new NFT collectibles projects. In certain instances, nefarious actors can abuse or compromise the permissions that users grant to these projects in order to steal funds. 

Accordingly, isolating the risks around minting new collectibles to a side wallet where you only keep a fraction of your total crypto is one easy way to level up your NFT security. 


🚿 Routinely clean your token approvals

Speaking of granting permissions, it’s a great idea to routinely clean up your token approvals. Again, users commonly grant spend approvals to NFT projects in order to interact with them. In worst case scenarios, these spend approvals are unlimited and can be abused and compromised. 

The good news? Staying on top of your approvals is easier than ever now. For example, Etherscan has a straightforward Token Approvals Checker tool, and there are others out there like it too. 


🙅 Watch out for the “Sending ETH” trick

If you’re trying to mint an NFT from a new project and you see “Sending ETH” appear in your MetaMask, etc., back out. It’s a scam! 

This is what happened with the CreatureToadz project earlier this week. A hacker compromised the Discord, put out a bot announcement about a fake stealth drop, and surreptitiously collected ETH from people who thought they were minting CreatureToadz early. 


📣 Look for official comms

Don’t trust a Discord bot announcement. Look for official comms from project leaders, admins, moderators, etc., and corroborate mint announcements and other important information across multiple channels, e.g. Discord, Twitter, community discussions, and so forth. If you’re getting hit up in your DMs by some random person about an “upcoming NFT mint,” just disregard.  


🖼️ Post-mint, watch out for fake collections

Let’s say a highly-anticipated NFT project just sold out. You missed the mint so you rush to OpenSea to see about snagging one or two collectibles before the secondary market goes bonkers.

Scammers try to take advantage of the above dynamic by rushing out fake ripoff collections that look plausibly similar to the actual collection that everyone’s clamoring for. The idea? To pick off some ETH from a few collectors who don’t know better in the initial rush. 

OpenSea does a good job of cleaning up these listings quickly, but you’ll have to stay on your toes during those early windows of opportunity. 


Conclusion? Stay safe out there!

We’re pioneers on the NFT frontier. There’s no shortage of excitement here, but there’s also plenty of risks. Following the tips above and triple-checking things like URLs and contract addresses will go a long way toward ensuring your NFT collecting flow stays secure. 


Action steps


Subscribe to Bankless. $22 per mo. Includes archive accessInner Circle & Badge.


🙏Thanks to our sponsor

ZERION

With Zerion, you can invest in DeFi from one place—now fully revamped for your NFT collection!

So you spent months building up your collection, but you’re still viewing your NFTs on a website that looks like it’s stuck in 2015? Have some fun with Zerion – send NFTs between wallets, convert them to iPhone widgets and flex them on your Apple Watch - all alongside your entire crypto portfolio.

👉 Look out for Zerion’s L2 Support & Cross-Chain Composability.

👉 Connect Your Wallet & Show Off Your NFT Collection.


Not financial or tax advice. This newsletter is strictly educational and is not investment advice or a solicitation to buy or sell any assets or to make any financial decisions. This newsletter is not tax advice. Talk to your accountant. Do your own research.


Disclosure. From time-to-time I may add links in this newsletter to products I use. I may receive commission if you make a purchase through one of these links. Additionally, the Bankless writers hold crypto assets. See our investment disclosures here.