On Twitter Spaces, I’ve noticed a common theme of newcomers into the crypto-sphere falling victim to the same scams over and over again. Because of this, I was inspired to write an article “10 Tips to Safely Mint NFTs” and publish it on my website.
It’s an important message, but who wants to sit through another safety seminar?
If my message was going to reach the people it’s meant to help, I knew it’d call for something dramatic… and who knows theatrics better than Michael Scott?
One day later: It has 10K+ impressions and 1800+ views — a much farther reach than my initial post. Within 24 hours, several people messaged me thanking me for spreading awareness about this extremely important topic.
Here is the list: (for the animated gif versions, see my Twitter)
- Have more than one wallet. Many people create wallets specifically for minting and others specifically for storing. Find a multi-wallet set-up that works for you.
2. NEVER EVER EVER share your seed phrase! Scammers want to get your seed phrase so badly that they’ll pretend to be technical support from a reputable company or tell you that you’ve won a huge prize in order to get your seed phrase from you. DON’T GIVE IT OUT!
3. Keep your private keys private! A public key is your wallet address, that’s ok to share. But like your seed phrase, you don’t want anyone else getting access to your private key!
4. Do not store your private key or seed phrase on a computer or smartphone! Use a hardware wallet (like Trezor) to store them. If you cannot obtain a hardware wallet, write them down and store these handwritten copies in an extremely secure location.
5. DO NOT interact with an NFT or other token that randomly appears in your wallet. Wallets are public — so anyone can send something to you. Bad actors may send malicious scam tokens to you in an attempt to make you interact with their token & give access to your wallet.
6. Use a strong, unique password for your wallet and do not reuse passwords across different accounts. Avoid using easily discernible passwords, such as “password” or “123456.”
7. Store top valuables in a cold wallet with extra security. (For example: a hardware wallet like Trezor.) A cold wallet is used very rarely . You never interact with websites using this wallet but rather just send assets to it to hold long term.
8. Do not copy/paste your private keys or seed phrase or otherwise type them on your computer! If you have a virus like a keylogger installed, your wallet may be compromised.
9. Ticking Time Bomb. Do NOT assume because nothing bad immediately happened after you connected your wallet to a website that everything is fine. Some malicious contracts wait until a wallet has many valuables in it before triggering a mechanism that empties the wallet.
10. If you want to revoke access to your account, many people use Revoke.cash. HOWEVER, be aware that there are many scam sites that emulate revoke.cash in order to actually get you to unwittingly give scammers access to your wallet.
I’ve been eating, sleeping, breathing web3 and NFTs for years now… and I strongly believe it’s important for the people who are here grinding every day to help newcomers have positive experiences in this space. Educating people on best practices for wallet safety is a critical first step. No, it doesn’t stop them from falling prey to rugs (that’s a post for another time) but my hope is that this will help some people stay safe as they get started in the fun and exciting world of web3.