Written by Manabu Bannai

Explained: How to securely store and buy NFTs

I will explain how to secure NFTs.

Things you can learn:

It's basic knowledge, but very important.
If you use NFTs, you have to understand.

Disclosure (My wallet here)

I have CryptoPunks, BAYC, Meebits, and so on. So I'm bullish on this field and have relatively high knowledge of NFTs and investing in this field.

Quick Take

How to securely store NFTs

In short, I recommend Ledger Nano S.

*I use a referral link from Ledger Nano, but it's not for money. Instead, I like the product so that I can introduce it to everyone.

*If you use Ledger Nano without any knowledge, security risk will increase. Please read this article to boost your understanding.

The basics of Crypto Wallet

There are two kinds of Crypto Wallets:

Examples are as follows:

It's easy for your brain to imagen like below:

We securely store our coins in Cold Wallet (=bank savings). On the other hand, we use Hot Wallet (=wallet) to spend some coins (e.g. buy NFTS).

Hot wallet vs. Cold wallet

Below are the summary of the wallets:

Hot wallet:

Cold wallet:

The difference is whether it is connected to the internet.

For example, Metamask is connected to the internet — we call it Cold Wallet. So it's highly convenient but low security.

*There was an incident in 2018 in Japan. Coincheck, one of the most famous crypto exchanges, was hacked and stolen, equivalent to $500 million. One of the problems was Coincheck's Hot wallet. The exchange stored too many coins in Hot Wallet so that the amount of damage became bigger.

What's the problem with Metamask?

The thing is the place where they store the Secret-key.

Necessary background: When you store your coins in your wallet, you need a Secret-key. Secret-key has the privilege to send your coins. Without it, no one can move your coins.

For example, let's see the followings:

secret_key_metamask

You can see the word Secret Recovery Phrase, which is equal to Secret-key.

Please don't reveal your Secret-key like me. It's dangerous. Using its phrase, everyone can hack my Metamask's account. *It's empty though.

Metamask save your Secret-key in your browser

Metamask is safe while your PC and browser are safe. But if it has been affected, it is possible to steal your funds.

For example, if you installed a Chrome extension affected by some viruses or got a malicious email from someone, Metamask is unsafe.

Perhaps you lost your ID/Password and your funds in your Metamask; that situation is terrible, so we need Cold Wallet to secure our funds.

The comment from the developer of Metamask is as follow:

I absolutely recommend storing value off-line as much as possible. When I use MetaMask to exchange some value, I try to transfer that value back to a "colder" wallet soon. If I don't, I accept that there's a risk involved.

Make sense? Are your funds safe enough? Let me explain why I recommend Ledger Nano.

I recommend Ledger Nano S

As I said before, I recommend Ledger Nano S, one of the most famous Cold Wallets. We can also call it Hardware Wallet. You can store your crypto offline so that your funds are safe.

Attention: you must buy it from the official site

If you visit eBay, there are some Ledger Nano S with lower prices than the official site. BUT DO NOT BUY IT. It's dangerous. Some of them are affected by malware. That means if you use it, you lose your funds.

There are two kinds of Ledger Nano

You can see these two lineups on the official site:

If you are a beginner in this industry, Ledger Nano S is enough. However, I'm satisfied with Ledger Nano S, even though I'm beyond a beginner.

The main difference between them is their capacity. You can install many apps if you choose Ledger Nano X. But in my case, I repeatedly install and uninstall apps to use Ledger Nano S without any stress. If you are Crypto Rich, then buying Ledger Nano X is fine.

What if Ledger Nano is broken?

Ledger Nano is hardware, so sometimes it's broken. So what happens if it's broken? No problem.

As long as you remember your Secret-key, your funds are safe. Simply buy a new Ledger Nano and then put your Secret-key, which will cause recovery or your fund’s control.

How to securely buy NFTs

how to buy NFT securely

In short, I recommend these steps:

Let me explain one by one.

STEP1: Buy NFTs using your Metamask

Needless to say, Please visit OpenSea and buy some NFTs using your Metamask. Your data has been stored in your Metamask and browser. It's okay but lower security. So let's move NFTs into Ledger Nano.

STEP2: Transfer your NFTs to Ledger Nano

You can transfer your NFTs to click the button below:

opensea_nft_transfer

Put your Ledger Nano's address as a transfer address. That's it. Pretty simple, right? It's a very secure way of buying NFTs.

Question: Why don't we directly buy NFTs using Ledger Nano

You can connect your Ledger Nano and Metamask like so:

metamask_connect_ledger

After that, you can connect Ledger Nano to OpenSea:

direct_buy_nft_using_ledger

This way is also okay and straightforward. But there is a problem.

What the heck of Blind signing?

You can see the popup when you connect your Ledger Nano to OpenSea:

blind_signing

The thing is Blind signing, one of the lesser known tricks being leveraged by scammers to steal your assets.

For example, please take a look below:

You can see two kinds of popups on the tweet above. The first one is safe, but the second one is dangerous; the difference is Blind signing.

What happens if you accept Blind signing?

Again, let's take a look at the screenshot below:

blind_signing

This popup is from OpenSea, so it's safe.

But if you visit the NFT marketplace, which is not famous, and get a popup containing Blind signing, it's better not to accept it. There is a chance to steal your funds from a hacker.

If I were a hacker, I would create some lottery website that says as follow:

You have a chance to get a prize every day on this website. The only thing you have to do is just connect your Metamask to our website.

Needless to say, if you connect it, you will lose your funds. Or possibly, first two or three months, I will give a prize to get the trust of the attendees and then attract new customers. But after some period, I will hack everything.

How to avoid hacking?

The former is more important. OpenSea is okay. You can blind signing with it. But if you blind signing to not famous website, it's in danger.

That’s why I had said like below:

✓How to securely buy NFTs
- STEP1: Buy NFTs using your Metamask
- STEP2: Transfer your NFTs to Ledger Nano

That's one of the most secure ways of storing your NFTs. In addition, your Ledger Nano never connects to Metamask and accepts Blind signing, which means the security level is pretty high.

Lastly: I recommend a VPN app

Please take a look at my tweet below:

I got more than 100 RTs, and I will translate it as follows:

I recommend using TunnelBear, a famous VPN app when you use Metamask or your crypto. Because sometimes, WiFi is not safe, especially if you use public WiFi or a hotel's WiFi. I've heard an experience of someone who lost his funds after using Metamask with the hotel's WiFi.

Also, please take a look at as follow:

You can see three screenshots on the tweet, right? Please follow the settings same with photos so that your VPN data become more secure.

Again, here is the summary:

That's it. Thanks for reading my article :)