Explained: How to securely store and buy NFTs

2022 Mar 16

I will explain how to secure NFTs.

Things you can learn:

• How to securely store NFTs
• How to securely buy NFTs

It's basic knowledge, but very important.
If you use NFTs, you have to understand.

Disclosure (My wallet here)

I have CryptoPunks, BAYC, Meebits, and so on. So I'm bullish on this field and have relatively high knowledge of NFTs and investing in this field.

Quick Take

• I recommend Ledger Nano S to securely store NFTs
• You can store NFTs offline using Ledger Nano S
• Metamask is a wallet, not a place of storing value
• Important: You must buy it from the official site
• Buy with Metamask --> transfer to Ledger Nano (Secure way)

How to securely store NFTs

In short, I recommend Ledger Nano S.

*I use a referral link from Ledger Nano, but it's not for money. Instead, I like the product so that I can introduce it to everyone.

*If you use Ledger Nano without any knowledge, security risk will increase. Please read this article to boost your understanding.

The basics of Crypto Wallet

There are two kinds of Crypto Wallets:

• Hot wallet: High convenience, Low security
• Cold wallet: Low convenience, High security

Examples are as follows:

• Hot wallet: Metamask, Crypto exchange's wallet
• Cold wallet: Ledger wallet, TREZOR wallet

It's easy for your brain to imagen like below:

• Hot Wallet: Wallet
• Cold Wallet: Bank savings

We securely store our coins in Cold Wallet (=bank savings). On the other hand, we use Hot Wallet (=wallet) to spend some coins (e.g. buy NFTS).

Hot wallet vs. Cold wallet

Below are the summary of the wallets:

Hot wallet:

• Store crypto online
• Can be used everywhere using internet
• High convenience, but low security

Cold wallet:

• Store crypto offline
• Hardware wallet or Paper wallet
• Low convenience, but high security

The difference is whether it is connected to the internet.

For example, Metamask is connected to the internet — we call it Cold Wallet. So it's highly convenient but low security.

*There was an incident in 2018 in Japan. Coincheck, one of the most famous crypto exchanges, was hacked and stolen, equivalent to $500 million. One of the problems was Coincheck's Hot wallet. The exchange stored too many coins in Hot Wallet so that the amount of damage became bigger.

What's the problem with Metamask?

The thing is the place where they store the Secret-key.

Necessary background: When you store your coins in your wallet, you need a Secret-key. Secret-key has the privilege to send your coins. Without it, no one can move your coins.

For example, let's see the followings:

You can see the word Secret Recovery Phrase, which is equal to Secret-key.

Please don't reveal your Secret-key like me. It's dangerous. Using its phrase, everyone can hack my Metamask's account. *It's empty though.

Metamask save your Secret-key in your browser

Metamask is safe while your PC and browser are safe. But if it has been affected, it is possible to steal your funds.

For example, if you installed a Chrome extension affected by some viruses or got a malicious email from someone, Metamask is unsafe.

Perhaps you lost your ID/Password and your funds in your Metamask; that situation is terrible, so we need Cold Wallet to secure our funds.

The comment from the developer of Metamask is as follow:

I absolutely recommend storing value off-line as much as possible. When I use MetaMask to exchange some value, I try to transfer that value back to a "colder" wallet soon. If I don't, I accept that there's a risk involved.

Make sense? Are your funds safe enough? Let me explain why I recommend Ledger Nano.

I recommend Ledger Nano S

As I said before, I recommend Ledger Nano S, one of the most famous Cold Wallets. We can also call it Hardware Wallet. You can store your crypto offline so that your funds are safe.

Attention: you must buy it from the official site

If you visit eBay, there are some Ledger Nano S with lower prices than the official site. BUT DO NOT BUY IT. It's dangerous. Some of them are affected by malware. That means if you use it, you lose your funds.

There are two kinds of Ledger Nano

You can see these two lineups on the official site:

• Ledger Nano X：$149 (Large amount of capacity / Bluetooth compatible)
• Ledger Nano S：$59 (Small amount of capacity / Bluetooth not available)

If you are a beginner in this industry, Ledger Nano S is enough. However, I'm satisfied with Ledger Nano S, even though I'm beyond a beginner.

The main difference between them is their capacity. You can install many apps if you choose Ledger Nano X. But in my case, I repeatedly install and uninstall apps to use Ledger Nano S without any stress. If you are Crypto Rich, then buying Ledger Nano X is fine.

What if Ledger Nano is broken?

Ledger Nano is hardware, so sometimes it's broken. So what happens if it's broken? No problem.

As long as you remember your Secret-key, your funds are safe. Simply buy a new Ledger Nano and then put your Secret-key, which will cause recovery or your fund’s control.

How to securely buy NFTs

In short, I recommend these steps:

• STEP1: Buy NFTs using your Metamask
• STEP2: Transfer your NFTs to Ledger Nano

Let me explain one by one.

STEP1: Buy NFTs using your Metamask

Needless to say, Please visit OpenSea and buy some NFTs using your Metamask. Your data has been stored in your Metamask and browser. It's okay but lower security. So let's move NFTs into Ledger Nano.

STEP2: Transfer your NFTs to Ledger Nano

You can transfer your NFTs to click the button below:

Put your Ledger Nano's address as a transfer address. That's it. Pretty simple, right? It's a very secure way of buying NFTs.

Question: Why don't we directly buy NFTs using Ledger Nano

You can connect your Ledger Nano and Metamask like so:

After that, you can connect Ledger Nano to OpenSea:

This way is also okay and straightforward. But there is a problem.

What the heck of Blind signing?

You can see the popup when you connect your Ledger Nano to OpenSea:

The thing is Blind signing, one of the lesser known tricks being leveraged by scammers to steal your assets.

For example, please take a look below:

On the left (where it says Mitko) is the legit one, on the right is the one which drained people’s wallets

Please study both of them as the difference is minimal but devastating

Please please reach out to someone if you need to talk, I know this will be difficult for many. Gm pic.twitter.com/2Y4guuFTyi

— Mitko 🏴󠁧󠁢󠁳󠁣󠁴󠁿 | web3adventures.eth (@mitkopitko7) February 20, 2022

You can see two kinds of popups on the tweet above. The first one is safe, but the second one is dangerous; the difference is Blind signing.

What happens if you accept Blind signing?

Again, let's take a look at the screenshot below:

This popup is from OpenSea, so it's safe.

But if you visit the NFT marketplace, which is not famous, and get a popup containing Blind signing, it's better not to accept it. There is a chance to steal your funds from a hacker.

If I were a hacker, I would create some lottery website that says as follow:

You have a chance to get a prize every day on this website. The only thing you have to do is just connect your Metamask to our website.

Needless to say, if you connect it, you will lose your funds. Or possibly, first two or three months, I will give a prize to get the trust of the attendees and then attract new customers. But after some period, I will hack everything.

How to avoid hacking?

• Don't use a not famous marketplace
• Be aware of Blind signing

The former is more important. OpenSea is okay. You can blind signing with it. But if you blind signing to not famous website, it's in danger.

That’s why I had said like below:

✓How to securely buy NFTs
- STEP1: Buy NFTs using your Metamask
- STEP2: Transfer your NFTs to Ledger Nano

That's one of the most secure ways of storing your NFTs. In addition, your Ledger Nano never connects to Metamask and accepts Blind signing, which means the security level is pretty high.

Lastly: I recommend a VPN app

Please take a look at my tweet below:

仮想通貨のセキュリティ対策😌
基本的なことですが、ネット接続する際は「VPN利用」がオススメです。海外だと「ホテル滞在中に仮想通貨やNFTを触っていたら、メタマスクをハッキングされた」という話もあります。なお、僕が使っているのは「TunnelBear」ですhttps://t.co/K5qd91AF28 pic.twitter.com/0uMj8uhp7s

— Manabu (@manabubannai) November 27, 2021

I got more than 100 RTs, and I will translate it as follows:

I recommend using TunnelBear, a famous VPN app when you use Metamask or your crypto. Because sometimes, WiFi is not safe, especially if you use public WiFi or a hotel's WiFi. I've heard an experience of someone who lost his funds after using Metamask with the hotel's WiFi.

Also, please take a look at as follow:

TunnelBearを使うことで、ネット接続を暗号化できます。フリーWiFiha危ないので、自宅以外で仮想通貨を触るなら、間違いなく「ON」がオススメ。
なお、そのままTunnelBearを使ってもいいですが、画像のとおりに設定すると、よりセキュリティレベルが上がります。参考までに共有です pic.twitter.com/EY0MBR9Pdw

— Manabu (@manabubannai) November 27, 2021

You can see three screenshots on the tweet, right? Please follow the settings same with photos so that your VPN data become more secure.

Again, here is the summary:

• I recommend Ledger Nano S to securely store NFTs
• You can store NFTs offline using Ledger Nano S
• Metamask is a wallet, not a place of storing value
• Important: You must buy it from the official site
• Buy with Metamask --> transfer to Ledger Nano (Secure way)

That's it. Thanks for reading my article :)