All Collections
User Safety
How can I stay safe and protect my NFTs?
How can I stay safe and protect my NFTs?
Updated over a week ago

This guide highlights key tips for staying safe in the NFT and Web3 space.

11 Tips for Staying Safe in the NFT space

Use official support channels

We recommend only getting help on official channels, and if you do end up asking questions of the broader community, always be cautious. Soliciting help on social channels or Discord, where OpenSea does not provide official customer support, can also make you a target for scammers.

You can find answers to frequently asked questions and direct support on the OpenSea Help Center. We’ve also posted other guides on our Blog.

mceclip1.png

Never share your secret recovery phrase

It may sound obvious to all the crypto veterans out there, but you can never hear it enough. Your wallet’s secret recovery phrase is private to you and should never be shared, even with those you trust. OpenSea is not a wallet provider and will never ask for your wallet’s secret recovery phrase.

For details on the best way to keep your funds and tokens safe, head to your wallet provider’s website and browse the guides and tutorials.

mceclip2.png

Make sure your wallet app or extension is the official one

If you’re downloading a wallet browser extension, make sure to get your link directly from the provider’s website. When downloading an app, check the reviews and developer info to confirm you’re getting the right one, and not an imposter. If you’re unsure, there’s no harm in reaching out to the provider to clarify.

mceclip3.png

Never click on unknown or broken links

Stay vigilant when browsing websites and interacting with others on social media or Discord. Avoid clicking on ads, images, or links sent by strangers.

mceclip4.png

Never reuse passwords and use a password manager

We’ve all done it, but reusing the same password across multiple accounts makes you more vulnerable to account compromises. A password generator or manager like 1Password or LastPass can make life easier if you’re worried about getting lost in a web of special characters.

mceclip5.png

Use Two-Factor Authentication (2FA)

Enable two-factor authentication with apps like Google Authenticator and Authy, and avoid SMS 2FA where possible since it can be vulnerable to attacks. You may also want to consider upgrading to a hardware-based 2FA device for extra security. Google Titan and YubiKey are some of the options available.

mceclip6.png

Use a crypto hardware wallet

Using a hardware wallet adds another layer of security for your funds and NFTs. Many users tend to go with Ledger or Trezor.

For extra security, consider using an “air-gapped” computer with your hardware device. An air-gapped computer is one that has never been connected to the internet before.

However, like other hardware items, you need to make sure to keep your wallet secure and not lose it!

mceclip7.png

Limit smart contract approvals

If you're using MetaMask, make sure to frequently review your spending limit when approving transactions. For more context and info on how to do it, check out this MetaMask support article.

mceclip8.png

Avoid cold downloading files from strangers

It’s best to not interact with files, and QR codes sent by strangers. Attachments of all formats, including PDFs, may contain harmful viruses or malware.

Email safety

It’s important to be vigilant about email safety, too.

  • Be cautious of phishing emails from addresses trying to impersonate OpenSea. OpenSea will ONLY send you emails from the domain opensea.io. Please do not engage with any email claiming to be from OpenSea that does not come from this email domain. Emails from OpenSea have a verified blue checkmark in Gmail and a “Digitally Certified” mark in Apple Mail.

Blue checkmark.png

  • Never download anything from an OpenSea email. Authentic OpenSea emails do not include attachments or requests to download anything.

  • Check the URL of any page linked in an OpenSea email. We will only include hyperlinks to ‘email.opensea.io’ URLs. Make sure that ‘opensea.io’ is spelled correctly, as it’s common for malicious actors to impersonate URLs by shuffling letters.

  • NEVER share or confirm your passwords or secret recovery phrases. OpenSea will never prompt you to do this in any format, including email.

  • NEVER sign a wallet transaction prompted directly from an email. OpenSea emails will never contain links that directly prompt you to sign a wallet transaction. Never sign a wallet transaction that doesn't list the origin of https://opensea.io if you were led there by email.

mceclip9.png

If it seems too good to be true, it probably is

Sadly, there are bad actors looking to take advantage of those new to the world of NFTs. If someone offers you something that looks too good to be true, it probably is.

Before you purchase an NFT from a seller using OpenSea, make sure you do your research on the seller, the collection, the NFT, and the NFT’s history prior to purchasing. Transactions on the blockchain are irreversible so doing your due diligence is critical — and it can also be fun to dive into the story behind each NFT!

If you're a creator looking to sell an NFT, after you've created a listing using OpenSea you don't need to do anything else to complete a sale to a buyer. If you've heard from a buyer experiencing an error who is asking you to pay additional funds to facilitate a sale, it's a scam.

Exercise caution on social media

Be cautious if you receive an unexpected direct message on Instagram or Twitter as it could be a scam. OpenSea will never DM you first on social media.

While communities like Discord can be great places to connect with and learn from other creators and NFT collectors, it's best to contact us directly using our Help Center at support.opensea.io if you need support.

Did this answer your question?