This guide highlights key tips for staying safe in the NFT and Web3 space.
10 Tips for Staying Safe in the NFT space
Use official support channels
We recommend only getting help on official channels, and if you do end up asking questions of the broader community, always be cautious. Soliciting help on social channels or Discord, where OpenSea does not provide official customer support, can also make you a target for scammers.
You can find answers to frequently asked questions and direct support on the OpenSea Help Center. We’ve also posted other guides on our Blog.
Never share your secret recovery phrase
It may sound obvious to all the crypto veterans out there, but you can never hear it enough. Your wallet’s secret recovery phrase is private to you and should never be shared, even with those you trust. OpenSea is not a wallet provider and will never ask for your wallet’s secret recovery phrase.
For details on the best way to keep your funds and tokens safe, head to your wallet provider’s website and browse the guides and tutorials.
Make sure your wallet app or extension is the official one
If you’re downloading a wallet browser extension, make sure to get your link directly from the provider’s website. When downloading an app, check the reviews and developer info to confirm you’re getting the right one, and not an imposter. If you’re unsure, there’s no harm in reaching out to the provider to clarify.
Never click on unknown or broken links
Stay vigilant when browsing websites and interacting with others on social media or Discord. Avoid clicking on ads, images, or links sent by strangers.
Never reuse passwords and use a password manager
We’ve all done it, but reusing the same password across multiple accounts makes you more vulnerable to account compromises. A password generator or manager like 1Password or LastPass can make life easier if you’re worried about getting lost in a web of special characters.
Use Two-Factor Authentication (2FA)
Enable two-factor authentication with apps like Google Authenticator and Authy, and avoid SMS 2FA where possible since it can be vulnerable to attacks. You may also want to consider upgrading to a hardware-based 2FA device for extra security. Google Titan and YubiKey are some of the options available.
Use a crypto hardware wallet
Using a hardware wallet adds another layer of security for your funds and NFTs. Many users tend to go with Ledger or Trezor.
For extra security, consider using an “air-gapped” computer with your hardware device. An air-gapped computer is one that has never been connected to the internet before.
However, like other hardware items, you need to make sure to keep your wallet secure and not lose it!
Limit smart contract approvals
If you're using MetaMask, make sure to frequently review your spending limit when approving transactions. For more context and info on how to do it, check out this MetaMask support article.
Avoid cold downloading files from strangers
It’s best to not interact with files, and QR codes sent by strangers. Attachments of all formats, including PDFs, may contain harmful viruses or malware.
Email safety
It’s important to be vigilant about email safety, too.
- Be cautious of phishing emails from addresses trying to impersonate OpenSea. OpenSea will ONLY send you emails from the domain opensea.io. Please do not engage with any email claiming to be from OpenSea that does not come from this email domain. Emails from OpenSea have a verified blue checkmark in Gmail and a “Digitally Certified” mark in Apple Mail.
- Never download anything from an OpenSea email. Authentic OpenSea emails do not include attachments or requests to download anything.
- Check the URL of any page linked in an OpenSea email. We will only include hyperlinks to ‘email.opensea.io’ URLs. Make sure that ‘opensea.io’ is spelled correctly, as it’s common for malicious actors to impersonate URLs by shuffling letters.
- NEVER share or confirm your passwords or secret recovery phrases. OpenSea will never prompt you to do this in any format, including email.
- NEVER sign a wallet transaction prompted directly from an email. OpenSea emails will never contain links that directly prompt you to sign a wallet transaction. Never sign a wallet transaction that doesn't list the origin of https://opensea.io if you were led there by email.
If it seems too good to be true, it probably is
Sadly, there are bad actors looking to take advantage of those new to the world of NFTs. If someone offers you something that looks too good to be true, it probably is.
Before you purchase an NFT from a seller on OpenSea, make sure you do your research on the seller, the collection, the NFT, and the NFT’s history prior to purchasing. Transactions on the blockchain are irreversible so doing your due diligence is critical — and it can also be fun to dive into the story behind each NFT!
