Let’s talk about security in NFT world.
The very first thing that comes to mind is:
1. Scam-NFT. An unknown token arrives to your wallet, supposedly a drop of a project you know with a link to the site in the description. If you open this link -> connect your wallet -> sign the transaction -> your wallet is drained.
2. Scam mint. Connect your wallet to mint something, sign the transaction, and all the contents of the wallet goes to the scammer.
Always mint with burner wallets (wallet, where there is nothing of value) and always read that we sign (as a rule, in the description transaction).
3. NEVER AND NOWHERE DO NOT ENTER YOUR SID-PHRASE! Do not forget that under the guise of Phantom, Slope, TrustWallet, and any other purse you can slip you a left-handed estensheng. If you enter a sid-phrase in a fake application or on a fake site, you immediately lose all the contents of the purse.
4. Malware. It depends on what kind. At the very least, access to your browser gives the scammer almost limitless possibilities, and any financial activity you do can turn into a loss.
5. Hacks. Never store sid-phrases and private keys online. Even the most secure cloud storage can be hacked. Storing in your phone’s notes, Google Cloud, or anywhere else is a direct path to trouble.
Nevertheless, accounts need to be protected. If a service important to you (e-mail, appleid, telegram, etc.) supports 2FA-authentication – be sure to use it. 2FA hardware (like YubiKey) is ideal. But you have to buy and set up at least 2 devices. And store them in different places, so that in case of loss of one, accesses are not lost. Hardware 2FAs do not work with all services, but protecting your Google email or Binance account will help.
The second option is apps like Google Authenticator or Authy. The least secure way is 2FA via sms. The SIM can be cloned. Over the last years I read about a lot of cases, when cryptans sims were cloned, and their emails and exchanges were broken, and huge sums were withdrawn (also don’t forget, that money, which is on exchange, is the exchange’s money).
And, of course, use hardware crypto-purses.
And most importantly: your safety is in your hands.
Of course, there are cases of well-thought-out long-term social engineering, there are force mailware events, which do not depend on us, but in most cases if someone gets hooked – he is to blame himself.