Last weekend was chaotic for the NFT community, specifically all users of OpenSea, the world’s biggest NFT marketplace. Apparently, more than a dozen people lost their collectibles directly from their wallets. Here is how that happened and how you can protect yourself from such malicious attempts.
Phishing is a constant threat
The team behind OpenSea had a lot of work to do over the weekend. After several users reported that NFTs had been stolen from their wallets, it was completely unclear why this has happened. After carefully checking the platform and getting in touch with the victims the developers concluded that OpenSea was intact.
That was of course a big relief for everybody trading on the marketplace. In conclusion, the theft happened through a phishing attack. Phishing often involves e-mails that attempt to lure unsuspecting victims on fake platforms in order to get their login credentials, private keys or any other important data.
In the case of the phishing attack on OpenSea, there were 17 victims who lost around 250 NFTs worth roughly $3 million. If you like to know more about phishing and how to protect yourself in general, you should check out this article.
A burner wallet can protect you
When interacting with smart contracts there is a simple step that can protect your NFTs and every other asset that is kept in your wallet. A so-called burner wallet is meant for one-time use only.
A malicious smart contract can only access the wallet that is connected to it. If your main account is separate, you cannot prevent an attack, but you can mitigate the risk of losing other assets that are not directly involved in the transaction that you are looking forward to undertaking.
Burner wallets have become particularly common in the NFT space. Since there are so many NFT projects it is easy for criminals to start phishing attempts through faked websites and try to convince the victims that they are minting NFTs while in fact, they execute a smart contract that is going to empty their wallets. A burner wallet usually only holds a fraction of a person’s crypto that is only needed for the immediate transaction.
If the transaction like minting or receiving an airdrop is successful, the funds are moved from the burner wallet to the main account. But there is also a downside to this method. You’ll always have to pay more transaction fees since you have to transact assets in and out of the burner wallet. And you have to create a new wallet for each transaction and make sufficient backups to protect yourself from losing access to your burner address.
If your NFT collection is already worth something you should think about paying the additional costs and making the effort or at least keeping your most precious assets on a separate account.