BLOG

Securing NFTs

The Blockchain provides a secure medium to hold NFTs and cryptocurrencies.  Like any virtual or real life security solution it can only be as reliable as the key system used to access it. If some sort of access solution does not exist the ‘secured’ item cannot be accessed.  It is as secure and useless as throwing it off the side of a ship in the ocean.

The Blockchain solution is the wallet; a device to hold funds and record NFT holdings.  Like any key system lose access to the wallet and also lose all access to its virtual content.  Steal the credentials to open the wallet and gain access to the contents.  A hacker can transfer those contents to their own wallet then sell them on before the crime can be traced.

The basic solution is a browser based wallet such as MetaMask .  This type of solution is installed as a browser plug-in.  The actual keys and access protocols are handled by the web browser.  When an account is created as set of common English words is generated as a ‘secret recovery phrase’.  In MetaMask the phrase is 12 words, other wallets may use longer word strings.  This phrase is used to access and use the wallet.  Lose the phrase and the contents of the wallet might be accessible by a specialised data recovery company but are probably gone for good.  The phrase should be written down and kept safe.  Storing it as a text file on the same computer as the wallet plug-in is not a good plan.

The next step up is to have some form of stand-alone computer program.  These are often installed on mobile devices.  Trust Wallet is an example solution for Android or IOS.  Trust Wallet also uses a 12-word recovery phrase but also has the built in security of the host device.  As with any mobile losing access to an unlocked device exposes the owner’s personal data and possibly the contents of the wallet.  Locking systems such as ‘find my phone’ can be overcome but will take time allowing the loser an opportunity to remove or lock data before it is exploited.  Storing the recovery phrase with the phone is another recipe for disaster.

Most software wallet solutions can be set up at zero cost.  As long as no funds are placed in the wallet they can be installed and trialled with no risk. 

For a higher degree of security various hardware systems can be used.  These usually connect through USB or Bluetooth and sync through a dedicated app.  These devices boast enhanced encryption protocols for data on the wallet.  Some such as the D’Cent wallet include biometric security to further protect data.  As the devices are relatively small they are easy to store and hide away; possibly equally easy to lose track of.  Like any computer they are susceptible to physical or fire damage so some care needs to go into where they are stored.  Someone dealing in larger numbers of transactions or using several different cryptocurrencies may need to rely on several different wallets.  If the wallet is lost any theft of funds will also require knowledge of the associated passkey information.  It should be possible to restore connections to a new device if the original passphrase is known.  This also means that if that passphrase has been compromised and the wallet is not frequently checked the hardware wallet can be cloned and contents stolen.


Scroll to Top