TLDR:
or
Although NFTs are stored on the blockchain, that doesn't mean your digital assets can't be stolen. NFTs have been stolen many times before in the following ways:
These two cases can be categorized as storage and usage risks, and the latter is way more common in NFT hacks. Hence, we need an NFT security solution to prevent hacks from phishing.
This article will walk through the best practice in NFT storage and usage; after that, we will analyze the disadvantage of the current approach and propose our innovative solution - DoubleWeb3.
The safest place to store your NFT is an air-gapped hardware wallet.
Air-gapped is a state where a device is completely isolated from any form of connection. By connection, we mean anything that connects the device to another device or the internet, such as USB, Bluetooth, WiFi, Cellular, or NFC. An air-gapped device is a device that is fully isolated and can never be connected to anything.
This is not the perfect solution, but this is by far the safest option.
After having an air-gapped hardware wallet, you need to prepare a hot wallet for daily use. It is also essential to change your hot wallet from time to time to prevent damage from the leak of the private key of your hot wallet.
Use your hardware wallet to store the NFT that won't be frequently used. If you need to sign anything with a wallet that holds the NFT, transfer the NFT to a newly generated hot wallet, and use it to sign those transactions. If you accidentally sign a malicious transaction, you will lose everything from your newly generated hot wallet while keeping everything else safe.
Many people have a common misconception; they think a hardware wallet works like a vault that "protects" the NFTs stored inside. A hardware wallet cannot protect you from phishing; if you sign a malicious transaction with your hardware wallet, you will lose everything in that wallet.
A hardware wallet can only prevent the storage risk, but it cannot prevent the usage risk. The best practice that combines hardware and hot wallet can mitigate the loss of phishing hacks. Still, it cannot prevent it from happening.
NFT holders sometimes have to sign a message/transaction using a wallet that holds their NFT. Take Twitter as an example; we can now verify our NFT ownership with your wallet. We can expect more and more NFTs to be used for verification in social media, games, and other web services as the web3 prevail. In this case, we cannot just air-gapped our NFT wallet. Otherwise, there will be absolutely no utility for our NFTs.
The dilemma is that a hardware wallet cannot really project your NFTs unless you don't connect your wallet to any web3 services. But if you keep your NFTs air-gapped, you cannot use your NFTs.
If we can separate the ownership and usability of our NFTs, we can keep our NFTs safe without sacrificing their usability. Store the ownership part of your NFT in a hardware wallet, keeping the usable part in a hot wallet.
How can that be done? We can use @doubleWeb3
We have built an NFT security solution to separate the ownership and usability of our NFTs by creating a 'double' of NFTs. The created double stores all the metadata of the original NFT. It can be re-minted and remotely destroyed by the wallet that holds the original NFT through our smart contract anytime.
Take BAYC#1579 as an example. Assume you are the owner of BAYC#1579, and it is stored in the hardware wallet now:
Steps:
If you are interested to know more, you can read our white paper.
If you are an owner of an NFT projects, you can also find us on discord double#6575 or Twitter, DoubleWeb3 is a free service and we provide free integration support to NFT projects.