In anticipation of RMX’s first drop, Cursed Emojis with Artist Yung Jake, I wanted to take a moment to discuss security. My first NFT was stolen; since then, I’ve learned a lot about protecting my assets. I’m especially cautious about protecting the work I make myself. As the Chief of Staff for RMX, we’re focused on tools to create culture on-chain, protecting provenance and royalties, and if someone takes something you create, you might not receive your due. My BFF Bracelet was especially meaningful as it was my first introduction to web3, and it inspired my recent journey to join RMX.

On October 7, 2022, at 5:29 am PST, my BFF bracelet, worth roughly 0.3 ETH, was stolen from my wallet. The theft happened without my knowledge while I slept, and I’m still trying to track down the culprits and not entirely sure how they got access to my wallet. I’m relatively new to the web3 space, and I’ve probably been operating with more trust than I should have been. This was a wake-up call for me about security practices. If you have NFTs you care about in a hot wallet (metamask wallet connected to your browser), please consider getting a hardware wallet.

This is the stolen Bracelet. HOW FRUSTRATING?!? It’s right there in plain sight, but I cannot get it back :-(

In a postpartum daze in early 2022, I watched a replay of BFF’s launch. They shared a link and said to send your wallet address, and we’ll be ‘air dropping’ an NFT to the first however many. No idea what any of that meant, but I heard, “Free NFT that will give me access to learn more about web3.”

This airdrop would be my first NFT, so I downloaded Metamask from the app store on my mobile device, created an account, and put my address in the form. A few weeks later, I connected my wallet to Opensea using the metamask extension on chrome which I installed from the chrome webstore. There it was, my first NFT, a friendship bracelet that indicated I was part of this group, learning about cryptocurrency.

Around the same time, I got obsessed with the NFT space, joined RMX full-time as Chief of Staff, and started Product Managing our first drop, which is due to launch in early 2023.

There I was deep in learning what it means to create on-chain, to mint from a contract, and to create an app with no web2 dependencies or some dependencies, cause you know, on-chain is forever. Then, last week, I saw BFF is offering a new perk. I went to the perk shop, and it said there wasn’t an eligible token. So I went to Opensea and saw that it was transferred from my wallet at 5:29 am. My heart sank. I didn’t do that, but I used my wallet to connect to many sites, Mirror, Instagram, you name it, so that it could have been anywhere.

What next? I spent $100 worth of gas fees to move all my NFTs to a cold wallet quickly. That’s a wallet that I will never connect to any site. I ordered a hardware wallet, which, when it comes, will hold my NFTs t for extra security. I tweeted about it - a mistake cause SO many scammers wanted to ‘help me get it back,’ which is impossible on the blockchain, but they marked me as a patsy.

Even though I knew it was impossible, I still hoped that one of these self-proclaimed hackers might have been the culprit who stole it in the first place, trying to sell it back to me. One person had me email metamask help to a suspicious Gmail account and wanted me to connect my wallet + secret passphrase. That’s a significant hint at fraud, asking for the secret passphrase. That’s like giving someone the pin to your debit card and then being surprised when your bank account is empty. I wondered if maybe I saw a drop or an artist I liked and connected my wallet to their site, and perhaps it wasn’t their site. If I’m being honest, I was a bit kamikaze with connecting my wallet to sites and need to accept that I am at fault for not protecting something I value.

I still want that freedom to do that and explore, but now I’m going to do that with a wallet not connected to any valuables. I also purchased a new BFF bracelet cause I cherish being a member of the BFF community. (My new Bracelet below is missing one charm, but hey, that’s not bad!)

I read a few articles on safety. Below are some of my takeaways:

• Hot Wallet vs. Cold Wallet

  • Cold wallets operate in offline environments, and hot wallets connect to the internet. Hot crypto wallets are generally software you could find on a mobile device, a cloud server, or a laptop. Cloud wallets or web-based hot wallets are available on online platforms under the control of centralized entities. Desktop and mobile wallets work as apps that users can download to a local electronic device. Interestingly, the desktop and mobile variants of hot wallets are non-custodial.

• Two popular wallets include Ledger and Trezor.

  • I purchased a ledger, set it up, added the Ethereum app, and created a new account. I then transferred all of my NFTs to that wallet. To buy the new BFF bracelet, I connected my ledger to metamask and that wallet to Opensea, where I purchased my new Bracelet with almost the same amount of charms!