How to Secure your Collection
How to Secure your Collection
In the last episode of After Dinner Mints, Jake Rockland covered the basics of securing crypto holdings, and I thought this would be an excellent opportunity to reiterate best practices.
In the video, Jake said your level of protection should change based on the value of assets you need to secure. You wouldn’t buy a 5-million-dollar insurance policy on a 200k house. Nor would you buy a 200k insurance policy on a 5-million-dollar estate. So if your NFT collection is only a few relatively inexpensive pieces, keeping them on your MetaMask wallet should be fine. But if you’re holdings are worth a significant amount, you should seriously consider sending them to a secure hardware wallet.
Let’s cover hot wallets (like MetaMask) and hardware wallet options, then go over some standard best practices for wallet security.
TL;DR — General Takeaways
· If you don’t have a hardware wallet for important assets, get one.
· Set up the hardware wallet in a secure setting and treat your seed phrase like the keys to your bank.
· Make sure there are no cameras that can record your seed phrase.
· Don’t click sketchy links or download unrecognized attachments.
· Don’t sign random transactions without verifying the contract address.
Hot Wallets vs. Cold Wallets
Wallets can be separated into two groups: those always connected to the internet — a hot wallet like MetaMask. And wallets that can be disconnected from the internet — a cold wallet or hardware wallet, like Trezor or Ledger.
If you’re new to Art Blocks or have never set up a software wallet, I highly suggest you read the first section in this step-by-step guide on setting up a MetaMask wallet in the Art Blocks 101 article. We’ve included relevant links and screenshots to take the guesswork out of the setup.
But, if you’re like most Art Blocks collectors, you already have a MetaMask account, but you might not have a hardware wallet.
If you’re thinking about purchasing a new hardware wallet, we highly suggest you go with a Trezor or Ledger and buy directly from the manufacturer’s website — not a reseller on eBay or Amazon. If you buy on a secondary market, you risk buying a piece of hardware that has been tampered with. Of course, this is unlikely, but let’s not test our luck for the sake of security.
Both hardware wallets are established names and broadly trusted. I personally went with a Trezor Model T for my first hardware wallet. Tezor is an open-source project, and people much brighter than myself have looked over their GitHub repo. But as always, do your own research and find a solution you’re comfortable with.
Setting up a New Hardware Wallet
As we mentioned, only buy a hardware wallet directly from the manufacturer — and stick to either Trezor or Ledger. If you buy a hardware wallet and a seed phrase is included in the box, the hardware has been compromised. Whenever you’re setting up a new wallet, the device should provide you with the seed phrase on a fresh install.
Your seed phrase is the key to your kingdom. You should guard these as tightly as you protect access to your bank accounts or social security number. If someone knows the phrase, they’ll have full access to your wallet’s holdings. For this reason, it is HIGHLY recommended that you write down the seed phrase and store it in multiple locations. For bulletproof security, buy a metal seed storage card and etch your phrase in the metal. For the highest level of security, split the key phrase among multiple metal cards and store them in different safe deposit boxes.
Really, get as creative as you want to ensure no one has access to your seed phrase. Just make sure you can remember how to put them together, and you’re able to access the wallet in an emergency.
Test your Wallet
Ok. Now you have your new hardware wallet and etched the seed phrase in metal. Before you transfer anything valuable to the wallet and put it in a safe deposit box, practice resetting your wallet with the seed phrase. You’ll also want to send a tiny amount of ETH in and out of the wallet to ensure everything works as advertised.
After you’ve restored the wallet and tested a transaction, go ahead and send your valuable pieces to the new address.
Recognize a Scam
Scams are responsible for most security failures. So beyond keeping your seed phrase guarded, you must use basic internet common sense — especially if you’re only using a MetaMask wallet.
MetaMask support will not reach out to you on Twitter. You should never click links from random people in Discord. Watch out for phishing websites asking for personal info. Double-check the contract address and read permissions before signing any transaction.