• Discounts and special offers
  • Subscriber-only articles and interviews
  • Breaking news and trending topics

Already a subscriber?

By signing up, you accept Moneywise's Terms of Use, Subscription Agreement, and Privacy Policy.

Not interested ?

The short version

  • Non-fungible tokens (NFTs) are stored on a blockchain in digital wallets. Whoever owns the digital wallet has access to the NFT.
  • Despite the overall security of blockchain technology, NFTs are vulnerable to scams through deception, exploitation, and user error.
  • Investors can keep their NFTs safe by keeping their private keys secure and avoiding opening or responding to suspicious messages.

Find a financial adviser in minutes

Are you confident in your retirement savings? Get advice on your investment portfolio from a certified professional through WiserAdvisor. It only takes 5 minutes to connect with an adviser who puts you first.

Get Started

NFTs 101: What they are and how they’re stored

An NFT — short for non-fungible token — is a unit of data that represents a digital asset and tracks the ownership of that asset. NFTs are stored on a blockchain and can represent various assets, including music, artwork, images, videos, and more.

Unlike other digital assets, such as cryptocurrencies, NFTs are unique and can’t be replicated. Think of it this way: millions of people can own Bitcoins that are virtually identical and interchangeable with one another, while only one person can own a specific piece of art.

Like cryptocurrency and other digital assets, NFTs are stored on a blockchain, usually the Ethereum Blockchain. The blockchain records ownership of the NFT and any transactions as the NFT changes hands. The blockchain is mainly anonymous, meaning it doesn’t record the person that owns the NFT. Instead, it records the wallet the NFT belongs to, and the owner has the private key to access that wallet.

More: How to explain NFTs in under 30 seconds

How do people steal NFTs anyway?

If you’ve read about blockchains, you’ve probably heard they are incredibly secure. But if that’s the case, why do we continue to hear stories about NFTs and cryptocurrency theft, like in the case of Seth Green?

As we mentioned, a blockchain doesn’t attribute ownership of an NFT to a specific person. Instead, it attributes ownership to a digital wallet. The wallet's owner has the information and private key to access it. For a hacker to steal an NFT, they would have to gain access to a wallet, usually by getting their hands on the private key.

So how do hackers get their hands on other people’s private keys? There are a few different ways this can happen.

  • Deception: One common way hackers steal NFTs is through deception; they trick an NFT holder into transferring their assets to them or sharing access to their digital wallet. This often happens in emails or direct messages. Someone with a fake profile might convince someone to transfer assets into a different digital wallet. Or they might send a phishing link the NFT owner clicks on, and then they share their private key.
  • Exploitation: With this strategy, rather than targeting the NFT holder, the hacker targets the NFT platform itself. The hacker finds a weak point in the platform’s security or contracts to steal someone’s NFT or “sell” it to themselves for nothing.
  • User Error: Unfortunately, many cases of NFT theft are simply a result of user error. It could be that the NFT owner didn’t adequately protect their private key, didn’t secure their online account with two-factor authentication, or failed to take other precautions to protect their NFTs.

This 2 Minute Move Could Knock $500/Year off Your Car Insurance in 2024

Saving money on car insurance with BestMoney is a simple way to reduce your expenses. You’ll often get the same, or even better, insurance for less than what you’re paying right now.

There’s no reason not to at least try this free service. Check out BestMoney today, and take a turn in the right direction.

Get Started

Gone phishin’: NFT thefts and scams

Green’s story may be just the latest to garner public attention, but it’s far from the only high-profile NFT theft. There are plenty of other examples of people falling victim to these scams.

For example, in 2021, cryptocurrency and NFT investor Chris Chapman listed his Bored Ape NFT for sale on OpenSea with an asking price of about $1 million. But just two months later, a scammer exploited a weakness in OpenSea’s system to buy the asset for 70% less than its selling price.

Another well-known theft happened in early 2022 when former tech executive Eli Shapira had an NFT stolen. Rather than targeting the NFT platform, the hacker targeted him directly, similar to Green's situation. The hacker sent Shapira a link that, when clicked, shared access to his digital wallet. The hacker made off with more than $100,000 of stolen NFTs, which Shapira couldn’t recover.

Finally, in one of the largest well-known NFT heists, art gallery owner Todd Kramer lost more than $2 million of NFTs stolen from his personal collection on OpenSea. The collection included Bored Apes and Mutant Apes, some of the most valuable NFTs on the market.

More: How to spot an NFT scam

How to make sure digital assets are secure

Sometimes it seems like we’re constantly reading about high-profile thefts of NFTs and other digital assets. So how can you prevent yourself from falling victim to one of these hackers? Here are a few tips:

  • Key your private key private. The most important step you can take to secure your NFT is to keep the private key to your digital wallet private. Avoid sharing it with anyone and avoid leaving it somewhere that someone else could find it.
  • Don’t respond to messages from people you don't know. Many hackers gain access to other peoples’ NFTs by messaging them from a fake social media account. Avoid responding to messages from anyone you don’t know. And remember that hackers may try to impersonate someone you know or a public figure. Before answering, make sure the person you’re responding to is really who you think it is.
  • Avoid clicking on untrustworthy links. Phishing scams are a common way that hackers gain access to the information and private keys needed to steal someone’s NFTs. A good rule of thumb is to avoid clicking on links altogether. For example, if you receive an email you believe to be from an NFT platform, rather than clicking on the link, type the platform’s URL into the browser directly.
  • Enable two-factor authentication. By enabling two-factor authentication on your accounts, you ensure that someone can't use your password alone to access your account without your permission. The extra layer of security prevents hackers from getting into your account and could alert you if someone makes an attempt to log in.
  • Store your digital assets in a cold wallet. Hot wallets — wallets connected to the internet — are far easier for hackers to access because they can do it from anywhere. But if you keep your assets in a cold wallet, they must actually get their hands on your hardware wallet to steal your NFTs.

How to avoid buying fake or stolen NFTs

One of the best ways to ensure the NFTs you’re buying are legitimate is by researching the seller. Check their marketplace account to ensure their account is verified. You can also check their social media accounts, other listings, or online reviews from other buyers. If someone is selling fake or stolen NFTs, someone may have already discovered what they’re up to, and you could find out about it on Twitter or Reddit.

Another way to ensure the legitimacy of the NFT you’re buying is to ensure its originality. NFTs are supposed to be unique, so if you find an NFT for sale but then find an identical one for sale on another platform, there’s a good chance it’s not the real deal.

Another thing to remember is that blockchains store the transaction history of each digital asset. As a result, you may be able to see previous transactions involving an NFT you’re considering buying. If someone is selling an NFT the same day they purchased or acquired it, that could be a bad sign.

Finally, make sure you’re always using a reputable NFT marketplace. While these exchanges aren’t always 100% safe and scam-free, they are more legitimate than buying an NFT from an individual without a marketplace or exchanges there to act as the middleman.

More: The 10 best crypto exchanges for 2022

The bottom line: Are anyone’s NFTs safe?

The more you read about scams where cryptocurrency or NFTs are stolen, the more hesitant you may be about buying these assets in the first place. Yes, there are some risks to owning these assets (just as there are with any others).

But you might be surprised to learn that you have much more control than you think to protect your NFTs from hackers. By taking common-sense precautions, you can keep your digital assets safe and avoid falling prey to the most common NFT theft schemes.

Further reading:

Sponsored

Follow These Steps if you Want to Retire Early

Secure your financial future with a tailored plan to maximize investments, navigate taxes, and retire comfortably.

Zoe Financial is an online platform that can match you with a network of vetted fiduciary advisors who are evaluated based on their credentials, education, experience, and pricing. The best part? - there is no fee to find an advisor.

About the Author

Erin Gobler

Erin Gobler

Freelance Contributor

Erin Gobler is a freelance personal finance based in Madison, Wisconsin. After seven years working in state politics, she left to pursue writing full-time. Now she writes about financial topics including mortgages and investing.

What to Read Next

Disclaimer

The content provided on Moneywise is information to help users become financially literate. It is neither tax nor legal advice, is not intended to be relied upon as a forecast, research or investment advice, and is not a recommendation, offer or solicitation to buy or sell any securities or to adopt any investment strategy. Tax, investment and all other decisions should be made, as appropriate, only with guidance from a qualified professional. We make no representation or warranty of any kind, either express or implied, with respect to the data provided, the timeliness thereof, the results to be obtained by the use thereof or any other matter.