10 tips for avoiding scams and staying safe on the decentralized web

NFTs are the latest and greatest application of blockchain technology, and OpenSea has become the premier platform for NFT enthusiasts, collectors, and artists around the world. With that comes our desire to increase transparency and community education around security matters and best practices. 

This is the first post in a new series where we’ll be highlighting safety tips and developments in the NFT space. If you have feedback or thoughts on some key points we might have missed, feel free to let us know on Twitter, Instagram, or Discord


Get support via official channels

Customer support is never as fast as we want it to be (we’re working on it), but soliciting help on social channels or Discord, where OpenSea does not provide official customer support, can make you a target for scammers. We recommend only getting help via official channels, and if you do end up asking questions of the broader community, always be cautious.

You can find answers to frequently asked questions and direct support on the OpenSea help center. We’ve also posted other guides on our Blog.


Never share your secret recovery phrase

It may sound obvious to all the crypto veterans out there, but you can never hear it enough. Your wallet’s secret recovery phrase is private to you and should never be shared, even with those you trust. OpenSea is not a wallet provider and will never ask for your wallet’s secret recovery phrase.   

For details on the best way to keep your funds and tokens safe, head to your wallet provider’s website and browse the guides and tutorials.


Make sure your wallet app or extension is the official one

If you’re downloading a wallet browser extension, make sure to get your link directly from the provider’s website. When downloading an app, check the reviews and developer info to confirm you’re getting the right one, and not an imposter. If you’re unsure, there’s no harm in reaching out to the provider to clarify.


Never click on unknown or broken links

Stay vigilant when browsing websites and interacting with others on social media or Discord. Avoid clicking on ads, images, or links sent by strangers.


Never reuse passwords and use a password manager

We’ve all done it, but reusing the same password across multiple accounts makes you more vulnerable to account compromises. A password generator or manager like 1Password or LastPass can make life easier if you’re worried about getting lost in a web of special characters.


Use Two-Factor Authentication (2FA)

Enable two-factor authentication with apps like Google Authenticator and Authy, and avoid SMS 2FA where possible since it can be vulnerable to attacks. You may also want to consider upgrading to a hardware-based 2FA device for extra security. Google Titan, Thesis, and Yubico are some of the options available.


Use a crypto hardware wallet

Using a hardware wallet adds another layer of security for your funds and NFTs. Many users tend to go with Ledger or Trezor.

For extra security, consider using an “air-gapped” computer with your hardware device. An air-gapped computer is one that has never been connected to the internet before.

However, like other hardware items, you need to make sure to keep your wallet secure and not lose it!


Limit smart contract approvals

If you are using MetaMask, make sure to frequently review your spending limit when approving transactions. To do so, click “Edit on Permission” and customize the spend limit for each currency.

For more context and info on how to do it, check out this Twitter thread.


Avoid cold emails and downloading files from strangers

It’s best to not interact with emails, files, and QR codes sent by strangers. Attachments of all formats, including PDFs, have been known to contain harmful viruses or malware.


If it seems too good to be true, it probably is

Sadly, there are bad actors looking to take advantage of those new to the world of NFTs. If someone offers you something that looks too good to be true, it probably is.  

Before you purchase an NFT from a seller on OpenSea, make sure you take a second to do your research on the seller, the collection, the NFT, and the NFT’s history prior to pulling the trigger. Transactions on the blockchain are irreversible so doing your due diligence is critical — and it can also be fun to dive into the story behind each NFT!