Securely Storing Your NFTs: A Complete Guide


When it comes to NFTs, not only can they cost a pretty penny but they hold a lot of sentimental value. With that, you may want to consider storing your NFTs in the most secure location possible.

The safest place to store your NFTs is in a cold-storage hardware wallet like Ledger. Hardware wallets are protected by a seed phrase, a password, touch authentication, and remain offline; meaning hackers can’t gain access. Whereas an online software wallet like Metamask can easily be compromised.

Below you will discover the best way to store your NFTs to ensure safety and security.

What Is the Safest Way to Store Your NFT?

The most secure and preferred way to store your NFT is in a cold-storage hardware wallet like Ledger. This is because hardware wallets and their key information like seed phrase, password, and PIN code are stored in the device itself, making it difficult for hackers and keyloggers to gain access.

One of the most common methods for storing NFTs is using a software wallet like Metamask or Coinbase NFT, however, these wallets can be easily compromised if you aren’t careful. The software wallets work fine for storing NFTs and crypto, but the weak point comes from the fact that the information to access these wallets is stored in the software, which is stored online.

That means if a hacker got access to your computer or phone somehow, they could easily gain access to your wallet by watching your every move. In fact, this has happened many times through numerous types of scams.

The safest option is to store your NFTs and crypto offline using a hardware wallet. With a hardware wallet, it’s important to understand that your NFTs aren’t actually stored offline, only the information required to access your wallet is.

All NFTs are stored on the blockchain, which is as secure as it gets. That being said, most people end up getting hacked via their wallets.

Common NFT Storage Options

Software wallets and hardware wallets are the two main methods for storing NFTs.
Software wallet, IPFS, and Hardware Wallet options

There are various options for storing your NFTs. However, some options are more secure than others. Here are the most common options for storing your NFTs:

Software wallets (Metamask)

A software wallet such as Metamask is considered standard security for NFTs. Everything you do is encrypted on the browser and secured by your password and 12-24 word seed phrase. However, this form of storage is easy to hack, especially considering the types of scams that are common today.

All it takes to hack your software wallet is someone with malicious intent gaining access to the device you use to log in to your software wallets, such as your phone or computer.

One of the most common scams actually involves the wallet holder giving access to hackers by signing a transaction hash, allowing the hacker complete access to their wallet. This type of scam happens every day through Discord DMs and social media.

If you choose to use a software wallet like Metamask to store your NFTs, make sure you do everything in your power to keep your wallet’s secret phrase and password safe. Software wallet best practices include never storing your secret phrase or password anywhere online or on your computer/phone.

Also, make sure to always disconnect your wallet from every site before logging out of your wallet. This ensures that your wallet stays safe in the chance that one of the sites you visit becomes compromised.

InterPlanetary File System (IPFS)

An InterPlanetary File System (IPFS) like Pinata isn’t necessarily used to store the NFT itself. Rather, it stores your NFTs’ data off-chain. Every NFT contains metadata that is used to describe the NFT itself. The only problem is that many creators store an NFT’s metadata on a normal website. That means if the website were to crash, get hacked, or expire, so would the content of your NFT (such as the image or video).

That being said, storing the metadata on an IPFS is safer thanks to its content identifiers (CIDs)—which are hashes of data connected directly to your NFT’s content, as opposed to an HTTP link that has the vulnerability of being modified and hacked.

These hashes of data are stored on your computer. So, when you request data from an IPFS the system looks to its nodes for that same hash of data and then verifies that data is correct by rehashing on the receiver’s computer. If a CID hash is ever produced by a hacker node, you will be notified on your end of the false data.

The added benefits of an IPFS make for a more secure storage option for your NFT’s metadata, however, IFPS isn’t the best option (or even the right option) for storing your NFT.

Cold Storage Hardware Wallet (The Best Solution)

Storing your NFTs in a cold-storage hardware wallet is the safest option. Hardware wallets provide the most security because all of your wallet data is stored completely offline and protected by a device password, PIN code, and 24-word secret phrase.

The only caveat to storing your NFTs in a hardware wallet is that you should avoid connecting it to the internet. A hardware wallet’s greatest defense is that all its private info is stored on the device itself, not online.

That doesn’t mean that you can’t use a hardware wallet as a hot wallet (which means you connect it to the internet), however, this defeats the purpose of the wallet.

A better solution is two either own two hardware wallets (one for transacting, and one for storing), or use a software wallet like Metamask strictly for making purchases, and instantly transferring your NFTs to your hardware wallet afterward.

To be honest, learning how to use a hardware wallet is easy. If you’re only concern is that it’s difficult, let it be known that it’s not.

And if you can’t afford to buy a hardware wallet like Ledger, I highly recommend reconsidering purchasing any NFTs at all.

Ultimately, choose the wallet that best suits your storage needs. If you are constantly buying and selling NFTs, maybe a software wallet will suffice. Likewise, if you are storing your NFTs for a long time, then you need to invest in a cold storage hardware wallet.

Can You Lose Your NFT?

If you’re anything like me, then you value your NFTs and want to take care of them. That’s why it’s important to understand how you could lose your NFTs.

You can't lose an NFT, but you can lose your wallet and secret phrase.
Can you lose your NFT

You can’t necessarily lose your NFT. But you can lose your wallet or the secret phrase that is used to access it. Unfortunately, if you lose your secret phrase, there’s not much you can do to recover your wallet profile.

Losing or damaging your hardware wallet is different though. As long as you know your 24-word recovery phrase, you can access your wallet from a newly purchased device. This is another reason why many people own two hardware wallets.

Can your NFTs be stolen?

Although NFTs are stored on the blockchain, that doesn’t mean your digital assets can’t be stolen.

NFTs have been stolen many times before. In fact, NFTs are just as susceptible to hackers as our emails and social media accounts are, according to a former CIA Professional Hacker. NiftyGateway users have already lost thousands of dollars from NFT art theft through hacking.

A hack can strike at any moment so it’s best to be over-prepared. Storing your NFTs in a cold storage wallet along with being aware of the most common NFT scams is your best bet to avoid being hacked.

Tips for Keeping Your NFTs Safe

There's a lot you can do to ensure your digital assets remain safe in your wallet.
Tips for keeping your NFT safe

Regardless of where you decide to store your NFTs, there are a few tips you might find helpful for keeping your NFTs as safe as possible during storage.

1. Never give out your wallet’s secret phrase.

It has been said time and time again. Never give out your secret phrase. This phrase is used to access your wallet and all its content within. Under no circumstances should you give out your secret phrase.

2. Create complex passwords.

Don’t underestimate how beneficial it is to have a strong password. Passwords that contain upper and lower case characters, numbers, and symbols are most secure. Furthermore, try to avoid using any real words in your password.

Instead, make it as random and as hard to guess as possible. Will you be able to remember it? Probably not, and that’s a good thing. Besides, if you forget the password for your wallet, you can always recover it using your secret phrase, and create a new password.

3. Store your wallet’s private info in a secure, physical location.

The safest place to store your secret phrase and password is in physical form, in a secure location, such as a safe. Never store this information on your computer or anywhere online, as it increases the likelihood of your wallet being compromised.

Writing down your phrase using a pen and paper is the most common practice. However, you risk losing your phrase if the paper were to somehow get destroyed—such as in a fire or flood. 

For this reason, I recommend picking up a stainless steel seed storage plate. These plates are fire and waterproof and come with an engraving pen to easily record your phrase. Combine this with a fireproof safe to ensure your secret phrase stays secure in any situation.

4. Don’t click on random links.

Phishing links are the most common way that people are getting scammed. Once you interact with a malicious link and sign a transaction using your wallet, all your digital assets will be gone before you even notice it.

Phishing links are often found in emails, social media DMs, Discord servers, and fake websites. Always make sure that any link you click is trustworthy, and double-check that the sites you are visiting are right site.

Oftentimes scammers will use look-alike domains to trick people into visiting their site. For example, the real website is Opensea.io, but a scammer might use Opensee.io in an attempt to trick people who aren’t paying close attention.

5. Always log out of your wallet.

Regardless of why you connect your wallet to a website, you should always be sure to disconnect it from the site once you are done. If you don’t, you are putting your wallet at risk, in the chance that the website is hacked.

In general, you should be able to disconnect your wallet from a site the same way you connected to it. If you can’t find where to disconnect your wallet, simply go into your wallet, go to “Connected Sites”, then disconnect.

After your disconnect from all sites, make sure to log out of your wallet as well.

6. Use a Virtual Private Network (VPN) when browsing the internet with your wallet.

Using a virtual private network (VPN) like ProtonVPN is a good way to guard against hackers on public networks. Additionally, they’re useful for hiding your IP address, browsing activity, and personal data on any Wi-Fi network, even if you’re at home.

I personally use a VPN whenever I’m browsing the internet. It’s an easy way to ensure extra security and acts as another line of defense against hackers.

7. Only buy your hardware wallet from the manufacturer’s website.

If you decide to buy a hardware wallet, make sure to only buy it from the manufacturer’s website. Under no circumstances should you trust buying a wallet from someone else or even on Amazon. 

The reason being is that these wallets are known to be compromised before the seller even ships them. Then once you receive it and fill it with your assets, the seller will drain your wallet. Trust me. It’s worth spending the extra $10-$20 to ensure you are buying a legit wallet that you can trust.

If you still don’t know which hardware wallet is right for you, you can check out my vetted list of the best hardware wallets for safely storing your NFTs.

AlexWGomezz

Alex is passionate about informing others on Web3 tech. He previously worked for Gary Vee at ONE37pm as his Web3 writer and has written for other media outlets including Voice. Alex is an avid researcher and investor in the Web3 space and strives to help others while keeping a curious mind.

Recent Posts