The process of identifying a safe NFT marketplace is no different from finding a reputable service to use for anything crypto-related.
However, there are a few extra things to look out for with NFT marketplaces that make them unique from a token exchange or wallet service. NFTs are relatively easy to create these days, so scams and phishing run rampant to lure in gullible buyers.
With this guide, let’s avoid the common pitfalls.
Table of Contents
What are the Risks for an NFT Buyer
By far the largest risk for a buyer is to have their wallets drained by a nefarious execution method on a protocol. An unsuspecting buyer may click to buy an asset and end up having all of their assets in the wallet transferred to a hacker’s wallet.
There are other risks to the user, but they are all just different flavors of draining your wallet of assets. The primary goal of any hacker is to drain the user’s wallet of all assets, quickly transfer them out, and liquidate them for Bitcoin or Ethereum to move them to a decentralized exchange to launder.
There are many preventative measures you can take to prevent this from happening to you. Let’s go through them below.
Safety Factors
We’ll go over some factors to consider when vetting a marketplace for safety. The first is the reputation of the marketplace. Look for user reviews, feedback on social media, and articles discussing the platform. Getting a referral from a trusted friend is one of the most common ways to prevent being phished.
The next factor to consider is the scrutiny of the protocol smart contracts. The amount of smart contract audits conducted is important, along with the reputation of the security auditors of the reports. Additionally, if the protocol has been running for a long time, it is a good sign of trust and built-up resilience of the protocol. The level of smart contracts transparency is also important – the contracts should be readable on Etherscan so you can verify their contents ahead of any executions. This means you should be able to view and verify the code that governs transactions and NFT ownership.
Checking if the marketplace has a robust system for verifying the identity of creators and the authenticity of NFT listings is a smaller but still relevant step. This helps prevent scams and counterfeit NFTs from being listed, thus keeping the marketplace clean of untrustworthy assets. A lot of times, marketplaces list collections that have nefarious intentions, and participants fall victim to the collection’s smart contract vulnerabilities or phishing.
For example, OpenSea used to have an issue with users accepting offers on assets that were airdropped into their wallets. Unsuspecting users clicked the accept offer button expecting WETH, but instead signed away the assets in their wallet to be drained.
One thing to consider is that a reliable marketplace should have effective customer support and a clear process for resolving disputes. This is crucial for addressing any issues that may arise, and also shows the level of dedication the team has in maintaining safety throughout the product.
Additional checks such as looking at the history of security breaches or hacks, and how they were handled. This can give insights into their security strength and response efficiency. A reputable team will swiftly address the hack, make public announcements, and have follow-up communication post-facto. A penetrated protocol doesn’t necessarily mean it is no longer trustworthy, as no code base is ever 100% hack-proof. It is how the team manages the issue, which is ultimately the most reliable proof.
How to Avoid Scams and Frauds
Some advices like below are all easy to say, but in the heat of a moment, even veterans fall prey to scams.
Go Beyond the Common Guidelines
There is a lot of good advice on the topic of avoiding scams and fraud in crypto, but they all seem too easy to for hackers to overcome nowadays. Anyways, here are some of them.
- Don’t click on random links.
- Avoid blindly following Twitter accounts without vetting.
- Don’t deal with anyone who DMs you on Discord.
- Don’t sign anything through your wallet without extensive research.
Advanced Ways to Secure Yourself
Here are some of the advanced ways that Cyan recommends to safeguard its users in any NFT Marketplace.
Wallet Guard
To truly eliminate the risk of falling victim to draining your wallet before execution requires reading contract code, which even veteran smart contract developers have trouble identifying. Using tools like Wallet Guard helps prevent careless executions by adding a pre-warning step for each transaction before user confirmation.
Hardware Wallets
One of the best methods to avoid exposing your NFTs, and any crypto asset for that matter, is to use a hardware wallet. This involves a bit of work to set up and get used to. However, the inconvenience is worth the peace of mind knowing your assets cannot be drained unless you directly execute from the wallet.
Delegate.xyz
Tools like Delegate.xyz provide you with a way to use your NFTs through your MetaMask while keeping the NFTs in your hardware wallet. The most common hardware wallet used for NFTs is Ledger Nano S. You can read up on how to set up a Ledger here.
What makes Cyan a Safe NFT Marketplace
Umpteen Number of Security Audits
Cyan is one of the safest NFT marketplaces to use given its extensive care to security.
A list of security audits shown below is available to read publicly. All smart contracts on the Cyan protocol are verified on Etherscan, thus making them transparent and readable to anyone. The team is available 24/7 in the community Discord, with an under-15-minute response time for help tickets and a 100% closure rate.
The protocol has been running for close to two years now, showing the resilience of the protocol after having processed over 2,000 NFT loans to date. The Cyan Wallet is an escrow wallet that is not executable unless actioned from the user’s main wallet. This means NFTs sit in a smart contract wallet which is inaccessible to any protocol or hacker unless explicitly approved by the user. While it is not as secure as using a hardware wallet, this is an added layer of protection for the user.
Whitelisted Actions
Cyan also carefully whitelists functions from other protocols and collections, so any function that isn’t approved by Cyan ahead of time will never execute. This is to protect the user and lenders during loans as all loans are asset-backed. Thus, Cyan has a strongly aligned interest with the user when it comes to the security of NFTs in the Cyan Wallet.
In-Person Vetting by Cyan
Lastly, all collections available on Cyan have been vetted by the team. Collections must have a solid reputation, good dispersion of ownership, a vetted development team, sufficient liquidity, and longevity. There are certainly riskier collections available, which are categorized into the Cyan Degen Vault – these are risky due to their price movement, rather than from the risk of phishing or scamming. When a collection shows any signs of risk of fraud or does any action that harms the safety of the asset, the collection is immediately delisted from the Cyan marketplace.