Back to learn

Can NFTs be stolen?

8 min read

Can NFTs be stolen?

Rounding it up

  • NFTs can be stolen if someone gains access to your digital wallet’s private keys.

  • It’s also possible for an NFT’s files to disappear from the internet if they’re not hosted in a secure format.

  • The first step in protecting your NFTs is to use secure passwords and multi-factor authentication on all your exchange and marketplace accounts.

  • You should also consider using a non-custodial hardware or software wallet to store the private keys to your digital assets.

  • For extra security, consider hosting your NFT files on a more secure platform than an HTTPS URL, so that you won’t lose your assets if a server or web host goes offline.

You’ve just purchased your very first NFTs (non-fungible tokens) and you’re excited about your new investment. Now that you have your first NFTs, you need to find a place to store them, so you quickly start searching for NFT-compatible wallets.

But then the thought crosses your mind and you wonder: “can NFTs be stolen?”

If you’ve recently found yourself in this situation, you’re not alone. The rise in popularity of NFTs means that these digital assets are in more hands than ever before. Anyone that’s spent enough time in the cryptosphere knows that crypto is a prime target for fraudsters and digital thieves. But do these hacks and scams extend to NFTs, too?

Unfortunately, yes, NFTs can be stolen.

If someone were to get access to the private keys that are associated with your NFTs and other digital collectibles, they can send them to another wallet or an NFT marketplace and sell them for a profit. When this happens, it’s extremely difficult, if not impossible, to get your property back.

The good news is that there are ways to prevent these sorts of situations from happening. In this article, we’ll discuss how NFTs can be stolen and what you can do to thwart potential thieves in their tracks.

KOHO Signup Link

Can someone steal your NFTs?

Long story short, yes, NFTs can be stolen.

But it’s important that we clarify the many ways in which someone could be robbed of an NFT and the ways in which they can’t.

Ways that someone can steal your NFTs

If you’re an investor in NFTs, your primary concern should be digital asset theft. Just like with cryptocurrencies such as Bitcoin, your NFTs only truly belong to you when you have control over the private keys that are associated with those NFTs.

The smart contracts for your NFTs, which are what helps to verify them as yours, live on the blockchain (not in your wallet). Meanwhile, the actual NFT file and data that you purchase is generally hosted elsewhere, such as on a server. The only thing held in your digital wallet is your private keys. If someone steals those private keys, they can steal your NFTs.

That said, there are other ways in which people can “steal” NFTs that don’t involve taking your private keys.

One increasingly common issue is that of people stealing artists’ work and creating unauthorized NFTs using that content. When this happens, the artist who created the original work doesn’t get paid and the NFT you buy doesn’t actually have value.

This is more a type of fraud than outright theft. But you may never be able to get your funds back because of the current lack of governmental protections surrounding NFTs and other digital assets.

Additionally, your NFTs can “go missing,” even without intervention from a hacker. It could simply disappear one day, never to be retrieved.

This might sound terrifying, but it all has to do with the idea that your NFT (i.e., the actual digital asset) and the smart contract that connects it to your private keys, aren’t the same thing. The smart contract for your NFT lives on the blockchain, but your actual NFT may be stored elsewhere because of its large file size.

If the NFT’s storage facility, be that a private server, a URL, or a physical hard drive, were to break or go offline, the NFT would disappear, too. All you would be left with is a smart contract that points to an NFT whose content doesn’t exist. Yikes! There are ways to prevent this issue, but it’s scary nonetheless.

An uncommon way someone could steal your NFTs

However, there’s a popular rumour out there that someone can steal your crypto and your NFTs by sending you a free airdropped NFT directly to your wallet.

The idea is that a hacker could airdrop (a fancy term for sending you free assets) an NFT directly to your wallet. Accepting this free NFT would then trigger a smart contract that would enable the hacker to empty your wallet of crypto and other digital assets.

However, popular NFT marketplace OpenSea has stated that being gifted malicious NFTs and having them sit in your wallet doesn’t automatically give a hacker access to your private keys. For this to work, the target of the hack would have to click multiple prompts that would give the hacker access to their information. Some vigilance here could prevent such an attack, however rare, from happening in the first place.

Although there are no verified stories of this type of theft happening, OpenSea and other similar platforms have enabled features that would automatically hide gifted NFTs from your account. Many platforms also now have an option to suspend transactions on your account if you think your wallet has been compromised.

How to secure your NFTs

If all this talk about NFTs getting stolen has you breaking out into a cold sweat—fret not, there are things you can do to secure your NFTs. Here are some steps you can take to protect your digital assets and to lower the risk of losing your NFTs to bad actors.

Always use strong passwords and multi-factor authentication

One of the most infamous NFT thefts occurred in March 2021 when hackers stole hundreds of thousands of dollars worth of NFTs from accounts on the Nifty Gateway marketplace.

How exactly could such an event happen, you might ask?

Well, it turns out that the Nifty Gateway platform was never compromised during the hack. Rather, the hackers managed to access multiple accounts on the platform that didn’t have multi-factor authentication enabled. These same accounts also likely had passwords that were reused from other websites.

The hackers entered these accounts by using people’s actual log-in credentials and then transferred their NFTs to their own personal wallets. To make matters worse, the hackers also bought thousands of dollars worth of NFTs using the credit cards stored on these accounts. It’s unlikely that any of this money or these NFTs will ever be recovered.

Moral of the story? Always practice good internet safety by using unique secure passwords on every website that you create an account with. Additionally, multi-factor authentication (preferably with an authentication app or a physical security key) should always be used on websites that contain your personal information or financial assets.

Secure your NFTs off of the marketplace

As is the case with cryptocurrencies, a marketplace or exchange is one of the least secure places where you can store your NFTs.

KOHO Signup Link

Keeping your digital assets on a wallet that’s part of your exchange or marketplace account is super convenient and simple. That’s why people do it. But the problem is that keeping your assets in one of these custodial wallets means that you’ve given up control of your private keys to a company. Even if the company doesn’t steal your assets, someone who gains unauthorized access to the platform easily could.

A slightly less convenient, yet more secure alternative to keeping your NFTs in a custodial wallet on a marketplace is to store your private keys in a software wallet. There are many software wallets available that can support NFTs, so do your research to find which one is best for you. These wallets give you full control over your private keys for added security.

The downside to software wallets is that they’re connected to the internet. This leaves them vulnerable to sophisticated phishing and hacking attempts.

The alternative? A hardware wallet.

A quality hardware wallet is one of the most secure storage units on the planet for protecting your NFT’s private keys. They’re less convenient than software wallets but they make up for that inconvenience with enhanced security. Again, there are many options available for hardware wallets, so always do your research before you buy.

Secure your NFT file

As we’ve already discussed, NFT files can “disappear” if their hosting service goes offline.

This is because the actual NFT artwork that you buy often isn’t stored on the blockchain or in your wallet. Rather, the blockchain holds the smart contracts and the certificate that shows the NFT’s transaction history. Meanwhile, your wallet holds the private keys that claim that NFT as yours. The actual NFT artwork is often stored on some sort of server.

One of the most popular—albeit risky—places to store the actual NFT artwork file is using an HTTP URL. Doing so means that you can simply type a URL in your browser, press enter, and then gaze longingly at an NFT that you and the blockchain know belongs to you.

But what happens if that URL goes offline? Where does your NFT file go?

Well, it turns out that URLs are not great places to store NFT files because your file can completely disappear if its reference URL is no longer active. Not good.

One way to prevent this from happening is to use the InterPlanetary File System, a peer-to-peer storage system for digital files. You have to pay a fee (usually fairly small) to use this platform, but experts currently agree that it’s one of the more secure options for hosting an actual NFT file. Do your research on your options, though, to ensure that you have the right system in place for your needs.

Protect Your Digital Assets

NFTs are the hot new thing in the cryptosphere, but with all that buzz comes a risk of theft and fraud. It’s possible for someone to steal an NFT’s private keys out of your wallet if you’re not careful and it’s also possible for your NFT’s files to simply disappear.

There are steps you can take to protect your digital assets, such as using multi-factor authentication, a secure hardware wallet, and a specialized hosting system for your NFT files. But, the world of NFTs is rapidly evolving, so it’s important to stay up-to-date on the latest NFT security trends so you can keep your assets as secure as possible.


Note: KOHO product information and/or features may have been updated since this blog post was published. Please refer to our KOHO Plans page for our most up to date account information!

Gaby Pilson

Gaby Pilson is a writer, educator, travel guide, and lover of all things personal finance. She’s passionate about helping people feel empowered to take control of their financial lives by making investing, budgeting, and money-saving resources accessible to everyone.