Let's face it–we've all seen absolute horror stories of people getting hacked and losing their assets.

You may think, "I know how to take care of my assets–that'll never happen to me," or "I'd never click on something fishy"... but the truth is it's bound to happen eventually unless you take the proper safety measures.

So here's a complete NFT wallet security guide that should keep you safe and sound (even if one of your wallets gets hacked).

Let's get into it ↓

In short, you'll need four separate wallets (one of them being multi-signature)

  1. Hot Wallet – Used for minting & interacting w/ unknown contracts
  2. Cold Wallet #1 – Used for trading w/ known and trusted contracts
  3. Cold Wallet #2 – Used for approving transactions for the Multi-Signature Wallet
  4. Multi-Signature Wallet – Used for storing long-term HODL NFTs w/ no contract interactions to increase maximum security and protect yourself in the case you actually get hacked

A Quick Preface On Wallets

I'm going to assume you know the difference between hot & cold wallets. But in case you don't, here's a quick video rundown to get you up to speed:

Hardware wallets basically aren't connected to the internet like hot wallets are, so they're not nearly as susceptible to being hacked.

My favorite cold wallets are:
Ledger (my personal choice)

My favorite hot wallets are:
MetaMask (my personal choice)

You'll want to have two separate cold wallets – one for interactions with trusted contracts and one that doesn't interact with anything ever, except for approving transactions from your multi-signature wallet.

Ledger sells a suitable two-pack here for reference, but any two cold wallets will get the job done.

Make sure you buy DIRECTLY from the company website when buying a cold wallet. NEVER buy from third-party sellers or marketplaces such as eBay, Facebook Marketplace, etc.

Let's dive deeper and talk about the different wallets and their functions.

Hot Wallet

This is your "minting wallet," meaning whenever you need to interact with an unknown contract you don't 100% trust yet, this is the wallet you'll use.

And whenever you want to mint, you'll transfer over the minimum amount of ETH + a little bit on top to cover the gas fees. You'll never keep excess assets in this wallet for longer than you absolutely have to.

If something happens and your wallet gets drained when interacting with a new smart contract, you'll have minimized your losses here as much as possible.

Cold Wallet #1

Your first cold wallet is only used to interact with trusted contracts (i.e. reputable marketplaces) to buy and sell NFTs.

So any asset(s) that you wish to trade/sell will be stored in this wallet.

It's very important that you only interact with trusted contracts such as:

NEVER interact with contracts you don't 100% trust, and don't store more ETH than you have to in this wallet.

Multi-Signature Wallet (w/ Cold Wallet #2)

Your second cold wallet is just a component of your multi-signature wallet, whereas you won't EVER interact with any contract or website or sign any transactions on it apart from approving transfers from your multi-sig wallet.

Confused? No worries, let's break it down:

What is a multi-signature wallet?

A multi-signature wallet is a smart contract wallet that requires a minimum number of approvals from different external wallets to approve a transaction before it can occur.

So no single account can execute transactions; instead, at least one more account is required to verify and execute transactions. Thereby, even in the case an attacker gets hold of 1 account, they cannot move funds.

I recommend using Gnosis Safe, it's one of the top choices for multi-signature wallets that hold NFTs & crypto. Here's a quick video explaining how Gnosis works:

Now let's walk through how to set it up successfully:

  1. Start by navigating here and click on "Create new Safe"
  2. Connect your Cold Wallet #2 and click "Continue"
  3. Name your Safe and click "Continue"
  4. Click on "Add another owner" and make sure that there at least 2 wallets connected. Choose between either setup:
    - MetaMask + cold wallet
    - Two cold wallets
    - MetaMask + two cold wallets
  5. Change the threshold of "Any transaction requires the confirmation of:" to 2 and click "Continue"
  6. Pay the gas fee, and your safe is successfully created :)
If you prefer to walk through Gnosis's own Getting Started guide, feel free to check it out here instead.

Once your multi-signature wallet has been successfully created, you'll only use this wallet to store NFTs long-term. You'll never directly sell anything from it and NEVER interact with any other contract from it. The only thing you'll do with this wallet is sending NFTs & crypto to and from it.


To summarize, here's a decision tree that should help remind you of when to utilize which wallet:

  • Hot Wallet: Minting NFTs
  • Cold Wallet: Buy & Sell NFTs
  • Multi-Signature Wallet (Vault): Long-term HODLs

And that's it. You can now sleep safe and sound knowing that your assets are safe!

Share this post