Newsletter #167: Protecting Your NFTs

This week’s featured collector is FlowMade

FlowMade is an emerging visual artist and multi disciplinary illustrator. Check out their artwork at is the easiest way to create a gallery of your NFT collection. Show some love for NFTs by sharing this newsletter with your friends!


The results of last week’s poll: What’s the strongest sign NFTs aren’t dead?

Last week’s poll on the vitality of NFTs reveals compelling insights into community perceptions. The majority of respondents (50%) believe that expanding use cases are the strongest indicator that NFTs are still thriving, suggesting a growing recognition of their potential beyond digital art and collectibles. This is closely followed by 38% who point to persistent market activity and sales as key evidence of NFT resilience. Interestingly, 13% see adoption by traditional sectors as the most convincing sign, indicating an awareness of how established industries are integrating NFT technology.

The poll results paint a picture of a maturing NFT ecosystem, where focus has shifted from speculative hype to practical applications and real-world adoption. Overall, these findings underscore the community’s belief in the long-term potential of NFT technology, despite market fluctuations, and highlight a transition towards more diverse applications of NFTs.

Three Types of Hacks: How to Protect your NFTs

Once you’ve curated your collection of NFTs, it is crucial to keep them safe. Clearly no one wants to get hacked. So how can you prevent it? This week we’re revisiting a topic we first covered in Lazy Newsletter #47—three common hacks and how to avoid them.

1) Discord Hijack

In a Discord hijack, a hacked admin posts a link to a fake mint.

Imagine you’re hanging out in the Discord of a new and exciting NFT project when you see an urgent post from an admin announcing a surprise mint. Wow, right!? You rush to send your hard earned eth only to discover that the admin’s account had been hacked and the mint was fake. Welcome to the new wave of Discord hijacks.

This kind of attack is becoming more common. Protecting yourself from Discord hijacks can be difficult because the hackers will often move quickly and ban other admins who could alert the community to the fraud. The best defense is to be skeptical of any previously unannounced surprise mints.

2) Phishing Websites

The phishing site will ask for approval to transfer (ie, steal) your NFTs.

This time you’re hanging out on X, proudly displaying your Bored Ape Yacht Club NFT, when you receive a message promising to animate your NFT. Very cool! When you visit the site, it prompts you to connect your wallet and submit a transaction. You accept and your BAYCs disappear forever. This happened to a Bored Ape Yacht Club member who fell for this scam and lost 3 apes ($900K at that time).

To guard against this type of hack it is important to remember that any transaction you sign or submit on a website could potentially interact with your NFT’s smart contract. That’s because smart contracts live on the blockchain and any website can interact with the contracts. So the best protection is to be wary of completing transactions on websites that you don’t 100% trust.

Oh, and by the way, if someone is offering to create an animated version of your BAYC then they don’t need you to submit a transaction on the blockchain. That’s why there is some truth to the old “right click, save as” meme.

3) MetaMask Compromise

The third kind of attack is more sophisticated than the other two and it has been proven to work against technically savvy crypto users. In fact, a prominent crypto VC fell victim and lost over a $1.7m worth of NFTs.

The hack begins with a phishing email or message pointing to what looks like a very interesting shared Google Doc. When the user clicks on the link, their computer is unwittingly infected with malware that compromises their MetaMask. Once the user’s MetaMask has been replaced with a malicious version, the hacker gains access to their wallet seed phrase and can also spoof transactions.

To protect against this attack, aside from not clicking on links, it is important to periodically check that your MetaMask has not been replaced with a malicious version. To do this, in Chrome, click Window -> Extensions and make sure that “Developer Mode” is ticked OFF. 

This week’s poll: Have you ever lost an NFT because of a hack?

Thank you for reading’s Newsletter. Was this post helpful? Show some love by sharing.


We ❤️ Feedback

We would love to hear from you as we continue to build out new features for Lazy! Love the site? Have an idea on how we can improve it? Drop us a line at