First thing to realize that with ENS and a public identity of creators, targeting individual wallets is easy — this information is known and exposed on social media and marketplaces. Hacking the wallet using computational techniques is almost impossible, so all hacks happen using social engineering.
Unfortunately, in the current stage of web3 development, your wallet is both a bank (crypto), an identity (ENS), and a gallery (NFTs). It is also unique in a way that you are responsible for safekeeping the secret phrase and maintaining good security practices. So what can you do?
Do not write down your secret phrase on your phone or computer.
We’ve seen creative people saving this information in their Notes app, only to be hacked a few weeks later. Where to store it? Write it down on paper with a rich ink pen, and keep it safe (ie: with your passport or jewelry).
Do not share your screen on calls with strangers.
Apps such as MetaMask would expose the private key as a QR code when clicked in the settings menu, so unknown to creators, sharing their screen and clicking a few buttons might mean the loss of your crypto accounts.
Do not connect to websites you don’t know or trust.
We know that free mints can be tempting, but if there’s even a 1% chance that a project can be a scam, it most likely is. With recent updates to MetaMask, and upgrades to your own knowledge you can read the requests that website makes. If there’s nothing suspicious (assuming you can read the requests correctly), connecting to any website is safe. Visiting any website is most likely safe too (so clicking on any link is OK — just don’t connect a wallet!). Unfortunately such knowledge is not common, and thus it is better to stay on a safer side.
Maintain multiple wallets.
Maintain several wallets (each with its own secret phrase, if possible), such as a hot wallet and a cold wallet. Hot wallets to contain a small amount of crypto to transact, and maybe your ENS as well. Cold wallets are where you keep most of your NFTs and crypto for storage.
This wallet combo might look like this. Hot wallets: MetaMask, Rainbow, MyEtherWallet. Cold wallets: Ledger (hardware wallet), Trezor (hardware wallet), Coinbase, Binance, Gemini, Kraken. The cold wallet doesn’t have to be a hardware wallet, just separated enough that you don’t use it to connect to websites (to mint NFTs, swap funds, and so on).
As a rule of thumb, store only as much crypto in each wallet as you are willing to lose in each instance, so if your situation requires multiple hot or cold wallets, do so.
Revoke token approvals.
Etherscan and Revoke Cash are two common tools. Revoking permissions will require a gas fee.
If you maintain multiple wallets, getting your hot wallet compromised would be an unfortunate, but a manageable situation. Next, learn what to do if your wallet was compromised.