1. If you read this because your Metamask has just been hacked, I’m so sorry for you. First thing you should do URGENTLY, is to try to transfer any remaining ETH, other crypto assets, and valuable NFTs you have on all the Ethereum accounts that you had inside your Metamask wallet.
2. Do not transfer these assets to another account that was created with the same Metamask. There is a good chance that your seed phrase was compromised, the seed phrase is made from your 12 or 24 secret words used when you have initialized your Metamask. All the accounts you have created (derived) from this seed phrase are all considered compromised as well.
3. Don’t focus on your own unsold NFTs. You can always, and will have to, remint them later.
4. You should transfer any salvageable asset to a separate wallet. If you have an account protected by a hardware wallet, that’s the best, but if you have been hacked, it’s probably because you’re not using one. The best alternative, for now, is to install and initialize another software wallet on your phone, like TrustWallet, Atomic Wallet, Coinbase Wallet, etc.
5. Your computer is probably compromised as well, it’s usually the easiest way for a scammer/hacker to get access to your wallet. So for now don’t trust your computer, your phone or tablet is probably a better option, for now.
6. If the hacker is experienced, It’s very probable that you won’t be able to transfer anything. He probably has transferred or sold everything already. He probably also programmed a bot that will drain ETH from your wallet as soon as you or someone else will deposit ETH on one of your compromised accounts.
7. If you have assets on other EVM compatible chains (Polygon, Fantom, Avalanche, Binance Chain, etc), you should also hurry and try to salvage anything you can.
8. Ok, now that you have salvaged what you could from the fire, it’s time to watch the house burn and prepare for rest. You have to consider that all those accounts in your Metamask are lost and you will never be able to use them anymore.
9. Consider now all the collectors that have put their trust in you and have bought your artworks. You’ll have to do your best now to keep your reputation and the trust from the community. Here’s how.
10. You should start by issuing a communication on social media (Twitter, IG, your Discord if you have one). Don’t be too alarmist, you need to reassure your community. You simply say that your account was compromised, that for now nobody should buy your artworks, and that you’ll create a new account soon and offer a exchange plan for your collectors (more on this later). You should pin this post to your twitter profile.
11. The hacker probably has put a bot on your accounts, draining ETH and preventing you from doing anything that requires gas, like unlisting unsold NFTs. But you can still sign transactions, and thus, update your profiles on all marketplaces. This is what you should do now, you should head over to all major NFT marketplaces (OS, FDN, Rarible, Looksrare, X2Y2), and update your profile and collections to indicate that you got hacked, that those accounts should not be trusted anymore, and that new account will come shortly. Invite users to follow you on Twitter to stay updated.
12. I don’t recommend informing OS and FDN right now that you have been hacked. If you do, they will probably freeze your profiles and you won’t be able to update them anymore. I recommend that you start by creating your new accounts and profiles, then update your hacked profiles with hyperlinks that point to your new profiles.
13. You should never delete your hacked profile pages. This is very bad for all your collectors, as for them it will appear as if you just disappeared (what we call a rug pull in crypto).
14. You should think about updating the wallet used to receive your royalties. Yes, because now the bot will drain the royalties and the hacker will have them. You can update the wallet used for royalties on some platforms, like OS and Manifold, but not on others, like FDN.
15. Now that the communication part is done, it’s time to recreate your new accounts and profiles on marketplaces. Don’t rush too much, if you just recreate new accounts with your Metamask, you’ll probably be hacked, again. You should take time now to reformat and reinstall your computer, and do some readings about hardware wallets. I have an article for that: “Why you should use a hardware wallet”.
16. If you were still minting your work with OpenSea, it’s also probably a good time to do some reading about “Why you should use your own smartcontract”. You’re lucky, I also have an article about that. Because if you are forced to start over, you should do this the right way. You don’t want this happening too often, your reputation will take a hit every time.
17. So you should order a hardware wallet, wait for it, even if it takes two weeks. When you’ll receive it you’ll create new accounts. Yes I say new accounts because you should have at least three: 1) your artist account where you mint your work; 2) your collector account where you keep the most valuable nfts you have bough;t 3) your minting account that you use to mint nfts on websites and claim stuffs. I talk about this in my other article about hardware wallets.
18. Once your new accounts are created, you can configure your new profiles on the major marketplaces. You should modify the bio of your old hacked profiles and add hyperlinks to redirect users to your new profiles. You should also indicate that you offer an exchange program for the items in this compromised collection.
19. Now it’s time to start reminting all your work, sold items and unsold items. Yes you’ll need to remint all your sold items. I don’t know any collectors that would want to buy an nft from a compromised artist’s account. So those nft don’t have any value now, that’s why you’ll need to remint them, if you want to keep the trust from your collector.
20. If you want to rearrange them differently in your collections, this is an opportunity. You should use Manifold to remint your work. There are many reasons for that. I also have an article named “Best practices for minting with Manifold”. You should to some testing, take your time, and remint everything on Mainnet when gas is low, very low.
21. I very strongly recommend that you put hyperlinks between your new collections and old collections, in both directions. This will tell holders of your hacked collections where to look for the new collections. It will also tell new buyers and collectors where to look if they want the sales history of your work before you got hacked.
22. When this is done, you can reach OS and FDN support to ask them to flag those old profiles as “compromised” and to freeze the data from your profiles. You won’t be able to update your profiles anymore, but the hacker will not be able to do it either.
23. It is also possible to put hyperlinks at the item level . When you mint an item with Manifold, you can put the link to the original item in the description (pointing on OS, FDN, or Etherscan). That way it is easy for a collector to have the history of the item (original mint date, purchase price, previous owners).
24. You can now list your newly created work on your prefered marketplace and start proceeding to an exchange with your existing collectors.
25. The process for doing an exchange is easy: 1) you contact the holder, explain that your previous account was hacked, and propose an exchange for the new token; 2) you ask the collector to send the original token to the original wallet or you create an ethereum account just for archiving the old nfts 3) upon reception of the old item, you transfer them the new item.
26. You can usually find contact information for your collector by looking at their OS, Rarible, or FDN profiles. If you don’t find any contact information, don’t be too alarmed and don’t waste too much energy on that. If they care, they will eventually find the information that your account was compromised, that you offer an exchange program, and they will contact you.
27. If you do all this, there is no reason that collectors lose faith in you. You’ll look professional and responsible. Your artworks may even gain more value if you were not minting with your own smartcontract previously.
28. Please ask questions and comment if needed. I’ll update the article as needed. Wish you the best of success!

1. I recommend that anyone who has not been hacked, yet, to read this thread. If you have been hacked, I’m really sorry for you, I have a separate article for you about what you should do.
2. Nowadays, it’s not a matter of protecting yourself from being hacked. If you have success in the NFT business, a lot of scammers/hackers will try to hack into your wallet. It’s just a matter of time before they succeed.
3. How do you prevent, or minimize hacking? 1) have a good cybersecurity hygiene; 2) constantly be vigilant; 3) prepare for the worst.
4. About having a good cybersecurity hygiene, I won’t talk too much about it here, cause you know what I’m talking about: using strong password and 2FA, securing your email, keeping your softwares up to date, using anti-virus software, etc.
5. About being vigilant, I’m talking about watching for fishing attacks through email, social medias, discord links, making sure you’re on a legit website, doing your own research (DYOR) before joining a project or talking to a stranger.
6. Regarding preparing for the worst, it’s about minimizing impact when you’ll get hacked. You can do this by having a bigger/wider attack surface. If a hacker gains access to your discord, he should not have access to your twitter. If a hacker gets access to your computer, he should not have access to your wallets.
7. How do scammers/hackers gain access to your wallets? Usually through your computer, and it will be your fault most of the time. They will contact you through DM, tell you they want a commission, or want you to participate in their next revolutionary NFT project. They’ll offer a very good amount of money.
8. You’ll be so curious and happy about it that when they’ll send you the details of the commission/project as a pdf or docx document, you’ll click right away on the file to see what’s this all about. That’s when the payload will be deployed on your computer. The malicious program will get your private keys from your Metamask on your computer and send a copy to the scammers.
9. You know the rest. You’ll receive notifications that some of your precious NFTs got transfered or got sold, and that you had a big ETH withdrawal from your wallet. Now your heart will beat real fast and you’ll have cold sweat. You have been hacked.
10. So this is what I’m talking about when I say you need to be vigilant, suspicious, all the time. Scammers use social engineering to try to make you lower your guard. They are very patient, they will be talking to you for weeks about their “special commission” of “revolutionary NFT project”.
11. So what can you do to widen your attack surface? First thing: USE A HARDWARE WALLET! Not using a hardware wallet in crypto is like jumping from a plane without a parachute. It’s suicidal. Most of you will say “I will sell a few NFT then we’ll see”. That’s not very professional and respectful for collectors that will buy your artworks.
12. Not using a hardware wallet basically means that you don’t care about what can happen to your reputation and your artworks. If you did not know anything about hardware wallets, you have an excuse, but if you’re reading this, now you know and you should do something about it.
13. By using a hardware wallet, if a hacker gains access to your computer, he’ll be able to do all sort of aweful stuff, maybe stealing your passwords for your bank account, using private pictures of you and your lover to blackmail you, but he won’t be able to drain your wallets from their ETH and precious NFTs that you have collected and that you have sold to collectors that put their faith in you.
14. Second thing you have to do to complicate the work of a hacker is to use different passwords for every application, every website, every email account that you have. For that you’ll need a password vault, there are many available. Make sure to use a legit one, and remember, if something is free, you probably are the product.
15. Password vaults are great to store the passwords from websites and applications that you use, but they are also a SPOF (single point of failure). If someone gains access to your password vault, he has access to everything. So to avoid this, you need to add 2FA on top of passwords to secure the access to all your critical applications.
16. By critical applications I mean: the password vault itself, email accounts, cloud storage accounts, bank accounts, crypto exchange accounts, social media accounts (Twitter, IG, FB, Discord).
17. The use of SMS/text messages as a security measure is not considered safe and it should be used only when other 2FA methods are not available. This is because there are a plethora of spywares available that can be deployed on your phone to intercept those codes and send them to a hacker.
18. The simplest way to add 2FA (two factor authentication) is by using Google Auth to generate codes. The problem with Google Auth is that all your codes are stored locally in your phone. If you lose your phone, you’ll lose all your codes and access. This is not very good.
19. Of course you could print and store all the backup codes for all of your Google Auth protected accounts, but who does that. You’ll forget to print one or two and you’ll be screwed.
20. That’s why I recommend the use of Authy, by Twilio. It’s compatible with Google Auth, except that it cyphers (encrypts) your backup codes and enables this encrypted backup to be replicated on other devices. That way you can have your 2FA codes available to your phone, your tablet, and if you loose your phone you’ll be able to restore the encrypted backup easily.
21. If you use Authy, make sure to use a complex passphrase to secure the encrypted backup. Stored this passphrase along your secret words for your hardware wallets in a secured place. Also, enable fingerprint security, or a 6-digit code, to protect the opening of the application.
22. If you want to add an extra layer of security, you can add a hardware security key on top of this. I personally use a Yubikey (from Yubico) to protect my password vault, my emails and social accounts, and my crypto accounts. The Yubikey can be use as a secondary 2FA method, and you can make it mandatory if someone would try to disable 2FA from your accounts.
23. That’s it for now. Please ask questions and comment, I’ll update this article along the way.

1. I really hope you’ll never have to read this article. But in case your account gets banned from OS for any reason, here is what you can do.
2. First you need to check exactly what/how you got banned. It’s possible that only one of your artwork, or an entire collection got delisted, but in that case you can still connect to OS with your Metamask. This is possible for example if someone has complained to them about copyright violation.
3. It’s also possible that your Ethereum account gets denied of access on the platform, but your artworks and collection still exist. This would be the case if you minted your NFTs with anything else then OS Storefront. In that case, your NFTs are safe, your collectors also, and so is your reputation. You’ll only have to use another marketplace to sell your NFTs.
4. The worst case scenario is if you have minted your NFTs with OS Storefront and not used the “Freeze on IPFS” option. In that case, it is very likely that they have deleted your account, along with all the collections and NFTs that you have created and sold there. Yup
5. If that happens, the only thing that your collectors will have is the receipt of the transaction on the blockchain, but since the metadata is gone, the receipt will only stipulate that the buyer has bought something from OS Storefront, no artist name, no description.
6. So why can you still view your NFTs on Etherscan, Rarible, Looksrare ? That’s because those Apps are using Google cache service (googleusercontent.com). If you go on Rarible, look at some NFTs, and click on the “Open original” link in the Details section, you can see where the actual data is stored. If you see anything else then ipfs, mypinata or arweave (decentralized storage), this means your NFT is not resilient and will not survive through years to come.
7. The first thing you should do, is to try contacting OpenSea, just to see if they’ve made a mistake, because a lot of their controls are automated and robots have no judgment. If they have delisted one of your collections by accident, you can probably prove to them that you are the real artist, with the intellectual property, of those NFTs. This might take time and they may ask you to have a document by a notary.
8. On the other side, if they have banned you because of political reason (countries under sanctions), or regulations and compliance reasons (KYC to come sooner than most people expect), then there is not much you can do, unless you have passports from two different countries and can prove them that you’re not a citizen of a country under sanctions.
9. So what should you do now? The only thing you can do is to create a new Ethereum account, remint everything, and offer your collectors to proceed to an exchange. Please use a hardware wallet, you don’t want to be the prey of those fvkling scammers. I have an article about hardware wallets, I suggest you read it.
10. Now if you remint everything with OS Storefront, there is a very good chance they will ban you again and delete all your work, again. So you want to be completely independent from any marketplaces. That’s why your best option to mint NFTs is to use Manifold. See my other article about that.
11. Now if you mint with your new Ethereum account, and use Manifold, OpenSea will still be able to block you. Yes this is still possible because they can block your Ethereum account number. But they won’t be able to delete any of your NFTs or collection, because your NFTs will reside on decentralized storage (ipfs/arweave). So your collectors will still have their NFTs intacs, and still be able to buy and sell on other marketplaces (Looksrare, Rarible, X2Y2).
12. You should also be aware that if you mint with Manifold, you’ll be able to list to any marketplace, but also on Foundation! Since most collectors value Foundation more then OpenSea, you could list your items on Foundation. But keep in mind the fees are not 0.25%, they are 0.5%.
13. You can even use the excuse of “I want to be independent and use my own smartcontract” to ask collectors to proceed to an exchange. Of course this will cost a little bit of money, but it will also give more value to your artworks and you’ll be taken more seriously by many collectors like me, that most of the time only buy from artists that use their own smartcontract.
14. If your short on money, there is a good chance some of your collectors would be willing to contribute (paying for gas fees), because if they don’t, they’ll simply end up with nothing, nada, niet, rien du tout.
15. Ethereum congestion is low these days (september 2022). If you mint an NFT with Manifold when gas is low (between 5 and 10 gwei), it will cost you between 2 and 3$ of ETH per NFT. You’ll also have to pay a one time fee to deploy your smartcontract to Ethereum Mainnet (around 3 to 5$).
16. So, to summarize: 1) you create a new Ethereum account secured by a hardware wallet; 2) you create your smartcontract with Manifold when gas is low (don’t forget to test everything on Rinkeby!); 3) you remint some or all of your NFTs when gas is low; 4) you proceed to an exchange with your existing collectors; 5) you mint new artworks with your new setup!
17. Regarding the exchange, there are different ways to do this. You can post a tweet and pin it to your profile so that collectors will see it. You can also try to contact all of them, but since you don’t have access to OS anymore, you’ll only have Rarible and other marketplace to try to find who the owners are, and most collectors don’t set their profile there.
18. Something else you can do is to edit your profile on most common marketplaces and explain in the description that this profile was banned on OpenSea, and that you now have a new profile with NFTs minted with your own smartcontract. You can insert a hyperlink here that points to your new profile (that could be on Foundation, or OpenSea, or a Linktr.ee).
19. When proceeding to an exchange with a collector, I usually recommend that the collector first sends back the original NFT to the original Ethereum address (that is banned on OS). I think the transactions are easier to read that way, the NFTs are back to the originator. For this purpose, the collector will have to use Rarible, or another tool like Zerion.
20. Then, when you see on Rarible that the NFT has been sent back, you can send them the newly minted item. This will prevent the collector from selling the original NFTs on Rarible to someone that has no clue of what’s happening.
21. I hope this help. I’m not sure if I forgot something here, so don’t hesitate to ping me on Twitter, I’ll modify this article if needed. Stay safe, use a hardware wallet and use your own smartcontract!

1. First of all, you have to know that this is NOT something that Ledger nor any expert in cybersecurity would recommend. So before telling you how to do this, I’m going to tell you why you should NOT do this, and then, why you might still want to proceed.
2. If you have not read my article “Why you should use a hardware wallet”, please go read it now, it is pinned with my other article on my Twitter profile or you can find in on Medium here: medium.com/@jackasscrypto
3. Now that you know about private keys, you should know that transferring them to a hardware wallet is probably not a good idea. If at any point in time someone got access to your private keys, your wallet will always be vulnerable even if you protect it with a hardware wallet.
4. A vulnerable wallet means that someone can take control of your blockchain accounts (Ethereum, Polygon, Avalanche, etc), take control of web3 application accounts you have sign onto (Opensea, Collab.land, gm.xyz, etc), drain your account of all crypto on it and also all NFT.
5. What are the consequences to not migrate, and instead initialize a new wallet and new blockchain addresses? Well first you’ll have to manage more than 1 wallet. This is not a problem, Metamask can manage many wallets at a time.
6. Secondly you’ll have to manage more than 1 blockchain account, that means more than 1 OpenSea profile, Foundation profile, etc. This is not really a problem, you can manage different Ethereum addresses just like you manage different collections. You can use links on Linktr.ee, on your artist profiles and on your collection’s descriptions.
7. It is not a bad idea to separate your artist account from your collector account. I even recommend you to have at least 3 ethereum accounts: 1) account for your drops, 2) account for collecting other’s artworks, 3) account for claiming or minting untrusted new projects.
8. If using a new wallet and new profiles seems too complicated for you, or maybe you already have a large collection you would like to finish on the same artist/ethereum account, then maybe you can consider to migrate your existing Metamask wallet to a Ledger, this would be the lesser of two evils, the worst been doing nothing about it.
9. So what are the consequences of migrating your Metamask to a hardware wallet? First keep in mind that this is not perfect and you really have to think this through. Are you certain that your private keys have not been compromised? Are you absolutely sure you have not communicated them at some point or stored them somewhere in a file on your computer?
10. Secondly, you’ll stay with a 12 words seed phrase, which is not as strong as a 24 words seed phrase used when you initialize a Ledger as a new wallet. If you are still confident, and think you don’t really have a choice, you can proceed.
11. Start by writing down on a piece of paper your 12 secret words that make your seed phrase. If you have ordered a Ledger, there are usually small pieces of paper for this. You’ll find your 12 secret words in Metamask > Settings > Security & Privacy > Reveal Secret Recovery Phrase.
12. Now remove Matamask from all your web browsers, from all your computers, phones and tablets. This is the only way to remove all traces of your private keys. You’ll reinstall Metamask later on.
13. Plug your Ledger wallet on your computer. Choose the option to Restore from Recovery phrase. You’ll also have to set a PIN, just like you would do for a credit card. This PIN will be needed every time you need to validate a transaction.
14. Choose the option “Recovery phrase with 12 words”. You’ll have to use the buttons to enter the 12 words from your secret seed phrase.
15. You should now install the Ledger Live software from the official website (ledger.com). Once installed, launch the software and select the Manager. Click on the two buttons to authorize Ledger Manager.
16. Install the Ethereum application on your Ledger. You won’t need anything else for regular usage. When this is done, click on Add an account.
17. The Ledger Live software will now scan your Ledger to find existing accounts. If you only had one account in Metamask, you should only see one in the list. If you have many, you should see them here and you should select all of them to import them. Click on Add accounts.
18. The last step is to connect your Ledger accounts to Metamask. Go to metamask.io and download the latest version of Metamask for your prefered web browser. You’ll have to create a new local wallet account to use Metamask, DO NOT use your existing seed phrase, create a NEW wallet.
19. You can use this newly created local wallet later for doing tests, claiming or minting tokens on untrusted websites. Write down the seed phrase if you plan to use it later for something that DOES NOT need a lot of security.
20. In Metamask, click on “Connect Hardware Wallet” and select Ledger. Metamask will now scan your Ledger to try to find your accounts. If you have more than 1 account and you don’t see them in the list, change the HD Path in the select box for BIP44. Select all accounts that you have and click on Unlock.
21. You should now have in Metamask at least one local account (Account 1) and at least one account secured by the Ledger (Ledger 1). You will use the big circle on the top right of Metamask to navigate between accounts.
22. You should rename Account 1 in Metamask for something like Local Account 1. You should take the habit of renaming your account to more friendly names. It can be something like “Artist”, “Collector”, “Vault” or you can use an ENS name if you have one binded to your ethereum address.
23. On your Ledger device, in the Ethereum application, navigate to “Settings” and make sure “Blind signing” is “Enabled”. If you don’t enable it, transactions will fail when you try to sign them. Whenever you update your Ledger Live application, make sure to check that this option is still Enabled.
24. I hope this answered some of your questions. I’m no expert in NFT’s and blockchain, I’m only an expert in cybersecurity, so this is from my personal experience only. Feel free to reach me on Twitter to add some information or ask me a question.
25. Stay safe, please use a hardware wallet and always be aware of scammers!

1. There are basically two things you want to do to avoid mistakes when minting your NFTs with Manifold. The first one is to test everything, the second one is to avoid paying too much Ethereum gas fees.
2. First you’ll have to familiarize yourself with Ethereum Testnets. The Ethereum Mainnet is the network that you already know, where everything “real” happens. We call it the production network, or the Mainnet.
3. Many other test networks exist. They exist because developers and builders need some place to test their applications before pushing those “live” on the production network.
4. One of those test networks is the Goerli network. It works just like the Mainnet network, with Metamask and applications, except that everything is fake, or doesn’t count if you wish.
5. On the Goerli and other testnet networks we don’t use “real” Ethereum to pay for transactions, we use test ETH, or dummy ETH. You can receive some test ETH for free by using what we call a “faucet”.
6. You’ll now learn how to use the Goerli test network to create your own smartcontract with Manifold, mint some NFTs, list them on the Goerli version of OpenSea, and buy them from yourself, using a second account.
7. Before starting, make sure that the “Show Test Networks” option is enabled in your Metamask Advanced Settings. In your Metamask, when clicking on top of the Ethereum Mainnet title, you should now be able to switch to the Goerli Test network.
8. Now go to studio.manifold.xyz and click on the top right on “Docs”. Use the search box and search for “faucet”. You’ll see a list of 3 or more links to websites that will give you free test ETH on the Goerli network.
9. Some of the faucets may not work from time to time, others will want you to connect your Google or Twitter account to authenticate. You can use as many faucets as you want to claim some test ETH. Use only one faucet for now.
10. At this point I would also recommend using a second Ethereum account to buy your own NFTs on OpenSea, and in that way have a full view of the user experience when collecting your NFTs. If you don’t know how to create a secondary account, on Metamask or by using your Ledger, there are plenty of tutorials on the web/YT.
11. Once you have your secondary account, use one of the faucets to get some test ETH from the Goerli network. If you already used all the available faucets, you may have to clear the cookies in your browser or use a VPN to claim ETH again, or worst scenario, wait for 24h to claim again. This is to prevent bots and abuse.
12. Now that everything is ready, head back to studio.manifold.xyz and connect with your primary/artist account. If this is your first time there, you’ll have to input some infos like your artist name, email, Twitter username.
13. Start by creating your smartcontract with the “New contract” button. I recommend using 1 smartcontract for 1 NFT collection, to avoid any problem when listing on OpenSea.
14. Now if you’ll be minting only 1:1 items, keep ERC721 as the selected type. If you want to have multiple-editions items, select ERC1155. Keep in mind that if you want to list your NFT later on on Foundation, they only support ERC721 tokens, for now.
15. Choose a name for your smartcontract, this name will become your collection’s name. Choose a symbol, something easy to remember. If your collection’s name is “Alice in Wonderland Summer Dreams”, a good symbol could be AWSD.
16. If this is the first smartcontract you’ll be asked for an ASCII mark. Think of it as your logo, or some kind of watermark, using only text characters (ASCII art). Don’t waste too much time here, because few people know how to check this on Etherscan.
17. To help you create your ASCII mark, click on the top right on “Docs”, then search for “ASCII”. You’ll see a bunch of tools. I like asciiart.club because you can simply upload a jpeg file and it will transform it for you in ASCII ART. Scroll in the “Basic Text” box, select everything, then copy/paste back on Manifold.
18. Now you’re ready to deploy your smartcontract. Manifold will first ask you to deploy it on Goerli. Metamask will ask you if you want to change the network to Goerli. As long as you’re on the Goerli network, all the ETH you are paying for fees is dummy/test ETH and this will not cost you a penny. You’ll have to sign and approve a few transactions and wait for the contract to deploy and verify.
19. Congrats! You have now deployed your first smartcontract on the Goerli network! You can now click on “View on Etherscan, then click on the “Contract” tab. You should see your contract name (AWSD/Alice in Wonderland Summer Dreams), and if you scroll down, in the source code you’ll see your ASCII logo.
20. Now close Etherscan and head back on Manifold to mint your first NFT. Click on “Go to Dashboard.” The main mistake artists make here is that they deploy straight to Mainnet. You should test everything on Goerli before deploying to Mainnet.
21. Click on “Mint a token on Goerli”. Click on “Mint new token”. Here you have to upload your image or video. You should not use your real artwork, use a dummy image, it’s just for a test.
22. Now give a title to your token, a description and optionally give a url to an external site (your website or complementary info about the artwork). You can also add properties, like you would do on OpenSea (hair=black, eyes=blue). Then click on “Mint to Goerli”.
23. You can choose if you want the NFT to be minted to your account, or airdropped to someone else account. This is a nice way to avoid gas fees later on if you plan to send it for free to someone else, or transfer them to another account. If you want to test the Airdrop feature, you can use your secondary account that you have created previously.
24. You’ll now be asked how many you want to mint. If you have chosen ERC721 previously, you will end up with many separate items that all look the same and are numbered #1, #2, etc. If you have selected ERC1155, you’ll end up with only one item, that when you click on it, will have multiple-editions showing up.
25. Now that your first token/NFT is minted, you’ll see links on the right that will bring you on OpenSea, LooksRare and Rarible. Those links will bring you on the Goerli versions of those marketplaces, not on the “real” production platforms! You can also click on “View metadata” to check what has been stored on the Goerli network.
26. Now let’s use OpenSea to list and sell our first NFT. Click on “View on OpenSea”. You’ll see your NFT, the description, properties. You can click on Details to see the details of your NFT. You’ll notice that you’re not using OpenSea Centralized storage anymore. Now you see your own smartcontract id and the first item you’ve minted has #1. You can click on those anytime to see the details on Etherscan.
27. You should now take some time to configure your OpenSea account and the collection details. By default your collection’s name will probably appear to “Unidentified contact — some number”. You can click on the collection’s name, or go to “Your Account > My Collections” and click on the small pen at the top to set everything right.
28. You should configure everything just like you would do on your real Mainnet artist account. It’s the best way to practice and check if everything looks fine from a buyer’s perspective. You might want to use dummy account names and collection names if you don’t want to be found using the search box, so that others can’t find your testnet profile and see what you’re up to.
29. Set your Creator Earnings percentage fee and the wallet for payout. Don’t forget to click on “Submit changes”.
30. Now go back to your new collection on OpenSea. Click on the item you want to list, and click the Sell button. You probably want to use the “Reserve to specific buyer” and put your buyer address here. If you don’t, there is a chance someone else playing like you on the testnet might want to buy it, for fun. If they do, you won’t be able to delete everything after.
31. You’ll have to approve the item for sale. This is because the item was not minted with OpenSea’s Storefront, but with your own smartcontract. This needs to be done only one time per collection. After that you only have to sign to approve the listing.
32. Note that if you have multiple editions NFT (ERC1155), you’ll need to list 1 item at a time, as many times as you have items. If you have a 5 editions and you list a quantity of 5, your buyers will have to buy the whole pack of 5 items. This is probably not what you want.
33. We will now switch to another account on the Goerli network to buy the NFT you’ve just created. Don’t neglect this part! This is how you will find mistakes that you might have made. I personally use a different web browser, connected to Goerli on the “buyer” account, to avoid switching from account to account all the time. I use Chrome, Brave and Firefox.
34. To find your item with your buyer account, the simplest way is to copy/paste the OpenSea link from your collection, or the OpenSea link to the NFT you want to buy. You should now take time to double check everything. Does the title, description, properties, etc, look like what you want?
35. If everything is ok, click on the NFT you want to buy, and use the “Buy now” or “Make offer” buttons. Congrats, you have sold your first NFT with your own smartcontract! Unfortunately this is not for real.
36. You might want to list the NFT you just bought, with your buyer account, again to see how everything works and looks like from your artist/minting account.
37. You can now head back to your artist account and check the collection you have created, along with the items in it. You should now have at least 2 owners, a volume traded higher than zero, and if you or your buyers have listed items, you’ll have a floor price set.
38. Go back to Manifold. In the Settings of your smartcontract, you should set the Default Royalties, just like you did on OpenSea.
39. If you’re not happy with the test you’ve just made, or made an error, you can use the “Delete Token” under the Tokens section, then the “Delete Contract” under Settings, and then you should go on the Goerli Opensea to delete the collection you have created. Note that you can delete a collection in OS only if you own all the tokens, so you might have to transfer some back from your buyer account.
40. If everything is fine for you, now it is time to deploy your smartcontract to Mainnet. Note that on the Mainnet, it’s not possible to “delete” your smartcontract or a NFT, because they reside on the blockchain, and a blockchain transaction is immutable.
41. It’s not possible also to “rename” your smartcontract (collection name), so think about it twice. The only thing that will be possible if you make a mistake is to hide the collection on Opensea (using delete button), but you’ll still see it on Rarible and Foundation.
42. Although you can’t delete an NFT (the certificate of authenticity stored on the blockchain), you can modify the content of the NFT, that is, the metadata and the jpeg itself. You can do this by using the “Update on Goerli/Mainnet” buttons on the token page. Note that you’ll have to pay gas for that, because you are updating the data on decentralized storage (Arweave).
43. The second important thing you’ll now have to get very familiar with are the Ethereum gas fees, which are proportional to the congestion of the network. In your Metamask Advanced settings, make sure the “Advanced gas controls” and “Customize transaction nonce” are enabled. Also, you can try to enable “Enhanced Gas Fee UI” and “Use Token Detection” in the “Experimental” section of the Settings.
44. If you don’t know what’s a “transaction nonce”, you might want to do some research about it. You’ll need to use this transaction nonce number if you want to cancel a stalled transaction or speed it up.
45. Before continuing, you should also know how to check on Etherscan if you have stalled transactions and know how to check your transaction history. Hint: use the three small dots next to your account in Metamask and “View account on Etherscan”.
46. I personally use a Chrome/Brave plugin called “DeFi Saver Gas Price Extension”. It shows me the actual gas price, based on network congestion, along a nice histogram of the fee history for the past days, weeks or months. I know from experience that for a timezone in Europe, the best/cheapest time to deploy you smartcontract and mint are on Sundays and Monday morning.
47. When gas is low, get back to Manifold and start by deploying the smartcontract to Mainnet. When this is done, go in the smartcontract Settings and make sure your Royalties are set up correctly.
48. You can either use the “Mint a token on Mainnet” option to mint a new token, or you can go in the Tokens section to mint there. You can use the “New token” button to mint a new token, or you can click on a token you already have minted to Goerli and use the button “Mint to Mainnet”.
49. After you’ve done this you’ll have to go on OpenSea and Foundation to configure your collection with all the information, title, description and royalties. You can also go on Rarible, X2Y2 and Looksrare to configure your collection’s properties if you want to use those platforms for sales.
50. The last step is now to list your NFT to sell it! If it’s a ERC721 token, I recommend using Foundation, because it has a better reputation amoung collectors and it has it’s nice 24h auction feature. If you’re selling a ERC1155 token (multiple editions), you’ll have to list it on OS because FDN don’t support those token for now.
51. That’s it, you now have minted and listed a NFT that is completely in your control and stored on decentralized storage. Congratulations!
52. Be safe, use a hardware wallet and activate dual-factor authentication on every application that you use! (see my other articles about that)

#NFT #NFTCommunity #NFTArtists #OpenSeaNFT #Manifold

1. This article is to answer some important questions I had after I’ve publish my article “Why you should use your own smartcontract to mint NFT”
2. Minting on Ethereum is not for everyone, depending on your artwork and your type of buyers, it’s not financialy viable to pay more gas fee then the price you are selling your artworks.
3. It’s probably not interesting for you to mint on Ethereum with your own smartcontract if you sell your art below 0.05 ETH or 0.1 ETH (depending on gas fee/network congestion)
4. In that case, using Opensea’s Storefront on the Polygon network is probably the best solution. But still, if your in for the long run and you don’t want to loose your reputation, there are a few things you should do.
5. The first thing you should do is using a hardware ledger, to avoid been hacked, loose your account, loose all your royalties and have a lot of hangry collectors that won’t be able so sell your artwork on secondary anymore (who want’s to buy from an artist who got hacked?)
6. The second thing to do is to freeze the metadata of your NFTs on Opensea. This means that the metadata (title, description, etc) and the image itself will no longer be stored on Opensea’s internal servers, but they will be stored on ipfs (decentralized storage).
7. Again, if you don’t understand why using decentralized storage is important, check my article “Why you should use your own smartcontract to mint NFT”
8. Freezing metadata will cost you gas fee, but the gas fee on the Polygon network is very low and is easily affortable. You’ll have to freeze metadata BEFORE selling your nft, just after you’ve minted it. You can see the option when you EDIT your NFT on Opensea.
9. Note that if you have minted your NFT before the last Opensea’s smartcontract migration, you won’t be able to freeze the metadata. You’ll have a message saying “Unautorized” in the freeze metadata section.
10. If you still own an NFT that you have minted with the previous Opensea’s smartcontract version, you can delete that NFT and remint it. You’ll then be able to freeze the metadata.
11. Is it worth it to freeze the metadata on Ethereum? Well it is always be worth it, because unless you do, you can see all your artworks gone if someting happens to Opensea or if they decide to delete your account. And you’ll then have a lot of angry collectors if this happens.
12. If you mint on Ethereum, it will cost you as much gas to freeze your data on ipfs with Opensea as if you would have minted your NFTs with your own smartcontract, on a platform like Manifold. So to avoid any problem, to be free to use the marketplace of your choice, you should probably use Manifold.
13. Also, Opensea’s Storefront uses Filecoin service to store the metadata on ipfs. Although Filecoin is a decentralized storage solution, someone has to pay to keep the data “pined”, which means “stored”, on ipfs. It’s part of the fee you pay to OS. So if OS stop paying the monthly billed, you may see your data gone.
14. It’s the same if you mint your NFTs with Foundation. They use Piñata to store your metadata and image on ipfs. If they stop paying for the monthly bill, your NFTs metadata and image will probably be deleted quickly.
15. Unlike OS’s Storefront and Foundation, when you mint with Manifold (only available on Ethereum for now), your data is stored on Arweave, which is a pay once decentralized storage solution. But nothing is forever, they say the system is suppose to keep your data for 200 years, but who know what could happen.
16. So to conclude, using OS’s Storefront to mint your NFTs on Polygon and freeze the metadata is a good alternative. From my own pov, which is a collector’s pov, it’s a good compromise and a risk I’m willing to take when investing in artworks.
17. I hope this answered some of your questions. I’m no expert in NFT’s and blockchain, I’m only an expert in cybersecurity, so this is from my personnal experience only. Feel free to reach me on Twitter to add some information or ask me a question.
18. Stay safe, please use a hardware wallet and always be aware of scammers!

#NFT #NFTCommunity #NFTArtists #OpenSeaNFT

1. First of all the real question should be “Why should you use decentralized storage to mint your NFT”. I’ll try to clarify all this for you so you can make the best decision, for you as an artist, but also for your collectors that put their trust in you.
2. A smartcontract is a program that is stored on the blockchain and that execute a task in a predictive and automated manner, with no human intervention.
3. A blockchain, for those unfamilial, is a decenralized and distributed ledger. It’s not a database, that is important to understand. A blockchain doesn’t store files, it stores transactions.
4. Now, another important thing to understand is the difference between Opensea’s Marketplace and Opensea’s Storefront. The Marketplace is where you go to list/buy/sell your NFTs, whereas Storefront is the Opensea minting tool for your NFTs. I won’t talk about what “minting” means, all of you probably know.
5. What you have to be aware, is that when you use Opensea to mint your nft, whatever it’s on Polygon or Ethereum, all the data related to your NFT will be stored on Opensea’s internal servers. That’s what they mean by “Centralized” when you click on the “Details” section of a NFT on Opensea.
6. That’s also why the fees are so small on Opensea. Your NFTs is not stored on decentralized storage, it is stored on their servers. That’s why they can afort that. Also, every NFTs are minted through the same smartcontract, that’s why they call it a “shared smartcontract”.
7. So what are the implications? Well it means that if for some reason Opensea decide they don’t want you and your artworks on their plateform, they can not only ban/block you, but they can delete all your artworks, since everything is stored on their internal servers.
8. That already happened to many people that were associated in some way to Iran and to Venezualla. It also happened to projects that have been accused of copyright violations.
9. At some point in the near future, just like when you open a bank account or a crypto account, NFT marketplaces will have the obligation by the Regulators to ask buyers and sellers for KYC. If for some reason you decide that you don’t want to comply, you’ll be ban and/or your account will de deleted.
10. This can also happen if Opensea decides to stop its operations, goes bankrupt, gets hacked, or maybe if a billionaire decides to buy the platform and change a few things.
11. So, then what? Well all your artworks will be deleted. That means that future royalties are gone, history of transaction gone, but worst, all your collectors will end up with flocking nothing. And those will probably not be happy about that and will let you know. Think about your reputation you worked so hard to built.
12. Ok, so you should see the point now. Now let’s talk about smartcontract and decentralized storage.
13. First, having your own smartcontract gives you the liberty to work with the marketplace of your choice. You’re not tied to Opensea, or Rarible, or Foundation. It’s also more professionnal, having your own smartcontract is a good sign of profesionnalism from a collector/investor pov.
14. The second point is about decentralized storage. You’ll want your data stored in a way that your artworks/NFTs continue to exist no mather what happens to you and the platforms you’ve used to mint your NFTs. That’s what NFTs should be afterall, that’s the whole point!
15. The data consist of the metadata of your NFTs (artist name, title, description, attributes) and the image itself (jpeg/avif/whatever file). It is very important that BOTH are stored on decentralized storage.
16. You would pull your hair out if you’d knew how much big/famous/costly projects out there stores the metadata and/or the data on Google Drive, AWS servers of their own webservers/databases. The day they’ll stop paying for their monthly bills for hosting, all the data will be lost and collectors will end up with flukenig nothing.
17. Is it comlicated to use your own smartcontract and decentralized storage? Not anymore! Now there are solutions like manifold.xyz that makes the whole process easy and affortable.
18. There are other solutions out there, but I’ll focuse on Manifold. Why? Because it’s free to use, the smartcontract has been audited, it’s backed by a16z and it use Arweave as it’s underlying decentralized storage solution.
19. Arweave is probably right now the best decentralized storage solution available. It is used by the Solana blockchain to store it’s data. It’s a pay once, store forever solution. Whereas other solution based on ipfs (Filecoin/Piñata), where you have to pay a fee to keep your data on decentralized storage.
20. Will using Manifold cost more then using Opensea’s Storefront to mint your NFTs? Yes it will. Remember that on Opensea your data is NOT stored on the blockchain nor on decentralized storage, that’s why it’s cheap.
21. Will using Manifold cost less then using Foundation to mint your NFTs? No it won’t. It will cost approximately the same, because on Foundation when you create a collection, they actually create a smartcontract for you and also store your data on decentralized storage.
22. I recommend minting with Manifold instead of Foundation because the Manifold platform offers a lot more of options, like updating the metadata of your NFTs, setting the royalties, using a claim page for your collectors, having your own public auction page, and more to come.
23. If you’re minting ERC721 tokens, I recommend using Foundation to list and sell your NFTs, because most buyers/collectors think this platform is better then OS/Rarible/Looksrare. There is also the 24h auction feature..
24. If you’re minting ERC1155 tokens, you can choose to sell them on OS, X2Y2, Rarible or Looksrare, but OS is where the money is, for now.
25. Now, if you want to use your own smartcontract, or if you want to mint on Ethereum in any way, you’ll want to get familiar with the gas fees. You should create your smartcontract and mint your NFTs when gas is LOW. You can list them later on Foundation or Opensea.
26. Usually gas is low on Sundays and Monday morning (UTC time). You should enable “Advanced Gas Control” in Matamask Settings and also install a plugin like “DeFi Saver Gas Price Extension” in your Chrome/Brave browser to have a good look at how is gas now compared to other time of the day/week.
27. Now, doing all that, will that prevent Opensea or other marketplaces from baning/blocking your accout? Unfortunately not. Your account/collection on Opensea is binded to the Ethereum address that was used when you minted your first NFT in your collection with your smartcontract.
28. If you get hack, or for other reason you want to change your ethereum address used to administer your smartcontract and mint your NFTs, that is possible. But still, your original ethereum address that got ban or block on Opensea, will still be block.
29. So what’s the point of doing all this? Well that the difference between be “banned” from Opensea, from being “deleted” from Opensea.
30. When your account is deleted, because you were using OS Storefront, all your collectors will endup with frishking nothing and you’ll loose all history and all future royalties. The artworks doesn’t exist anymore.
31. When you are banned, your NFTs are still there, your collectors are still holding them and can look at them. Your sales history is safe. Although it might not be possible to sell your artwork on Opensea, it will still be possible to buy/sell your NFTs on other plateforms, like Foundation, Rarible, X2Y2 and Looksrare
32. So if you’re simply banned, you will also continue to receive your royalties when someone make a sale on secondary. And all the collectors won’t be mad at you, they’ll be mad at Opensea. You’ll also be able to continue to administer your smartcontract and mint new NFTs in the same collections, although it would be wiser to switch to a new ethereum address for new mints.
33. I’ll stop here for now. Hope you realise the importance of using decentralize storage (either with Foundation or with Manifold).
34. I’ll do separate articles on the best practices for using Manifold, how to test everything before going live, and also an article about what you can/should do if your account get compromized or hacked.
35. Be safe, use a hardware wallet! (see my other article about that)

#NFT #NFTCommunity #NFTArtists #OpenSeaNFT #Manifold #smartcontract

1. Metamask is a software that basically do two things. The first thing is to act as a bridge between your crypto wallet and web3, by allowing you to connect, sign, and approve transactions.
2. The second thing it can do is allow you to create a local wallet on your computer, or act as a bridge between itself and a hardware wallet. I’ll explain what is a hardware wallet later.
3. A distinction has to be made between a “wallet” and an “account”. In a single crypto wallet (Metamask, Ledger, TrustWallet), you can hold many crypto accounts (Ethereum, Polygon, Avalanche, etc).
4. When you create your first wallet, they’ll ask you to write down a sequence of 12 or 24 words to initialized your wallet. Those are used to create what we call the “seed”. In Metamask you can view your secrets words by going in Setting / Security / Secret Recovery Phrase.
5. After your wallet is created, you’ll want to add an account. Simply said, 1 Metamask account = 1 Ethereum address, those are the same things. They are protected by a private key, which is like the key to a lock.
6. Your private keys are all derived from your identical 12/24 random words (the seed). You’ll have a different private key for every account you create. You can see them when you click on Account Details / Export Private Key.
7. Your private keys are your passwords on the blockchain. Consider your public keys like you digital IDs and you private keys like your digital signatures (proof that it’s the real you).
8. You should NEVER give your private keys, or wallet Secret Phrase, to anyone. And nobody should EVER ask you for it. Those are like the PINs of your credit cards.
9. You should NEVER write down your Secret Phrase in a file or export your private keys on your computer, on your phone, on cloud storage like Google Drive, or even in a password manager. Bad hackers are just looking for that.
10. If you use Metamask to create your accounts, then your private keys and your Secret Phrase are stored on your computer. I would say 95% of hacks happens because of that. You should NEVER EVER use a Metamask local account!
11. Since your private keys and secret phrase are stored on your computer, anyone sending you a malicious file can trigger a script that can read your keys and send them a copy. This is also true if someone has access to your computer. So beware of remote control for support.
12. That means that if you have your secret phrase stolen, all your accounts, on all blockchains, are compromised. because all private keys are derived from the same seed. If you have a private key stolen, only that accout is compromised. And by compromised, I mean “you have been hacked”.
13. I’ve done a separate article about compromised accounts. What you can do, what you won’t be able to do. Best case and worst case scenarios. Because not only you will be impacted, all collectors that have acquire your artworks will also be impacted.
14. How to avoid being compromised? USE A HARDWARE WALLET, like a Ledger. Why? Because when you use a hardware wallet, the seed, that is use to derive all others keys for all accounts, and the private keys themselves, NEVER leaves the hardware wallet.
15. Basically, when you add an hardware wallet account to you Metamask, Metamask doesn’t store the secret phrase nor the keys. The 12/24 secret words will only be use once, with the Ledger Live software, when you initialize the hardware wallet. The seed is stored INSIDE the hardware wallet.
16. All the private keys from the accounts you’ll create with the hardware wallet will be derived from your secret phrase and stored INSIDE the hardware wallet.
17. Your private keys NEVER leaves the hardware wallet. There is no way to get them out either. This is what we call a hardware security module, as opposed to a software only wallet solution, like Metamask.
18. Sometimes you might hear the terms “cold wallet” and “hot wallet”. Those are different concepts. A cold wallet can be a hardware wallet or a software wallet, it’s also true for a hot wallet.
19. Now, everytime you, with your Metamask, will need to do a transaction, you’ll need to use your hardware wallet. You can keep it plugged in all the time, this is NOT a problem.
20. To validate a transaction, you’ll have to enter your PIN on the hardware wallet. Metamask will send a signing request to your hardware wallet, you will have to click a few buttons to authorize the transaction. Then the signed/validated transaction is sent back to Metamask for processing.
21. So for someone to hack your account, they would have to physically have access to your hardware wallet, and know your PIN.
22. So what happens if you loose your hardware wallet, or brake it, or drop it in the pool? Well you can configure another one by using the original 12/24 words that where used to create the seed in your original hardware wallet.
23. This is why those 12 or 24 words are so important. You need to write those words on a piece of paper, in the correct order, and secure this is a trusted place, like a small safe if you have one.
24. If you travel and are afraid of loosing or braking your hardware wallet, instead of traveling with your 12 secrets words, you can configure a backup hardware wallet with your secret words and take that second key with you.
25. I use Ledger for hardware wallets, but there are other options. If you want a Ledger, unless you’re a power user and use many different blockchains, the basic model will be enough.
26. For security reasons, I recommend you don’t have the Ledger delivered at your home (Ledger got hacked in July 2020). If possible, buy one at a local store, or online on a trusted site, or buy on Ledger.com but have it deliver to your local post office if this is available in your country, it’s called “poste restante” in France and “general delivery” in the US.
27. You should also save some cash to buy a spare one. Remember that you won’t be able to do anything without your hardware wallet. And nobody in the world can help you recover your private key if you loose your 12/24 secret words.
28. If you don’t have the money to buy a hardware wallet, the best alternative is to use a software wallet on your phone, because they are harder to hack then a local Metamask account. I can recommend TrustWallet, Atomic Wallet and Coinbase Wallet. You’ll then use the “connect with WalletConnect” option to connect to web3.
29. Enough for today. I have other articles that covers other aspects of web3/NFT/cybersecurity, make sure to have a look at them. Stay safe and use a hardware wallet!

#NFT #NFTCommunity #NFTArtists #Ledger #Metamask