September 8, 2021 - 18 min read
This article is the ultimate guide to buying and selling NFTs securely. I walk you through every step of the process end-to-end when to start each step and details on how to make sure you do each step properly.
This comprehensive guide will walk you through every step you need to take to safely and securely purchase your first NFT. If you enjoy this article and want to get weekly notifications when new posts go live, subscribe to my e-mail list here.
Note: This article contains affiliate links for certain products and I receive a small commission from purchases. I will never recommend something I don't use myself or haven't researched extensively. I want to continue to invest in quality content to benefit my readers and affiliate links help me do that. You can read my full affiliate disclaimer disclosure here.
NFT stands for Non-Fungible Token and in plain English, it represents ownership of a unique digital good. This good could be anything from a piece of art, a drawing, a video, an animation, a music clip, etc. People are paying eye-popping sums of money for NFTs and from August 1st — August 30th, there was over $3 billion in sales of NFTs on the Ethereum blockchain.
There were just over 412,000 active users in that time period, and it is growing every day.
NFTs are an exciting (and risky) space, but one of the challenges for people interested in participating in the market is setting themselves up to buy an NFT while protecting their assets from scams and hackers. It can be a daunting endeavor, which is why I put together this comprehensive guide to buying and selling your first NFT.
Before we begin, I have a few pieces of advice for my readers:
1. Never spend more money than you can afford to lose. Please, follow this advice.
2. This is not financial advice — this is a brand new market. Yes, it’s exploding, but I do not have a crystal ball, no one does.
3. Learn to develop your own conviction about an NFT project. The website is full of analysis to help you learn what to look for.
4. Assume everyone has an agenda — it has never been easier to pump a project you own without much oversight. If someone isn’t disclosing ownership in a project they are promoting, it’s cause for concern.
5. Do your own research — many successful people in this space spend 40+ hours of week researching.
The beauty of a blockchain (think of it as a digital book of records that’s nearly impossible to change) is that it provides distributed access. This means that anyone in the world with an internet connection can buy, sell and transfer NFTs. The downside of this is that anyone with an internet connection can attempt to access your cryptocurrency and NFT asset. If they gain control of them, there’s not much you can do.
The blockchain is also anonymous for those who want it to be, and if hackers/scammers get the right information from you, they can gain access to your digital assets without repercussions. Learning how to protect your NFT assets is just as important as learning how to buy one.
A VPN adds an additional layer of security by encrypting your data and keeping your IP address hidden. Frankly, a VPN is a good idea for any person who uses the internet but it’s even more important for those purchasing NFT assets.
I’ve marked this step as optional because I’ll outline other measures below to protect your NFTs, but a paid VPN subscription from a top provider amounts to less than $60 in a calendar year. You can also go for a free option, but there are downsides to that, including unwanted advertising, having your data sold, etc.
Below are 3 paid VPN companies that have been ranked well by 3rd parties:
(1) NordVPN (Affiliate Link) — $3.30 per month — $11.95 per month
(2) ExpressVPN — $8.32 per month — $12.95 per month
(3) IPVanish VPN — $3.75 per month — $4.58 per month
The set-up for each of these products is simple. Once you sign-up, you download their application to your computer and follow prompts to turn it on. VPNs can always be turned off whenever you’d like.
I’ve personally used ExpressVPN on both my Mac and iPhone, but there are plenty of options available. The total set-up time from purchase to activation is less than two minutes.
Steps 2 and 3 can be done simultaneously, as both take at least 5 days to complete, but I’ve put purchasing a hardware wallet second on this list for a reason. It is critical that you purchase a hardware wallet before transacting NFTs.
Again, NFT transactions occur on the blockchain, which requires a connection to the internet. Private keys (usually 12–24 words) secure a user’s account, but if someone gets ahold of those, they can transfer your Ethereum and NFT assets without you knowing. In some cases, elaborate scammers convince an unsuspecting user to screen share and expose QR codes that also enable access to a user's assets.
Hardware wallets prevent this by storing private keys on a physical piece of hardware:
In short, every time I attempt an NFT or Ethereum transaction, my hardware wallet must be connected to my computer via USB and approved on the device before a transaction can occur. Unless your hardware wallet is stolen from you and the person who stole it has your private keys, your assets are well-protected.
Keep in mind that I personally use a Ledger Nano X and the below links to Ledger are affiliate links. I receive a 10% commission through every sale, but this is a product I use personally. You can read my full affiliate disclaimer disclosure here.
There are two companies I recommend you purchase from directly: Ledger and Trezor.
The reason I suggest a direct purchase is to avoid receiving a compromised wallet from a 3rd party seller. Hardware wallets can also be found on Amazon, but I recommend playing it 100% safe and purchasing from the manufacturer.
I will detail the set-up of your new hardware wallet in a later section as it will take a few days to arrive at your home.
In order to purchase Ethereum, you must use a cryptocurrency exchange that will convert US dollars into Ethereum. This process can take anywhere from 5–10 business days, which is why I recommend it as an early step in the process.
There are 3 platforms I recommend purchasing Ethereum from:
1. Coinbase — a top pick for beginners, but downsides include relatively high fees
2. Binance — low fees and high transaction speeds. For US users, use Binance.us.
3. Crypto.com — includes Visa card that allows you to spend Crypto holdings
When you sign up for these exchanges, you’ll need to do 3 things:
1. Create an account
2. Verify your identity with a Driver’s License
3. Connect a bank account
Once your account is created, verified and you’ve connected a bank account (keep in mind, most credit card companies block cryptocurrency transactions), it is simple to buy and sell Ethereum:
Your balance will be instantly available, but it won’t be ready to send to a wallet for at least 5 days (more on that in the next section).
This is what trips most newcomers up and why I recommend doing this before the steps below. It’ll give time for your Ethereum to be available to spend on an NFT.
A non-custodial wallet simply means that you have full control over your assets. You and you alone have access to the private keys to access these assets. An exchange platform like Coinbase is “custodial” because it stores the Ethereum that you purchase and you are trusting that platform to take custody over your ETH and keep it safe.
Metamask.io is the most popular and widely used non-custodial wallet for Ethereum and is the one you need to download before you start buying your first NFTs.
This isn’t a physical wallet like it is in the real world, it is a Google Chrome extension that allows you to send/receive ETH and connects with NFT marketplaces like Opensea.io:
Each wallet has a unique address (seen in the screenshot under Account 1 below) that enables the transaction of cryptocurrencies and NFTs to be delivered to and store in that wallet:
Source: Personal Metamask Account
It’s not difficult to install and requires a few simple steps:
1. Head to Metamask.io and click “Download”
2. Then click “Install Metamask for Chrome”:
3. Create a New Wallet — when you create your password, do NOT store it in Google Password manager, instead, use 1Password of another secure password manager.
4. The next window will display your Secret Backup Phrase — write these down on two pieces of paper and NEVER SHARE THIS PHRASE WITH ANYONE. No one will ever ask you for this phrase. If you give it out, your assets are at risk. Also, keep in mind, if you store it on your computer, you’re at risk of a hacker installing malware and scanning for this phrase.
5. Once completed, you’ll now have a wallet address. Do NOT yet send ETH to that wallet.
You can now access your wallet from the Google Chrome extension. I recommend you log out of your wallet while it’s not in use by clicking “Lock” under My Accounts:
Source: Personal Metamask
Now that your hardware wallet has arrived, it’s time to set it up. It is critical that you do not send funds to the new Metamask wallet you created. It is safer to set up your hardware wallet and connect it to Metamask first.
I’ll detail the Ledger hardware wallet set-up as that is one I have used personally. The instructions for Trezor will be linked below, but it follows a very similar process. Detailed instructions can be found on the Ledger website here.
When your Ledger device arrives, you’ll also receive the instructions in the packaging:
Source: Personal Ledger Device
It requires 4 steps:
1. Download the Ledger Live Application on your device
2. Connect your Ledger device to your computer (via USB), create a Pin code, and write down your recovery phrase (do not share this with anyone or store it in an open text file on your computer). You will go through this once, and then have to confirm the seed phrase using the two buttons on the Ledger device
3. Install the Ethereum application by viewing the application catalog on your Ledger device
4. On your Ledger Device in the Ethereum application navigate to “Settings” --> “Contract Data” and Press Both Buttons to change the setting to “Allowed” — this is a critical step before you can use your hardware wallet
5. Go to the Ledger Live app and create an Ethereum account
Source: Personal Ledger Live
a. On the left sidebar, you will see “Accounts”
b. Click “Create” and select Ethereum
Source: Personal Ledger Live
Note: On the Ledger Nano X, there is a small display screen between two buttons. The two buttons allow you to enter your pin, approve a transaction, and scroll through your seed phrase.
To set up your Trezor hardware wallet, you can follow these instructions.
Now that your hardware wallet is set up, we are going to connect it to Metamask, effectively creating a new wallet that requires transaction approval while your device is connected to your computer. This is the safest way to protect your NFT assets and cryptocurrency.
A new Chrome release requires some additional steps before you can connect your hardware wallet to Metamask:
Click your profile icon on the upper right corner of Metamask and navigate to Settings --> Advanced
Source: Personal Metamask Account
2. Scroll down and make sure “Use Ledger Live” is toggled to ON
Source: Personal Metamask Account
3. Connect your Ledger device to your computer and unlock it using your pin code
4. Navigate back to your profile screen by clicking the circular logo in the upper right corner and click “Connect Hardware wallet”
Source: Personal Metamask account
5. This will open your Ledger Live Account and prompt you to open a device bridge, which you can approve on your hardware device:
Source: Ledger Live App
6. You will then be prompted to select an account, and click “Connect”
7. Once complete, you’ll see a second wallet in your Metamask account
Source: Personal Metamask Wallet
Now that you have received, set up, and connected your hardware wallet to Metamask, you are ready to send Ethereum to your wallet. Remember, it takes at least 5 days for the purchased Ethereum to be ready to send. This is why it’s recommended you do this step early in the process.
Open your Metamask wallet and select your hardware wallet after clicking on the profile picture in the upper right-hand corner of the app. You’ll notice that under the account name “Ledger 1” (or whatever you named it) there is an address — letters and numbers.
Copy this and paste it into the “To” field in Coinbase:
Double-check that the address is correct. If you accidentally send it to the wrong address, your ETH is likely gone forever.
Opensea.io is the largest Ethereum NFT marketplace and will be the example used here to illustrate how you can use your Metamask to purchase NFTs.
Navigate to Opensea.io and click on the upper right-hand circular image.
The drop-down menu will give you a few options, click on “My Profile”.
Log into Metamask and this will connect your wallet to Opensea, allowing you to use your Ethereum to purchase NFT assets:
To confirm that you are connected to Opensea, navigate to Metamask and look for “Connected” under the fox logo:
Even though you are using a hardware wallet, I highly encourage you to lock your account after use:
You can navigate Opensea now that your wallet is connected and has ETH. Double-check that you have selected your hardware wallet.
If you already had an existing wallet but have upgraded to a hardware wallet, you can transfer your Opensea assets to your new wallet, but keep in mind you’ll need to pay for gas to do so. It is recommended that you leave some ETH in your original wallet so that you can pay for those transactions.
You can now purchase your first NFT!
It’s important to remember that you should never spend money you can’t afford to lose.
It’s also important to double-check that you are buying from the right project. Sometimes, people will post a project that mimics well-known NFTs in hopes to bait them into buying something that isn’t the original.
You can use the search bar on Opensea to navigate to different projects you’re interested in. I highly recommend joining the Discord groups for that project first and don’t hesitate to ask questions.
Once you click “Buy Now” on an asset, you will be prompted to sign the transaction in Metamask. You will also be shown a gas fee, which effectively pays for the computing power used to process the transaction on Ethereum.
Lastly, you will need to approve the transaction by connecting your hardware wallet to your computer and opening a bridge (which will be prompted by Ledger Live and your device).
Please keep in mind that during high usage times (Ethereum can process 30 transactions per second . . . for now) gas prices will increase.
It is a good strategy to wait for the gas to go down because it can get sometimes get as high as $1,000 per transaction (and even higher). You can track Ethereum gas prices here. I recommend buying and selling when "Low gwei" is under 100.
Gas prices and the structure of Ethereum is an obvious problem, but it’s being worked on and will dissipate with the launch of Ethereum 2.0.
It can take 30 seconds to longer than a minute for a transaction to process. Be patient and don’t close your browser.
After you have purchased an NFT, you can view it in Opensea by navigating to the profile picture in the upper right corner and clicking on “My Profile”:
This will take you to a page that displays all the NFTs in your collection.
If you lock your account (and you should when you aren’t actively buying and selling), you will no longer be able to view your NFT collection.
Selling an NFT is a straightforward process. Navigate to “My Profile” and click on the NFT you want to sell. Click on “Sell” and you will be presented with a few options to sell your item:
1. Set Price — you name your price and list
2. Highest Bid — you can run an auction and let people bid against each other for your item
3. Bundle — you can package up a few NFTs and sell them as a bundle (typically for items in the same project)
You will need to approve the listing with your hardware wallet by connecting the device to your computer, entering your pin code, and approving the transaction.
There are a few things to consider when selling your NFT:
1. Gas prices — you will need to pay a gas fee to list your item. You need ETH in your wallet to do this. If you don’t have enough, you won’t be able to list.
2. You can reduce the price of your listing without paying a gas fee (if you cancel the listing, you will have to pay a gas fee)
3. Listing fees — Opensea.io will take a 2.5% cut of your sale, and in most cases, a percentage of the sale will go back to the project that created it
As you evaluate projects to buy, you should be researching what percentage of each secondary sale (done on Opensea.io) goes back to the project, and what the project creators will do with those funds.
Secondary sales fees can create a mini economy to support the project if the creators use it to buy back assets at floor price (lowest price available) or invest it in the project’s future.
You may also come across semi-fungible assets (multiple copies of the same asset) and see a group of listings by the same seller, but they only own 1 copy of the asset. This scenario happens when a seller chooses to reduce the price of an item rather than pay gas to cancel the listing and re-list the asset.
Note: If you accept an offer from a buyer, it will show up in your Metamask as WETH (wrapped ETH). In order to see the funds, you need to open Metamask and navigate to “Assets” underneath the Buy, Send and Swap icons. You can then click the Swap icon to convert wrapped ETH to regular ETH:
Source: Personal Metamask
When you want to withdraw funds from Metamask, you’ll first need to navigate to your Cryptocurrency exchange and find the “Send / Receive” Option:
Source: Personal Coinbase Account
I wrote previously that I use Coinbase as my Cryptocurrency exchange and the “Send / Receive” is in the top right of the navigation bar (as seen above). The window I open asks me to choose an asset and provides an ETH address that will receive the transaction in my Coinbase account.
There are two important details to follow:
(1) Make sure you select the right currency — in this case, Ethereum
(2) Make note of the address and triple-check that it’s the right one when you paste it into Metamask
After you copy the receiving address from Coinbase, navigate to your Metamask profile (open Metamask and click the profile icon in the upper right-hand corner) and enter the recipient address in the search bar.
Source: Personal Metamask
Once you confirm the address matches what’s in Coinbase, you can click Send.
The first time I did this, I had a mini panic attack because the funds didn’t transfer immediately. For Coinbase specifically, it can take up to 30 minutes for the funds to transfer.
To avoid my same mistake, ensure that you are receiving with the right currency and that you are sending it to the correct address. It’s important to take this process slow and not to multitask while doing it.
There you have it! 11 steps to safely and securely buying and selling NFTs. If you have any questions or run into any technical trouble, send me an e-mail at email@example.com.
My goal is to help people get comfortable with this new technology so they can discover the world of NFTs and feel confident in buying and selling.
Enter your email address below to subscribe to my newsletter