How To Trade NFTs Securely

Normally, we tell folks that trading off-market isn’t usually worth the hassle, and that the security and scam risks that come with it, often outweigh the benefits. That said, we also realize that folks are going to do it anyway, so we might as well equip you with the tools and knowledge to do it safely and securely. Below we’ll be explaining the major trading platforms, things to watch out for, and the biggest scams surrounding trading.
 

Disclaimer: Some of these methods sidestep royalty payments to creators. In order to have a healthy and functioning web3 economy, creators must be compensated! We don’t recommend using methods that sidestep royalties, especially if you are buying into the project for the first time. 

Private Sales

Private listings are the preferred way to sell an NFT to a particular person when you want to allow only a particular address to buy an NFT. This is the preferred method to trading on trading platforms because there are less that could go wrong. If you are selling an NFT for ETH or a stablecoin, this is generally the way to go! Some marketplaces even offer reduced fees for private sales. 

As the buyer, make sure you navigate to NFT marketplace from your bookmarks, then simply click the “View on Etherscan” button on the collection page to ensure you are on the right collection page if you aren’t sure! Check out our Etherscan 101 article for more information on how to check that you’re buying an NFT from the right collection contract. If you’re buying a Badged collection on Opensea, this process is straightforward enough. But knowing how to spot a fake NFT is out of the scope of this article!

OpenSea Private Listings

Creating a Private Listing

Opensea supports the ability to do private listings under the “More Options” section when creating a listing be sure to toggle the “Reserve for specific buyer” option on and paste the user’s ETH address into the bar before pressing ‘Complete Listing’.

Closing a Private Listing

Closing a Private Listing is straight forward enough. Navigate to the correct NFT and you should see a “This listing has been reserved for you”. Keep in mind, this notification doesn't work with ERC-1155 tokens, only ERC-721, and 721a listings. With 1155s you should see the price reflected at the private listing price, and/or you should be able to scroll under “listings” and find your listing there.

X2Y2 Private Listings

Creating a Private Listing

X2y2 is a popular choice amongst traders as it discount’s the marketplace fee to 0% for a private listing. Simply type in an address in the private sale box when listing, and your listing will become a private listing! X2Y2 also has an article on how to create a private listing here.

Closing a Private Listing

Closing a private sale on x2y2 is a breeze. Not only are you alerted on the main page that you have private sales waiting for you, but when you go to buy it, it states that it is a private sale. Although at the time of this writing these haven't been utilized by scammers to misdirect folks (as it would be rather hard to do effectively, we believe) I wouldn't rule it out! Always double check you're trading a badged collection and if not, ensure it is the contract you mean to be buying on etherscan!

Major Trading Platforms

There have been relatively few legitimate trading platforms crop up over the last couple years. The platforms listed below have been battle tested, struggled through UI/Phishing challenges and have a few things in place to protect their users as well. That being said, knowing how to use them properly is VERY important. We also highly recommend you do NOT trade out of your ‘Vault’ wallet address, as described by our “Wallet for Every Occasion” article and instead trade out of your “Buy/Sell (Marketplace)” wallet address. 

NFT Trader

NFTTrader already has a whole “How To Trade” Guide, along with videos for creating a trade, and closing a trade, respectively. Since these guides and videos are more robust than anything we could create, we highly encourage folks to check those out as well as their FAQ for more information. Due to some potential scams and pitfalls described in the following sections, we recommend that you initiate your first few trades. A few tips for the paranoid:

• NFTTrader allows trading of any NFT, as well as $MATIC or $ETH depending on if you are on the ETH network or Polygon network (No ERC-20s allowed at this time).
• NFTTrader utilizes a “verified collection” checkmark to make it easier for users to disambiguate real collections from fake. Check out this article on their checkmark verification process, and know what each check mark means!
• Check the trade on Etherscan to make sure it is the assets you think it is (In the image below, see the “view on etherscan option” at the very top of the deal)

SudoSwap

The documentation for the average user on Sudoswap is rather unfriendly. Because of this we tend to steer new users away from it. They have been focusing more on Sudoswap’s  NFT Liquidity Pool product that has picked up steam recently. With that said, it is less restrictive than NFTTrader, in that it lets you trade basically anything with a contract address. Some common flows:

Create a Listing:

1. Menu -> Create Swap
2. Click +Add Assets
3. Since most people use Sudoswap to trade esoteric assets (making this platform inherently higher risk), you’ll probably want to click the “Custom Asset” button.
4. Select the Token type > Paste in the Contract Address > Type in Token Id/Quantity
5. Ensure the “Only For” address is filled out (Note: Does not support ENS at the time of this writing), or “Use Trade code” is checked (explained below).
6. Approve each asset by clicking “Approve”. Swaps will only work once each asset has been approved.
7. Do the same thing for the ‘want’ section, then click Create Swap
8. Check the signature. Ensure its coming from the right website, and that the Maker/Taker addresses are correct. Notice if you are using Metamask, the bookmarked address names I put in my Address Book. Hooray Metamask Bookmarks! Bonus points if you scroll to the middle of the MakerAssetData & TakerAssetData to find the asset contract addresses you are trading
    

More Info:

1. Trade Codes: Using a Swap code lets a user find the trade with a trade code. This is advantageous when you’re setting up the trade and don’t want to wait to specify which address the user will trade with (imagine setting up a trade asynchronously, wallet address is just one more piece of information that you need to swap, whereas a trade code sidesteps that).
2. Legacy Swaps: Using a Legacy swap requires you to sign a hex signature, and if you’ve read our Safe signing 101 article, you’ll know that's a no-no

Close an Open trade for you:

1. Menu -> Your Swaps
2. Check swap on your dashboard. If the trader used the “Only For” address and set it to your address, it will show up here. Otherwise, ask them for the trade code. Approve any assets that you need to trade.
3. Click “Accept Swap”.
4. You’ll see similar signature information as above. Verify what you can and Sign!

Swapkiwi

Swapkiwi has come a long way from its early days. The UI/UX is incredibly smooth. Their UI/UX is clean, and have a similar FAQ & How To Swap, all in one page. Swapkiwi is backed by Animoca Brands and the next iteration of kiwi updates will allow users to create and discover swap offers.

Swapkiwi developed its own smart contracts that enable users to perform swaps using any combination of ERC721 and ERC1155, with the option to include ETH in the swap. The platform is dedicated to offering the swap feature on a single page and it is free (you only pay gas fees). 

Here's how it works in three simple steps or check out the more detailed explainer video which walks you through it in a little over 1 minute:

1. Connect your wallet and choose what you want to swap. Your selected NFTs will be transferred to the kiwi escrow contract for the duration of the swap. Don't worry, your NFTs are safe. Neither kiwi nor others have access to your NFTs.
    
2. The counterparty just needs to connect their wallet to swapkiwi and they'll see your swap offer. They select their NFTs and send them to the swapkiwi escrow too.

Trust is good, control is better. Before the swap gets executed, you look at what the other person has offered to make sure it's what you agreed on. You can (and should) view the contract on etherscan, and see if its verified and/or flagged on opensea (the UI of swapkiwi shows this!)

NOTE: All the sites mentioned NO LONGER USE TRADING LINKS. You should never have to click on a link to facilitate a trade. Always navigate to your dashboard or enter a “trade code” id where applicable.

Trade Checklist

✔️Ensure You Are Navigating To The Correct Trading Website From Your Bookmarks!

✔️Make Sure You Are Using The Correct Wallet For The Occasion (Sell Wallet).

✔️Ensure You Verify You Are Interacting With The Correct Contract & Bookmark it! Check Our Etherscan Basics article to get more comfortable with doing this!

✔️Make Sure You Read the Signature / Trade Transaction and understand the risks involved with each signature type.

Common Scams Around Trading

Understanding the High Level Tactics and Strategies employed by scammers is critical to staying safe in this space. Here are some that are specific to trading:

• Users initiating trades through DMs should have server history. Don’t trust the display name! In order to not waste your time, make sure the person DMing you is the same one by pasting their discord name into the search bar. If they are legit they should have a history in the channel/server. The less history, the more likely they are to waste your time / try to scam you. Check out this “Dodging the Dangers of Discord” article by JonHQ, for the full gambit.
  
   
• Fake Assets. Scammers will deploy a fake contract and since names aren’t verified on Etherscan, they can call it “Apecoin” with some special characters and the like. Always make sure the contracts you are interacting with are legit! We have a section in our Etherscan Basics article called “So, Is This Contract Legit?”. Definitely worth the read when checking a pending trade’s associated etherscan transaction.
  
   
• Phishing Sites. There will be social media campaigns, fake discords, legitimate looking twitter accounts, all trying to convince you that other trading sites are legit. They are not. There is no trading campaign airdrop farming that you should be “trying out” when trading assets unless they are HEAVILY audited and backed by the community. Fake links like nfttrader.io.scamdomain.com to fool folks into clicking are common. Never navigate to trades via links, only your bookmarks and looking at your Pending Trades dashboard.
   
• UI/UX abuses. Whether this is a fake verified asset scam, like with what happened in 2022 on Kiwiswap or fake assets that are constantly trying to be passed off as real on Sudoswap , UI/UX issues plague the space. This is why we don’t recommend Sudoswap to beginners, because it relies on you being comfortable with your Etherscan Basics!

Final Thoughts

Trading is dangerous, and there are lots of ways to screw it up. Where possible stick to private listings on Opensea, but if you must trade, consider using NFTTrader or Kiwi Swap. These two have great interfaces, walkthroughs, and make it extremely easy to understand what is happening.
 

Also, it is worth noting that front-ends of websites get compromised. This is why bookmarking the contract in your wallet’s address book is so important. If you use trading sides often and have the contracts bookmarked, you will notice a random address and not the “XYZ Trading Site Name” that you’d expect. Below is how you add a bookmark in Metamask:

Have any questions or want to learn more about web3 security and stay up to date on the most current security information, scams, and tactics? Join us in our discord at https://discord.gg/boringsecurity .