The Three Address Protocol provides a structured strategy to protect non-fungible tokens (NFTs), dividing operations across three specialized addresses to combat digital asset theft.
TAP: candidate for the new standard in NFT security
The NFT community has long been plagued by NFT thefts, with high-profile cases often involving the loss of digital assets worth hundreds of thousandseven millions of dollars. These incidents illustrate the urgent need for improved security measures in the management of NFTs. In response, a prominent NFT collector, advocate and X-personality punk6529 offered a new solution called The Three Address Protocol (TAP), which provides a systematic approach to protecting these valuable digital assets.
1/ On TAP
Tap, tap, tap, tap, tap, tap, tap, tap, tap, tap.
Three (T)
The way to *never* get your grail NFTs phished is to TAP religiously.
It’s super easy to do, you all should do it.
There is NO excuse not to do it! NO!
— 6529 (@punk6529) September 12, 2023
Recently another X user, Inflatable bag, extrapolated from punk6529’s original TAP concept, stating that TAP should be adopted as an industry standard. For those unfamiliar with TAP, at its core, TAP involves using three different types of Ethereum addresses to manage NFTs: the vault, the transaction address, and the coin address. Each address serves a specific purpose and creates layers of security that significantly reduce the risk of phishing and theft.
- Safe address: The icy Fort Knox of NFTs
- The Vault address is extremely secure and is only used to store NFTs that are not intended for immediate sale.
- This address remains disconnected from all online services, keeping NFTs in a ‘freeze’ status.
- NFTs are only transferred to or from this address, and it is critical that you never mint directly from the vault.
- Transaction address: The active trading center
- This “warm” address is where NFTs currently for sale are stored.
- Transactions only take place on recognized exchanges and once an NFT is purchased, it is immediately moved to the vault.
- This address combines accessibility with security, allowing active trading and minimizing exposure.
- Coin Address: The NFT Creation Station
- The Minting address is a ‘hot’ address used exclusively for mining new NFTs.
- It doesn’t hold NFTs long-term; once minting is complete, NFTs will be transferred to the transaction or vault address.
- This address can communicate with different platforms, reducing the risk associated with primary transaction activities.
TAP’s strength lies in its simplicity and adaptability to any wallet configuration, even for software wallet beginners. By distributing activity across these three addresses, users ensure their valuable NFTs are never compromised by phishing sites or wallet snatchers. Interestingly, the effectiveness of TAP is independent of the type of wallet, whether it is a software wallet or a hardware wallet. While hardware wallets provide protection against computer malware, they are not immune to user errors such as connecting to malicious sites. TAP addresses this gap by clearly delineating where and how each type of transaction should take place.
The proposal to make it standard in every wallet would go a long way in helping even new users who may not have a deep understanding of crypto security. When setting up a wallet, users would automatically receive three sub-wallets – Vault, Transaction and Minting – each would be a separate, human-readable subdomain of the main wallet address. For example, if the main wallet address is 0x123ab…8stuv, the sub-wallets can be: Vault.0x123ab…8stuv, Transaction.0x123ab…8stuv and Minting.0x123ab…8stuv. This setup minimizes user errors and guides them to maintain optimal security practices from the start.
By making TAP a standard feature of every wallet, the industry can dramatically improve overall security, especially for newcomers, and reduce the number of NFT theft and phishing scams. As the crypto landscape becomes more mainstream, integrating robust and easy-to-use security measures like TAP is essential for promoting trust and growth in digital assets.
Do you think major crypto wallet providers should include TAP in their wallets? Share your thoughts and opinions on this topic in the comments below.
