NFTs keep getting hacked. Has this startup found a way to keep them safe?

August 3, 2022, 7:46 PM UTC
Vault DAO employees pose for a group photo
Upstream CEO Alex Taub (center with hat) launched Vault DAO on Wednesday to help users guard against crypto phishing scams.
Courtesy of Kate Pauley

It’s no secret that crypto has a phishing problem. Users regularly confront fake ads and deceptive social media posts, while a report by the Federal Trade Commission in June said that more than 46,000 people have been victims of crypto scams worth a total of $1 billion in the past 18 months alone.

This situation is what inspired Alex Taub, the CEO of a startup called Upstream, to create a solution: a product called Vault DAO, which prevents a scammer from stealing a person’s entire collection of NFTs even if the user clicks a bad link.

To protect against phishing links and other scams, Vault DAO enables users to create a “vault” that acts as a multi-signature wallet that needs permission from multiple accounts to access its contents.

Taub opened Vault DAO to select users on Wednesday, but he originally created the product for his own use.

“I started doing it for myself and I started to feel a lot better, so I showed it to a few friends,” Taub told Fortune. “They’re like, ‘Can you set me up?’ so we started to set up friends, and the long and the short of it was like ‘Hey, a few tweaks here and you have a product that people could really want.’” 

The user can control the number of accounts needed to access the vault, although Taub recommends it be at least two. For his own vault, which contains NFTs from some of the most popular collections like Bored Ape Yacht Club and CryptoPunks, Taub requires three of his accounts to sign off before he can access the vault. He said this type of layered access gives him peace of mind and it will do the same for Vault DAO users.

“It doesn’t mean I’m going and clicking on every link out there, but I can still be myself without the worry that I’m going to lose, you know, millions of dollars,” Taub said.

Screenshot of Vault DAO
Courtesy of Alex Taub

As for the “DAO” part of the company name, Taub says he built the product using the same no-code technology as is used in building DAOs, or decentralized autonomous organizations, that is the core business of Upstream.

He adds that Vault DAO serves as an alternative to other products such as hardware wallets and “hot” wallets, each of which has its own drawbacks, Taub said. Hardware wallets are seen as more secure because the keys to access your crypto or digital assets are stored on an offline physical device. The downside is that you could always lose the device, Taub said. 

At the same time, internet-connected “hot” wallets can also hold your digital assets, but are usually at the whim of a centralized company, he said. 

With Wednesday’s launch for early-access users, Taub is hoping to gather feedback about how to improve the product. After refining the product based on user input, Taub said he will probably charge a subscription fee for access to Vault DAO in the future and open the product to everyone in the next couple of months.

“It’s not going to answer every security question in the world,” he said. “But it’s going to protect at least this basic hack of, ‘I click on a link; I lose my stuff,’” he said.

Sign up for the Fortune Features email list so you don’t miss our biggest features, exclusive interviews, and investigations.