Thread by Treasure Seeker
- Tweet
- Jan 24, 2023
- #Non-FungibleToken #CryptocurrencySecurity
Thread
๐จ NFT SECURITY 101 ๐จ
NFT hacks are unfortunately quite common today.
Here's an educational thread on the types of hacks and what you can do to avoid them!
1/11 ๐งต๐ฝ
NFT hacks are unfortunately quite common today.
Here's an educational thread on the types of hacks and what you can do to avoid them!
1/11 ๐งต๐ฝ
2) You can get "hacked" if you take any of the actions below:
๐ช Initiate a malicious transaction
๐ Sign a malicious signature
๐ Share your seed phrase or private key
๐ฆ Install malware
Remember that hardware wallets just protect against malware and not the other 3 attacks.
๐ช Initiate a malicious transaction
๐ Sign a malicious signature
๐ Share your seed phrase or private key
๐ฆ Install malware
Remember that hardware wallets just protect against malware and not the other 3 attacks.
3) Most hacks are just social engineering attempts to trick you into initiating a txn or signature.
They need you to move fast so that you don't have time to think.
Common tricks involve greed or fear:
๐ surprise mints
๐ค airdrops
๐ป scare tactics (see below)
๐ giveaways
They need you to move fast so that you don't have time to think.
Common tricks involve greed or fear:
๐ surprise mints
๐ค airdrops
๐ป scare tactics (see below)
๐ giveaways
4) Another common hack is to try and get you to share your screen (to screenshot your wallet private key QR code) or install remote access software.
5) More advanced attacks try to trick you into installing malware.
Malware doesn't have to be executable files. It could even be PDF or Word documents.
decrypt.co/118031/north-korea-linked-lazarus-group-poses-as-vc-firms-to-spread-malware
Malware doesn't have to be executable files. It could even be PDF or Word documents.
decrypt.co/118031/north-korea-linked-lazarus-group-poses-as-vc-firms-to-spread-malware
6) Always check the following before initiating a transaction on an unknown website:
๐ It shouldn't ask for an approval to your NFTs (see below)
โ The contract should be verified on Etherscan
๐ฅ The contract should be vetted by experts like @0xQuit or @0xfoobar
๐ It shouldn't ask for an approval to your NFTs (see below)
โ The contract should be verified on Etherscan
๐ฅ The contract should be vetted by experts like @0xQuit or @0xfoobar
7) If there's any red flag or doubt in your mind, use a hot/burner wallet!
Degen mints often don't have verified contracts. That's okay, as long as you're minting with a burner wallet that you can afford to lose!
Degen mints often don't have verified contracts. That's okay, as long as you're minting with a burner wallet that you can afford to lose!
8) If you're signing a transaction on an unknown website, make sure that:
๐ต You aren't signing a blind signature with a hexcode (starts with 0x)
๐ The signature doesn't belong to an NFT marketplace
For instance, the signature below is clearly a @LooksRare signature.
๐ต You aren't signing a blind signature with a hexcode (starts with 0x)
๐ The signature doesn't belong to an NFT marketplace
For instance, the signature below is clearly a @LooksRare signature.
9) Get a hardware wallet!
Malware attacks are the most sophisticated attacks. Even famous crypto devs/execs have been fooled by a malicious Word or PDF file.
Hardware wallets protect you against those! Make sure to get it from a credible source and brand!
Malware attacks are the most sophisticated attacks. Even famous crypto devs/execs have been fooled by a malicious Word or PDF file.
Hardware wallets protect you against those! Make sure to get it from a credible source and brand!
10) Make sure you have at least some of your net worth stored away in a cold wallet / vault.
A cold wallet does not have any token/NFT approvals and is not hooked/configured on any device.
The private key/seed phrase isn't in a digital location (think hardware or paper).
A cold wallet does not have any token/NFT approvals and is not hooked/configured on any device.
The private key/seed phrase isn't in a digital location (think hardware or paper).
11) Worst case scenario: what happens if my wallet is already compromised?
๐ค First of all, join the Flashbots Discord discord.gg/flashbots and go to the "whitehat-token-rescue-service" channel
โ๏ธ Mark your NFTs on Opensea as compromised and rename your username to say hacked
๐ค First of all, join the Flashbots Discord discord.gg/flashbots and go to the "whitehat-token-rescue-service" channel
โ๏ธ Mark your NFTs on Opensea as compromised and rename your username to say hacked
I hope you've found this thread helpful.
Follow me @treasuresETH for more content on crypto security and NFT/defi development.
Follow me @treasuresETH for more content on crypto security and NFT/defi development.
Mentions
See All
John Knopf @JohnKnopfPhotos
ยท
Jan 24, 2023
Great thread!