๐Ÿšจ NFT SECURITY 101 ๐Ÿšจ

NFT hacks are unfortunately quite common today.

Here's an educational thread on the types of hacks and what you can do to avoid them!

1/11 ๐Ÿงต๐Ÿ”ฝ
2) You can get "hacked" if you take any of the actions below:
๐Ÿช™ Initiate a malicious transaction
๐Ÿ“ Sign a malicious signature
๐Ÿ”‘ Share your seed phrase or private key
๐Ÿฆ  Install malware

Remember that hardware wallets just protect against malware and not the other 3 attacks.
3) Most hacks are just social engineering attempts to trick you into initiating a txn or signature.

They need you to move fast so that you don't have time to think.

Common tricks involve greed or fear:
๐Ÿ†“ surprise mints
๐Ÿค‘ airdrops
๐Ÿ‘ป scare tactics (see below)
๐ŸŽ giveaways
4) Another common hack is to try and get you to share your screen (to screenshot your wallet private key QR code) or install remote access software.

5) More advanced attacks try to trick you into installing malware.

Malware doesn't have to be executable files. It could even be PDF or Word documents.
6) Always check the following before initiating a transaction on an unknown website:

๐Ÿ” It shouldn't ask for an approval to your NFTs (see below)
โœ… The contract should be verified on Etherscan
๐Ÿ‘ฅ The contract should be vetted by experts like @0xQuit or @0xfoobar
7) If there's any red flag or doubt in your mind, use a hot/burner wallet!

Degen mints often don't have verified contracts. That's okay, as long as you're minting with a burner wallet that you can afford to lose!
8) If you're signing a transaction on an unknown website, make sure that:

๐Ÿ˜ต You aren't signing a blind signature with a hexcode (starts with 0x)
๐Ÿ“ The signature doesn't belong to an NFT marketplace

For instance, the signature below is clearly a @LooksRare signature.
9) Get a hardware wallet!

Malware attacks are the most sophisticated attacks. Even famous crypto devs/execs have been fooled by a malicious Word or PDF file.

Hardware wallets protect you against those! Make sure to get it from a credible source and brand!
10) Make sure you have at least some of your net worth stored away in a cold wallet / vault.

A cold wallet does not have any token/NFT approvals and is not hooked/configured on any device.

The private key/seed phrase isn't in a digital location (think hardware or paper).
11) Worst case scenario: what happens if my wallet is already compromised?

๐Ÿค– First of all, join the Flashbots Discord and go to the "whitehat-token-rescue-service" channel
โ—๏ธ Mark your NFTs on Opensea as compromised and rename your username to say hacked
I hope you've found this thread helpful.

Follow me @treasuresETH for more content on crypto security and NFT/defi development.

Recommended by
Recommendations from around the web and our community.