Discover and read the best of Twitter Threads about #safernfts

Most recents (11)

Intimidated by the new 🦊 warning?

The FIRST time you list a collection (item) to a marketplace, you'll have to use "Set Approval For All".

Why?
The marketplace needs your permission to be able to transfer the NFT / token on your wallet address' behalf if a sale happens.

🧵/1 Image
2/
Keep in mind - Approvals are per:
- Collection
- Service (marketplaces, exchanges etc.)
- Wallet address
- Blockchain

Let's jump into it. 🔍
3/
Let's break this request from Opensea down as an example.
How do we tell if this is actually a legit and safe approval request? Image
Read 14 tweets
Quiz time ⁉

Saw my latest private listings to Opensea 🧵/📺?

1️⃣ Which collection would be listed with this signature? What tokenIDs?
Hint: 0x8943C7bAC1914C9A7ABa750Bf2B6B09Fd21037E0

2️⃣ Which of the two signatures would "sell" your NFTs for free? And why?

No clue? Read on. ImageImage
Created this 🧵: "Always read what you're signing!" last week. There's a 20 minute video at the end of it, explaining details on Opensea listing signatures.

If you haven't be sure to check it out! ⤵

#SaferNFTs 🛡

The amount of answers doesn't surprise me measured with my engagement.
Thx Twitter! 💀☠️
Read 3 tweets
"Always read what you're signing!"

Ever heard that saying in web3?

I did.

So here's how to READ and RECOGNIZE we're signing an listing to Opensea's Seaport protocol (that we might don't want).

#SaferNFTs 🛡 1/13
Everyone who's been following me for a while knows I tweeted a lot about signature / listing sc4ms.

"Offerer" is one of the biggest red flags you're looking for. 🚩

The message on the right is something you should NEVER see and NEVER expect on a non-marketplace website.

2/13 Image
But before we take a look at the drainer above - let's analyze what an legit Opensea listing signature would look like. 💡

3/13
Read 15 tweets
How to ⁉

Mint your NFT directly from a contract via @etherscan.

Hope this eliminates a lot of approval for alls and malicious signature signs on sc*mmy mint websites.

A detailed tutorial video on how to is in the last posts! 🎥

A step by step 🪡🧵

#SaferNFTs 1/13
First we need to know the contract address of the project that we want to mint.

Several approaches to get it without visiting the website:
1) Discord (official links channel)
2) Opensea (should be listed, 'cause: never be first to mint)
3) Project's Twitterpage

#SaferNFTs 2/13
Example: Looking for the contract address on Opensea?

Open the collection on Opensea, navigate down.
Under traits of an NFT, expand the "Details" tab. Clicking on contract address views it on etherscan.io directly.

#SaferNFTs 3/13
Read 14 tweets
Web3 basics 101 - Your seedphrase is something you want to protect at ALL cost. If you hand out your seedphrase - it's game over for that wallet (+subwallets).

Here’s a🧵about companies entering web3 and not properly putting disclaimers up for user security.

#SaferNFTs 1/10
I chose @Stepnofficial as an EXAMPLE for this🧵, applies to all others.

For those unfamiliar with #STEPN - they are essentially onboarding people to web3 to earn crypto through their app while being active / moving / running. Which - as a concept is a cool idea.

#SaferNFTs 2/10
STEPN launched on $sol originally, expanded to $bnb and now added $eth. Different chains are referred to as realms. Basically = servers, if you're familiar with MMORPGs. Solana Realm, BNB Realm and APE Realm.

Ok, onto the security part already @Wii_Mee!

#SaferNFTs 3/10
Read 10 tweets
Most of your answers said: #2. 🥁

Yes, you didn't see the Origin - which would've made it too easy for y'all! 😂

Here's your answer (dont click the quoted tweet, lol):
💡Solution:

Actually all these 3 screenshots were from @opensea while interacting with the new Seaport protocol.

Correct answer (with known Origin): 2!

1 by 1 screenshot explanation below ⤵
#1
"Set Approval For All" txn would be a 🚩 and a sign to run away as fast as you can.

Interacting with a marketplace you have to give out the approval for the first listing of a collection, so they can execute a transfer on your behalf if your NFT sells.

A: Blind signing in #3
Read 8 tweets
#SaferNFTs 🛡🔒

❓Web3 security quiz❓

Which of the following 3 request is (probably) the safest to approve, and why?

Drop your learnings below ⤵ Image
Will reveal the answer tomorrow or so, so me liking your tweets doesn't mean you're right necessarily. ☝️
Read 4 tweets
Now I had everyone's attention with the wallet hygiene 🧵:

Time to compare:
etherscan.io and / or revoke.cash to revoke permissions you gave to your wallet address?

Had split the video, because I'm 🇪🇺 and still can't use Twitter blue.

1/2

#SaferNFTs
How to use etherscan.io and / or revoke.cash to revoke permissions you gave to your wallet address?

Had to split the video cause of time limit.

🎶: Calming In The Sun - Alex MakeMusic on Pixabay

Lion animation by: @VonUnruhDesign

2/2

#SaferNFTs
.@RoscoKalis might be some good food for thoughts for @RevokeCash here.
Read 4 tweets
Why wallet hygiene will become more important!

After discovering a recent scam method, were the attackers don’t get you to sign an approval for all txn – rather then just stealing your signature to buy all your approved NFTs for free – here’s a 🧵& video on it.
1/12 #SaferNFTs
This scam attack isn’t new (was used in Feb 2022 when Opensea changed their protocol to V2) but was found on a site called imposters(dot)in – video to see what it does at the end of this thread, so you don’t have to visit an connect anything to the site.
2/12 #SaferNFTs
Red flag #1 🚩: The site prompts you to connect your wallet before you can do anything on there.
Red flag #2 🚩: After you connected the wallet, it will immediately request a signature, here’s where it gets DANGEROUS. Good thing: We can read the EIP-712 code.
3/12 #SaferNFTS
Read 13 tweets
#SaferNFTs 1/2

🚨 A recent scam that popped up is an counterfeit to @PlayImpostors.
Website: imposters(dot)in - immediately prompts you to connect your wallet (1), after connecting it asks for your signature (2) which signs an approval for collections! ImageImage
#SaferNFTs 2/2

🚨 The transaction doesn't ask for an approval for all, shows method name "0xf191a7cd" if signed in txn history.

The contract is already marked as Phish / Hack on etherscan.io - Wallet Name being renamed to "Fake_Phishing5816".

etherscan.io/address/0xde61… ImageImage
Referencing to scam contract:
0xdE6135B63dEcC47d5A5D47834A7dD241fE61945A

To make it easier to find this tweet searching for that contract.
Read 5 tweets
Here we go again - #SaferNFTs.
I want this to be the only thread 🧵you'll ever need to not get scammed in the wild wild #NFT west.
Do me a favor and share this with everyone you know that needs advice. One wallet saved is worth it! Let's start: 1/13 Image
"Never enter your seedphrase" - this 1 is easy. There's only 1 occasion where you enter your seedphrase, and that is to reset / restore a hot wallet or a hardware wallet. YOU prompt that restore, nobody else. Save the seedphrase offline (paper) NO digital files (photos, txt) 2/13
"Get a hardware wallet" - Yes, do it. Right now! Buy a @Ledger, @Trezor, bitbox02 or an alternative. Only purchase hardware wallets from the vendor themselves and check that your delivery is sealed without any pre-filled seedphrases in it. 3/13
Read 14 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!