Discover and read the best of Twitter Threads about #safernfts
Most recents (11)
Intimidated by the new 🦊 warning?
The FIRST time you list a collection (item) to a marketplace, you'll have to use "Set Approval For All".
Why?
The marketplace needs your permission to be able to transfer the NFT / token on your wallet address' behalf if a sale happens.
🧵/1
The FIRST time you list a collection (item) to a marketplace, you'll have to use "Set Approval For All".
Why?
The marketplace needs your permission to be able to transfer the NFT / token on your wallet address' behalf if a sale happens.
🧵/1
2/
Keep in mind - Approvals are per:
- Collection
- Service (marketplaces, exchanges etc.)
- Wallet address
- Blockchain
Let's jump into it. 🔍
Keep in mind - Approvals are per:
- Collection
- Service (marketplaces, exchanges etc.)
- Wallet address
- Blockchain
Let's jump into it. 🔍
3/
Let's break this request from Opensea down as an example.
How do we tell if this is actually a legit and safe approval request?
Let's break this request from Opensea down as an example.
How do we tell if this is actually a legit and safe approval request?
Quiz time ⁉
Saw my latest private listings to Opensea 🧵/📺?
1️⃣ Which collection would be listed with this signature? What tokenIDs?
Hint: 0x8943C7bAC1914C9A7ABa750Bf2B6B09Fd21037E0
2️⃣ Which of the two signatures would "sell" your NFTs for free? And why?
No clue? Read on.
Saw my latest private listings to Opensea 🧵/📺?
1️⃣ Which collection would be listed with this signature? What tokenIDs?
Hint: 0x8943C7bAC1914C9A7ABa750Bf2B6B09Fd21037E0
2️⃣ Which of the two signatures would "sell" your NFTs for free? And why?
No clue? Read on.
Created this 🧵: "Always read what you're signing!" last week. There's a 20 minute video at the end of it, explaining details on Opensea listing signatures.
If you haven't be sure to check it out! ⤵
#SaferNFTs 🛡
If you haven't be sure to check it out! ⤵
#SaferNFTs 🛡
The amount of answers doesn't surprise me measured with my engagement.
Thx Twitter! 💀☠️
Thx Twitter! 💀☠️
"Always read what you're signing!"
Ever heard that saying in web3?
I did.
So here's how to READ and RECOGNIZE we're signing an listing to Opensea's Seaport protocol (that we might don't want).
#SaferNFTs 🛡 1/13
Ever heard that saying in web3?
I did.
So here's how to READ and RECOGNIZE we're signing an listing to Opensea's Seaport protocol (that we might don't want).
#SaferNFTs 🛡 1/13
Everyone who's been following me for a while knows I tweeted a lot about signature / listing sc4ms.
"Offerer" is one of the biggest red flags you're looking for. 🚩
The message on the right is something you should NEVER see and NEVER expect on a non-marketplace website.
2/13
"Offerer" is one of the biggest red flags you're looking for. 🚩
The message on the right is something you should NEVER see and NEVER expect on a non-marketplace website.
2/13
But before we take a look at the drainer above - let's analyze what an legit Opensea listing signature would look like. 💡
3/13
3/13
How to ⁉
Mint your NFT directly from a contract via @etherscan.
Hope this eliminates a lot of approval for alls and malicious signature signs on sc*mmy mint websites.
A detailed tutorial video on how to is in the last posts! 🎥
A step by step 🪡🧵
#SaferNFTs 1/13
Mint your NFT directly from a contract via @etherscan.
Hope this eliminates a lot of approval for alls and malicious signature signs on sc*mmy mint websites.
A detailed tutorial video on how to is in the last posts! 🎥
A step by step 🪡🧵
#SaferNFTs 1/13
First we need to know the contract address of the project that we want to mint.
Several approaches to get it without visiting the website:
1) Discord (official links channel)
2) Opensea (should be listed, 'cause: never be first to mint)
3) Project's Twitterpage
#SaferNFTs 2/13
Several approaches to get it without visiting the website:
1) Discord (official links channel)
2) Opensea (should be listed, 'cause: never be first to mint)
3) Project's Twitterpage
#SaferNFTs 2/13
Example: Looking for the contract address on Opensea?
Open the collection on Opensea, navigate down.
Under traits of an NFT, expand the "Details" tab. Clicking on contract address views it on etherscan.io directly.
#SaferNFTs 3/13
Open the collection on Opensea, navigate down.
Under traits of an NFT, expand the "Details" tab. Clicking on contract address views it on etherscan.io directly.
#SaferNFTs 3/13
Web3 basics 101 - Your seedphrase is something you want to protect at ALL cost. If you hand out your seedphrase - it's game over for that wallet (+subwallets).
Here’s a🧵about companies entering web3 and not properly putting disclaimers up for user security.
#SaferNFTs 1/10
Here’s a🧵about companies entering web3 and not properly putting disclaimers up for user security.
#SaferNFTs 1/10
I chose @Stepnofficial as an EXAMPLE for this🧵, applies to all others.
For those unfamiliar with #STEPN - they are essentially onboarding people to web3 to earn crypto through their app while being active / moving / running. Which - as a concept is a cool idea.
#SaferNFTs 2/10
For those unfamiliar with #STEPN - they are essentially onboarding people to web3 to earn crypto through their app while being active / moving / running. Which - as a concept is a cool idea.
#SaferNFTs 2/10
STEPN launched on $sol originally, expanded to $bnb and now added $eth. Different chains are referred to as realms. Basically = servers, if you're familiar with MMORPGs. Solana Realm, BNB Realm and APE Realm.
Ok, onto the security part already @Wii_Mee!
#SaferNFTs 3/10
Ok, onto the security part already @Wii_Mee!
#SaferNFTs 3/10
Most of your answers said: #2. 🥁
Yes, you didn't see the Origin - which would've made it too easy for y'all! 😂
Here's your answer (dont click the quoted tweet, lol):
Yes, you didn't see the Origin - which would've made it too easy for y'all! 😂
Here's your answer (dont click the quoted tweet, lol):
💡Solution:
Actually all these 3 screenshots were from @opensea while interacting with the new Seaport protocol.
Correct answer (with known Origin): 2!
1 by 1 screenshot explanation below ⤵
Actually all these 3 screenshots were from @opensea while interacting with the new Seaport protocol.
Correct answer (with known Origin): 2!
1 by 1 screenshot explanation below ⤵
#1
"Set Approval For All" txn would be a 🚩 and a sign to run away as fast as you can.
Interacting with a marketplace you have to give out the approval for the first listing of a collection, so they can execute a transfer on your behalf if your NFT sells.
A: Blind signing in #3
"Set Approval For All" txn would be a 🚩 and a sign to run away as fast as you can.
Interacting with a marketplace you have to give out the approval for the first listing of a collection, so they can execute a transfer on your behalf if your NFT sells.
A: Blind signing in #3
#SaferNFTs 🛡🔒
❓Web3 security quiz❓
Which of the following 3 request is (probably) the safest to approve, and why?
Drop your learnings below ⤵
❓Web3 security quiz❓
Which of the following 3 request is (probably) the safest to approve, and why?
Drop your learnings below ⤵
Will reveal the answer tomorrow or so, so me liking your tweets doesn't mean you're right necessarily. ☝️
💡Mini solution thread:
Now I had everyone's attention with the wallet hygiene 🧵:
Time to compare:
etherscan.io and / or revoke.cash to revoke permissions you gave to your wallet address?
Had split the video, because I'm 🇪🇺 and still can't use Twitter blue.
1/2 ➡
#SaferNFTs
Time to compare:
etherscan.io and / or revoke.cash to revoke permissions you gave to your wallet address?
Had split the video, because I'm 🇪🇺 and still can't use Twitter blue.
1/2 ➡
#SaferNFTs
How to use etherscan.io and / or revoke.cash to revoke permissions you gave to your wallet address?
Had to split the video cause of time limit.
🎶: Calming In The Sun - Alex MakeMusic on Pixabay
Lion animation by: @VonUnruhDesign
2/2
#SaferNFTs
Had to split the video cause of time limit.
🎶: Calming In The Sun - Alex MakeMusic on Pixabay
Lion animation by: @VonUnruhDesign
2/2
#SaferNFTs
.@RoscoKalis might be some good food for thoughts for @RevokeCash here.
Why wallet hygiene will become more important!
After discovering a recent scam method, were the attackers don’t get you to sign an approval for all txn – rather then just stealing your signature to buy all your approved NFTs for free – here’s a 🧵& video on it.
1/12 #SaferNFTs
After discovering a recent scam method, were the attackers don’t get you to sign an approval for all txn – rather then just stealing your signature to buy all your approved NFTs for free – here’s a 🧵& video on it.
1/12 #SaferNFTs
This scam attack isn’t new (was used in Feb 2022 when Opensea changed their protocol to V2) but was found on a site called imposters(dot)in – video to see what it does at the end of this thread, so you don’t have to visit an connect anything to the site.
2/12 #SaferNFTs
2/12 #SaferNFTs
Red flag #1 🚩: The site prompts you to connect your wallet before you can do anything on there.
Red flag #2 🚩: After you connected the wallet, it will immediately request a signature, here’s where it gets DANGEROUS. Good thing: We can read the EIP-712 code.
3/12 #SaferNFTS
Red flag #2 🚩: After you connected the wallet, it will immediately request a signature, here’s where it gets DANGEROUS. Good thing: We can read the EIP-712 code.
3/12 #SaferNFTS
#SaferNFTs 1/2
🚨 A recent scam that popped up is an counterfeit to @PlayImpostors.
Website: imposters(dot)in - immediately prompts you to connect your wallet (1), after connecting it asks for your signature (2) which signs an approval for collections!
🚨 A recent scam that popped up is an counterfeit to @PlayImpostors.
Website: imposters(dot)in - immediately prompts you to connect your wallet (1), after connecting it asks for your signature (2) which signs an approval for collections!
#SaferNFTs 2/2
🚨 The transaction doesn't ask for an approval for all, shows method name "0xf191a7cd" if signed in txn history.
The contract is already marked as Phish / Hack on etherscan.io - Wallet Name being renamed to "Fake_Phishing5816".
etherscan.io/address/0xde61…
🚨 The transaction doesn't ask for an approval for all, shows method name "0xf191a7cd" if signed in txn history.
The contract is already marked as Phish / Hack on etherscan.io - Wallet Name being renamed to "Fake_Phishing5816".
etherscan.io/address/0xde61…
Referencing to scam contract:
0xdE6135B63dEcC47d5A5D47834A7dD241fE61945A
To make it easier to find this tweet searching for that contract.
0xdE6135B63dEcC47d5A5D47834A7dD241fE61945A
To make it easier to find this tweet searching for that contract.
Here we go again - #SaferNFTs.
I want this to be the only thread 🧵you'll ever need to not get scammed in the wild wild #NFT west.
Do me a favor and share this with everyone you know that needs advice. One wallet saved is worth it! Let's start: 1/13
I want this to be the only thread 🧵you'll ever need to not get scammed in the wild wild #NFT west.
Do me a favor and share this with everyone you know that needs advice. One wallet saved is worth it! Let's start: 1/13
"Never enter your seedphrase" - this 1 is easy. There's only 1 occasion where you enter your seedphrase, and that is to reset / restore a hot wallet or a hardware wallet. YOU prompt that restore, nobody else. Save the seedphrase offline (paper) NO digital files (photos, txt) 2/13
