#SaferNFTs 1/2

🚨 A recent scam that popped up is an counterfeit to @PlayImpostors.
Website: imposters(dot)in - immediately prompts you to connect your wallet (1), after connecting it asks for your signature (2) which signs an approval for collections! ImageImage
#SaferNFTs 2/2

🚨 The transaction doesn't ask for an approval for all, shows method name "0xf191a7cd" if signed in txn history.

The contract is already marked as Phish / Hack on etherscan.io - Wallet Name being renamed to "Fake_Phishing5816".

etherscan.io/address/0xde61… ImageImage
Referencing to scam contract:
0xdE6135B63dEcC47d5A5D47834A7dD241fE61945A

To make it easier to find this tweet searching for that contract.
After talking to @noohp_ in the @BoringSecDAO Discord, this is a threat we have to keep our eyes on.

The signature here allows those scammers to buy your NFTs for 0 ETH. They could even save the signature and if you approve a marketplace later they might pull your assets. 🤯
Added a 🧵 and a video to this type of scam a few minutes ago, if you're interested in reading more:

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with WiiMee.eth 🛡🦺

WiiMee.eth 🛡🦺 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @Wii_Mee

Jul 8
Most of your answers said: #2. 🥁

Yes, you didn't see the Origin - which would've made it too easy for y'all! 😂

Here's your answer (dont click the quoted tweet, lol):
💡Solution:

Actually all these 3 screenshots were from @opensea while interacting with the new Seaport protocol.

Correct answer (with known Origin): 2!

1 by 1 screenshot explanation below ⤵ Image
#1
"Set Approval For All" txn would be a 🚩 and a sign to run away as fast as you can.

Interacting with a marketplace you have to give out the approval for the first listing of a collection, so they can execute a transfer on your behalf if your NFT sells.

A: Blind signing in #3 Image
Read 8 tweets
Jul 7
#SaferNFTs 🛡🔒

❓Web3 security quiz❓

Which of the following 3 request is (probably) the safest to approve, and why?

Drop your learnings below ⤵ Image
Will reveal the answer tomorrow or so, so me liking your tweets doesn't mean you're right necessarily. ☝️
Read 4 tweets
Jul 6
Now I had everyone's attention with the wallet hygiene 🧵:

Time to compare:
etherscan.io and / or revoke.cash to revoke permissions you gave to your wallet address?

Had split the video, because I'm 🇪🇺 and still can't use Twitter blue.

1/2

#SaferNFTs
How to use etherscan.io and / or revoke.cash to revoke permissions you gave to your wallet address?

Had to split the video cause of time limit.

🎶: Calming In The Sun - Alex MakeMusic on Pixabay

Lion animation by: @VonUnruhDesign

2/2

#SaferNFTs
.@RoscoKalis might be some good food for thoughts for @RevokeCash here.
Read 4 tweets
Jul 3
Why wallet hygiene will become more important!

After discovering a recent scam method, were the attackers don’t get you to sign an approval for all txn – rather then just stealing your signature to buy all your approved NFTs for free – here’s a 🧵& video on it.
1/12 #SaferNFTs
This scam attack isn’t new (was used in Feb 2022 when Opensea changed their protocol to V2) but was found on a site called imposters(dot)in – video to see what it does at the end of this thread, so you don’t have to visit an connect anything to the site.
2/12 #SaferNFTs
Red flag #1 🚩: The site prompts you to connect your wallet before you can do anything on there.
Red flag #2 🚩: After you connected the wallet, it will immediately request a signature, here’s where it gets DANGEROUS. Good thing: We can read the EIP-712 code.
3/12 #SaferNFTS
Read 13 tweets
Apr 13
Here we go again - #SaferNFTs.
I want this to be the only thread 🧵you'll ever need to not get scammed in the wild wild #NFT west.
Do me a favor and share this with everyone you know that needs advice. One wallet saved is worth it! Let's start: 1/13 Image
"Never enter your seedphrase" - this 1 is easy. There's only 1 occasion where you enter your seedphrase, and that is to reset / restore a hot wallet or a hardware wallet. YOU prompt that restore, nobody else. Save the seedphrase offline (paper) NO digital files (photos, txt) 2/13
"Get a hardware wallet" - Yes, do it. Right now! Buy a @Ledger, @Trezor, bitbox02 or an alternative. Only purchase hardware wallets from the vendor themselves and check that your delivery is sealed without any pre-filled seedphrases in it. 3/13
Read 14 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(