After discovering a recent scam method, were the attackers don’t get you to sign an approval for all txn – rather then just stealing your signature to buy all your approved NFTs for free – here’s a 🧵& video on it.
1/12 #SaferNFTs
This scam attack isn’t new (was used in Feb 2022 when Opensea changed their protocol to V2) but was found on a site called imposters(dot)in – video to see what it does at the end of this thread, so you don’t have to visit an connect anything to the site.
2/12 #SaferNFTs
Red flag #1 🚩: The site prompts you to connect your wallet before you can do anything on there.
Red flag #2 🚩: After you connected the wallet, it will immediately request a signature, here’s where it gets DANGEROUS. Good thing: We can read the EIP-712 code.
3/12 #SaferNFTS
The signature might not look that scary – because it doesn’t ask for an approval for all transaction – that's what most scams / fake mints do nowadays.
But: Signing this signature request might do more damage than an approval for all for a collection.
4/12 #SaferNFTs
But why @Wii_Mee you’d ask?
Because it grants the scammers contract (and the linked wallet) the ability to BUY all your APPROVED collections to the specific contract under “exchange” for 0 ETH (or whatever tokens) for like 52 years time. 5/12 #SaferNFTs
The worst part about this: The signature itself is stored for the attacker and can’t be removed via sites like revoke.cash or etherscan.io. Plus: There's no way to find out what kind of signatures you signed - unlike transaction approvals.
6/12 #SaferNFTs
This means, even if you don't have any active approvals to the specific marketplace contract at the moment of signing this request, they could wait and execute your stored signature if you ever approve something to that target contract again.
7/12 #SaferNFTs
Knowing all this – what can we do?
Don't sign any signature request like the one in the video below from random sites EVER.
The magic word is wallet hygiene. Meaning: Check your token approvals regularly and revoke contracts that you're no longer interacting with.
8/12 #SaferNFTs
My advice: Remove all unused contracts and the old “OwnableDelegateProxy” approvals for @opensea when gas is cheap (I'd go for 10gwei).
Opensea switched to the SeaPort protocol in May '22 and are now using an approval shown as “OpenSea: Conduit” for new listings.
9/12 #SaferNFTs
Wise people in the @BoringSecDAO advice you to use 4 wallets:
- A vault wallet with 0 approvals
- A buying / selling wallet – Marketplaces only
- A degen mint wallet (I recommend making new ones for every free mint)
- Non-degen mint wallet (for speed mostly)
10/12 #SaferNFTs
TLDR:
Always pay attention to WHAT kind of signatures / transaction you sign with your private key. Treat it like a real life signature!
And most importantly bring your valuable assets into a wallet / vault where you have close to 0 or 0 approvals for anything.
11/12 #SaferNFTs
Extra:
Link to the video I made about this thread and explaining everything a bit more detailed and visualized.
If this thread was helpful to you, I'd be happy if you hit the follow button!
Stay safe frens! 🦊🛡🔒
12/12 #SaferNFTs
One more extra:
Origin tweet from a few days ago shows you the txn that is executed on etherscan shown as "0xf191a7cd".
Contract address used in this scam:
0xdE6135B63dEcC47d5A5D47834A7dD241fE61945A
Here we go again - #SaferNFTs.
I want this to be the only thread 🧵you'll ever need to not get scammed in the wild wild #NFT west.
Do me a favor and share this with everyone you know that needs advice. One wallet saved is worth it! Let's start: 1/13
"Never enter your seedphrase" - this 1 is easy. There's only 1 occasion where you enter your seedphrase, and that is to reset / restore a hot wallet or a hardware wallet. YOU prompt that restore, nobody else. Save the seedphrase offline (paper) NO digital files (photos, txt) 2/13
"Get a hardware wallet" - Yes, do it. Right now! Buy a @Ledger, @Trezor, bitbox02 or an alternative. Only purchase hardware wallets from the vendor themselves and check that your delivery is sealed without any pre-filled seedphrases in it. 3/13