Actually all these 3 screenshots were from @opensea while interacting with the new Seaport protocol.
Correct answer (with known Origin): 2!
1 by 1 screenshot explanation below ⤵
#1
"Set Approval For All" txn would be a 🚩 and a sign to run away as fast as you can.
Interacting with a marketplace you have to give out the approval for the first listing of a collection, so they can execute a transfer on your behalf if your NFT sells.
A: Blind signing in #3
#2
This is a pretty simple signature request (like connecting) that doesn't trigger a blockchain transaction.
You're validating that you own the address here.
Important: From TRUSTED sources (& without a lot of code in it) those simple signatures / message signs should be fine.
The name is a bit misleading, it was called "contract data" before an update (see the 📸).
This #Ledger is a wallet to sell from, if you trust the source you CAN sign this. And you'll have to on @opensea because otherwise you can't list the NFT.
Hope y'all had some fun with this little question about #web3 security.
Let me know if you're interested in quiz questions from time to time.
After discovering a recent scam method, were the attackers don’t get you to sign an approval for all txn – rather then just stealing your signature to buy all your approved NFTs for free – here’s a 🧵& video on it.
1/12 #SaferNFTs
This scam attack isn’t new (was used in Feb 2022 when Opensea changed their protocol to V2) but was found on a site called imposters(dot)in – video to see what it does at the end of this thread, so you don’t have to visit an connect anything to the site.
2/12 #SaferNFTs
Red flag #1 🚩: The site prompts you to connect your wallet before you can do anything on there.
Red flag #2 🚩: After you connected the wallet, it will immediately request a signature, here’s where it gets DANGEROUS. Good thing: We can read the EIP-712 code.
3/12 #SaferNFTS
🚨 A recent scam that popped up is an counterfeit to @PlayImpostors.
Website: imposters(dot)in - immediately prompts you to connect your wallet (1), after connecting it asks for your signature (2) which signs an approval for collections!
Here we go again - #SaferNFTs.
I want this to be the only thread 🧵you'll ever need to not get scammed in the wild wild #NFT west.
Do me a favor and share this with everyone you know that needs advice. One wallet saved is worth it! Let's start: 1/13
"Never enter your seedphrase" - this 1 is easy. There's only 1 occasion where you enter your seedphrase, and that is to reset / restore a hot wallet or a hardware wallet. YOU prompt that restore, nobody else. Save the seedphrase offline (paper) NO digital files (photos, txt) 2/13
"Get a hardware wallet" - Yes, do it. Right now! Buy a @Ledger, @Trezor, bitbox02 or an alternative. Only purchase hardware wallets from the vendor themselves and check that your delivery is sealed without any pre-filled seedphrases in it. 3/13