WiiMee.eth 🟦🟥 Profile picture
🛡 Wallet Security enthusiast ✍ Content & Community @RevokeCash 👨‍🏫 Coaching @BoringSecDAO and beyond
Feb 11, 2023 16 tweets 4 min read
You signed a gasless but probably malicious signature? 😱

If recognized fast enough,
this OpenSea feature might save your asse(t)s.

Add it to your toolbox. 🛠 🛡 2/ In this short tutorial, I'll show you how to increment your counter via the OpenSea frontend.

The goal:

⭐ Invalidate all offer / listings signatures you signed to the Seaport contract (and are still valid)
Oct 13, 2022 14 tweets 6 min read
Intimidated by the new 🦊 warning?

The FIRST time you list a collection (item) to a marketplace, you'll have to use "Set Approval For All".

Why?
The marketplace needs your permission to be able to transfer the NFT / token on your wallet address' behalf if a sale happens.

🧵/1 Image 2/
Keep in mind - Approvals are per:
- Collection
- Service (marketplaces, exchanges etc.)
- Wallet address
- Blockchain

Let's jump into it. 🔍
Oct 5, 2022 15 tweets 5 min read
"Always read what you're signing!"

Ever heard that saying in web3?

I did.

So here's how to READ and RECOGNIZE we're signing an listing to Opensea's Seaport protocol (that we might don't want).

#SaferNFTs 🛡 1/13 Everyone who's been following me for a while knows I tweeted a lot about signature / listing sc4ms.

"Offerer" is one of the biggest red flags you're looking for. 🚩

The message on the right is something you should NEVER see and NEVER expect on a non-marketplace website.

2/13 Image
Aug 8, 2022 14 tweets 9 min read
How to ⁉

Mint your NFT directly from a contract via @etherscan.

Hope this eliminates a lot of approval for alls and malicious signature signs on sc*mmy mint websites.

A detailed tutorial video on how to is in the last posts! 🎥

A step by step 🪡🧵

#SaferNFTs 1/13 First we need to know the contract address of the project that we want to mint.

Several approaches to get it without visiting the website:
1) Discord (official links channel)
2) Opensea (should be listed, 'cause: never be first to mint)
3) Project's Twitterpage

#SaferNFTs 2/13
Jul 19, 2022 10 tweets 6 min read
Web3 basics 101 - Your seedphrase is something you want to protect at ALL cost. If you hand out your seedphrase - it's game over for that wallet (+subwallets).

Here’s a🧵about companies entering web3 and not properly putting disclaimers up for user security.

#SaferNFTs 1/10 I chose @Stepnofficial as an EXAMPLE for this🧵, applies to all others.

For those unfamiliar with #STEPN - they are essentially onboarding people to web3 to earn crypto through their app while being active / moving / running. Which - as a concept is a cool idea.

#SaferNFTs 2/10
Jul 8, 2022 8 tweets 4 min read
Most of your answers said: #2. 🥁

Yes, you didn't see the Origin - which would've made it too easy for y'all! 😂

Here's your answer (dont click the quoted tweet, lol): 💡Solution:

Actually all these 3 screenshots were from @opensea while interacting with the new Seaport protocol.

Correct answer (with known Origin): 2!

1 by 1 screenshot explanation below ⤵
Jul 7, 2022 4 tweets 1 min read
#SaferNFTs 🛡🔒

❓Web3 security quiz❓

Which of the following 3 request is (probably) the safest to approve, and why?

Drop your learnings below ⤵ Image Will reveal the answer tomorrow or so, so me liking your tweets doesn't mean you're right necessarily. ☝️
Jul 6, 2022 4 tweets 3 min read
Now I had everyone's attention with the wallet hygiene 🧵:

Time to compare:
etherscan.io and / or revoke.cash to revoke permissions you gave to your wallet address?

Had split the video, because I'm 🇪🇺 and still can't use Twitter blue.

1/2

#SaferNFTs How to use etherscan.io and / or revoke.cash to revoke permissions you gave to your wallet address?

Had to split the video cause of time limit.

🎶: Calming In The Sun - Alex MakeMusic on Pixabay

Lion animation by: @VonUnruhDesign

2/2

#SaferNFTs
Jul 3, 2022 13 tweets 7 min read
Why wallet hygiene will become more important!

After discovering a recent scam method, were the attackers don’t get you to sign an approval for all txn – rather then just stealing your signature to buy all your approved NFTs for free – here’s a 🧵& video on it.
1/12 #SaferNFTs This scam attack isn’t new (was used in Feb 2022 when Opensea changed their protocol to V2) but was found on a site called imposters(dot)in – video to see what it does at the end of this thread, so you don’t have to visit an connect anything to the site.
2/12 #SaferNFTs
Jul 1, 2022 5 tweets 4 min read
#SaferNFTs 1/2

🚨 A recent scam that popped up is an counterfeit to @PlayImpostors.
Website: imposters(dot)in - immediately prompts you to connect your wallet (1), after connecting it asks for your signature (2) which signs an approval for collections! ImageImage #SaferNFTs 2/2

🚨 The transaction doesn't ask for an approval for all, shows method name "0xf191a7cd" if signed in txn history.

The contract is already marked as Phish / Hack on etherscan.io - Wallet Name being renamed to "Fake_Phishing5816".

etherscan.io/address/0xde61… ImageImage
Apr 13, 2022 14 tweets 4 min read
Here we go again - #SaferNFTs.
I want this to be the only thread 🧵you'll ever need to not get scammed in the wild wild #NFT west.
Do me a favor and share this with everyone you know that needs advice. One wallet saved is worth it! Let's start: 1/13 Image "Never enter your seedphrase" - this 1 is easy. There's only 1 occasion where you enter your seedphrase, and that is to reset / restore a hot wallet or a hardware wallet. YOU prompt that restore, nobody else. Save the seedphrase offline (paper) NO digital files (photos, txt) 2/13