🛡 Wallet Security enthusiast
✍ Content & Community @RevokeCash
👨🏫 Coaching @BoringSecDAO and beyond
Feb 11, 2023 • 16 tweets • 4 min read
You signed a gasless but probably malicious signature? 😱
If recognized fast enough,
this OpenSea feature might save your asse(t)s.
Add it to your toolbox. 🛠 🛡
2/ In this short tutorial, I'll show you how to increment your counter via the OpenSea frontend.
The goal:
⭐ Invalidate all offer / listings signatures you signed to the Seaport contract (and are still valid)
Oct 13, 2022 • 14 tweets • 6 min read
Intimidated by the new 🦊 warning?
The FIRST time you list a collection (item) to a marketplace, you'll have to use "Set Approval For All".
Why?
The marketplace needs your permission to be able to transfer the NFT / token on your wallet address' behalf if a sale happens.
🧵/1 2/ Keep in mind - Approvals are per:
- Collection
- Service (marketplaces, exchanges etc.)
- Wallet address
- Blockchain
Let's jump into it. 🔍
Oct 5, 2022 • 15 tweets • 5 min read
"Always read what you're signing!"
Ever heard that saying in web3?
I did.
So here's how to READ and RECOGNIZE we're signing an listing to Opensea's Seaport protocol (that we might don't want).
#SaferNFTs 🛡 1/13
Everyone who's been following me for a while knows I tweeted a lot about signature / listing sc4ms.
"Offerer" is one of the biggest red flags you're looking for. 🚩
The message on the right is something you should NEVER see and NEVER expect on a non-marketplace website.
2/13
Aug 8, 2022 • 14 tweets • 9 min read
How to ⁉
Mint your NFT directly from a contract via @etherscan.
Hope this eliminates a lot of approval for alls and malicious signature signs on sc*mmy mint websites.
A detailed tutorial video on how to is in the last posts! 🎥
A step by step 🪡🧵
#SaferNFTs 1/13
First we need to know the contract address of the project that we want to mint.
Several approaches to get it without visiting the website: 1) Discord (official links channel) 2) Opensea (should be listed, 'cause: never be first to mint) 3) Project's Twitterpage
Web3 basics 101 - Your seedphrase is something you want to protect at ALL cost. If you hand out your seedphrase - it's game over for that wallet (+subwallets).
Here’s a🧵about companies entering web3 and not properly putting disclaimers up for user security.
For those unfamiliar with #STEPN - they are essentially onboarding people to web3 to earn crypto through their app while being active / moving / running. Which - as a concept is a cool idea.
After discovering a recent scam method, were the attackers don’t get you to sign an approval for all txn – rather then just stealing your signature to buy all your approved NFTs for free – here’s a 🧵& video on it.
1/12 #SaferNFTs
This scam attack isn’t new (was used in Feb 2022 when Opensea changed their protocol to V2) but was found on a site called imposters(dot)in – video to see what it does at the end of this thread, so you don’t have to visit an connect anything to the site.
2/12 #SaferNFTs
🚨 A recent scam that popped up is an counterfeit to @PlayImpostors.
Website: imposters(dot)in - immediately prompts you to connect your wallet (1), after connecting it asks for your signature (2) which signs an approval for collections! #SaferNFTs 2/2
🚨 The transaction doesn't ask for an approval for all, shows method name "0xf191a7cd" if signed in txn history.
The contract is already marked as Phish / Hack on etherscan.io - Wallet Name being renamed to "Fake_Phishing5816".
Here we go again - #SaferNFTs.
I want this to be the only thread 🧵you'll ever need to not get scammed in the wild wild #NFT west.
Do me a favor and share this with everyone you know that needs advice. One wallet saved is worth it! Let's start: 1/13
"Never enter your seedphrase" - this 1 is easy. There's only 1 occasion where you enter your seedphrase, and that is to reset / restore a hot wallet or a hardware wallet. YOU prompt that restore, nobody else. Save the seedphrase offline (paper) NO digital files (photos, txt) 2/13