Hackers are exploring NFT Discord to find weaknesses. This week, we saw a tragic example when the Discord of CreatureToadz was temporarily attacked.
During the incident, the hacker used this opportunity to post a fake “invisible drop” link, which seemed to point to an NFT minting interface, and then the victims spent ETH (they thought they were minting NFT), but in fact all All of the money was directly transferred to the attacker’s address, and no NFT was minted.
Fortunately, the CreatureToadz team regained control of Discord and will compensate the affected participants. However, this incident reminded us that as NFT minters, we must remain vigilant. In fact, more and more hackers are targeting us.
For today’s post, I collected some tips for safely casting NFT. All in all, these tips can help you avoid or minimize the security issues faced by NFT casting.
First of all, I don’t think this is a comprehensive “best practice” for safely casting NFT, because I may have missed some ideas. But at least, the following tips can help you.
Learn about common NFT scams
Generally speaking, the first step to achieve NFT security is to become familiar with the main scams currently faced by NFT users, and current and future scams may evolve from these types of tricks.
As MyCrypto points out in its useful “Common NFT Scams” guide, attack vectors can include artist or brand impersonation, fake storefronts, etc.
Tip 1: Use a dedicated coin wallet
Suppose you will use a major wallet where you will store your best encrypted artwork, publish your Mirror blog, and handle most of your DeFi activities.
In some cases, criminals may abuse or destroy the permissions granted to these projects by users to steal funds.
“In fact, some websites are created with the intention of stealing funds/NFT? after users grant access to their wallets, so be careful with which Dapp/website you connect to…”
Therefore, isolating the risks surrounding the casting of new collectibles into a secondary wallet, in which you only store a small part of your own encrypted assets, is a simple way to improve the security of the NFT.
Tip 2: Clean up your token authorization regularly
When it comes to granting permissions, regular cleanup is a good idea. Similarly, users usually grant spending approvals to NFT projects in order to interact with them. In the worst case, these spending approvals are unlimited and may be exploited by attackers.
good news? Now you can use Etherscan’s simple Token Approvals Checker tool to clean up risky authorization approvals, in addition to other similar tools.
Tip 3: Pay attention to “Sending ETH”
“If you see this content when casting on the site, please double check your link, double check your URL, double check everything.
If you try to mint a new project, NFT, and see “Sending ETH” appearing on your MetaMask interface, please leave, this is a scam!
This is what happened to the CreatureToadz project earlier this week. A hacker sabotaged Discord, then made a fake bot announcement and secretly collected ETH from the victim (the person who thought he had minted CreatureToadz).
Tip 4: Find official information
Don’t trust the announcements of the Discord robot. Look for communications from official people such as project leaders, administrators, moderators, and verify the casting announcements and other important information across multiple channels (such as Discord, Twitter, community discussions, etc.). If someone randomly sends you a private message and talks about the “coming NFT release”, please ignore it.
Tip 5: After casting, please pay attention to fakes
Suppose a highly anticipated NFT project has just been sold out and you missed the casting. If you want to collect this series of NFTs, you will rush to the secondary market such as OpenSea to participate in the transaction.
And scammers will use the above dynamics to defraud by launching fake and pirated NFT collections.
OpenSea has done a good job cleaning up these lists quickly, but you must be vigilant in these early windows of opportunity.
We are pioneers at the forefront of NFT. There is no shortage of excitement here, but there are also many risks. Follow the above tips and check the URL and contract address several times, which will greatly help to ensure that your NFT collection process remains safe.
Posted by:CoinYuppie，Reprinted with attribution to:https://coinyuppie.com/five-tips-to-be-wary-of-hackers-to-help-you-safely-cast-nfts/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.