2️⃣Detects scams 2/2

Part 1 might have been eye-opening for you. Here's a specific scenario that we're positive will happen, where security solutions that only translate/simulate transactions will lead to huge losses for its users.

The function 'setApprovalForAll' assigns or revokes the full approval rights to a given operator.

👍 One of its legitimate uses is to assign it to a contract to stake an NFT.

👎 One of its illegitimate uses is to assign it to a scammer's contract that drains an NFT.

Here's how staking on a legitimate site looks like:

And here's how the same function looks like on a scam site:

There is no visual difference between them. Simulations/translations will also look identical.

The two scenarios above are different; one is on a legitimate site, and another is on a scam site that looks completely different. But what if the scam site looked exactly like the legitimate site?

Here's how that would go down:

A very expensive NFT is about to release staking. All its owners are waiting anxiously to stake. To prepare its users, the project releases the site and a tutorial on how to stake. The site will become active in 24 hours. Suddenly, there is an announcement on Discord. It's out of the original plans and tells people to stake fast for maximum rewards. FOMO kicks in, and users rush to the site. It looks identical to the legitimate one, it works exactly like the tutorial shows, but the URL is different. The Discord has been breached, and scammers have shared a link that drains users' wallets, specifically NFTs from the project. Like the two MetaMask prompts in the previous examples, the wallet request seems legitimate. It asks to 'Allow access to and transfer of all your <expensiveNFT>.' Users without any Web3 security solution that don't realize the URL is malicious lose their expensive NFTs. What about users with a Web3 security solution that simulates/translates the transaction? They will be presented with a simulation/transaction that tells them they are giving permission for their expensive NFT. Nothing will be suspicious about it because the simulation/transaction is correct. They will lose their expensive NFTs.

This is another reason why Web3 security solutions that only simulate/translate transactions will lead to huge losses in the space.

Unfortunately, sharing this information could lead to scammers applying it to steal NFTs. Nevertheless, we feel responsible for you who are educating yourself and reading this page. Whatever your decision on Web3 security solutions is moving forward, you now know a critical piece of information that can help you prevent losses of your valuable NFTs.

Last updated