Scammers prepare malicious smart contracts to drain the wallets of victims, who connect their wallets to the smart contract. Example: Attackers exploit the standard setApproveForAll call on ERC 21 and ERC 721, which allows the contract owner to transfer any token out of the wallet of a user who signs the contract including a setApprovalForAll transaction. In most cases users are not aware that they are approving a setApproveForAll transaction. Attackers hide the malicious contract call within a smart contract of a supposed free mint for an NFT.
Investors with an affinity for technology should check the lines of code of the smart contract on their own before investing.
M05
Check links
Users/investors should double check the links they press (e.g., have they changed since the last use?).
M06
Check (NFT) collections before buying them
Investors should check the genuineness of a collection or token before buying, even if they were linked by a proven source.
M11
Never share private keys or seed phrases
Cryptocurrency investors should never share their private keys or seed phrases with anyone. Legitimate persons will never ask for that information. They should also avoid using screen sharing to solve technical problems since some apps include QR codes of private keys or seed phrases which could show up during the session.
M12
Avoid / turn off direct messages / Ingore strangers
Investors, who use messenger apps, should use restricting settings. Users should never trust anyone they do not know and who is contacting them in a private message. Legitimate admins of real projects will never send a direct message first.
M13
Check charities before donating
Donors should get as much information as they can before contributing to a charity or project.
