Victims connect their wallets to malicious websites or smart contracts since they believe to connect the wallet to a service of a ligitimate project, e.g. to mint an NFT or to stake their tokens. The malicious website or smart contract asks for privileges to drain the wallet. The vicitms usually sign the requested contract transaction without any knowledge or aweness about the consequences.
Sub techniques (7)
| ID | Mitigation | Description |
|---|---|---|
| M01 | Audit | DAO projects should commission audits before the go live of their smart contracts. |
| M02 | Check smart contract | Investors with an affinity for technology should check the lines of code of the smart contract on their own before investing. |
| M04 | Collect information on new projects | Investors should collect as much information about a project as possible before investing. |
| M05 | Check links | Users/investors should double check the links they press (e.g., have they changed since the last use?). |
| M06 | Check (NFT) collections before buying them | Investors should check the genuineness of a collection or token before buying, even if they were linked by a proven source. |
| M15 | Read the transaction message before signing | Before signing a transaction users should read the transaction message, which shows the kind of transaction they sign (e.g. send transaction, smart contract interaction). |
| M16 | Use new wallet for NFT mints | For random mints users should use a clean wallet to avoid huge losses in case the wallet gets drained. |
| M17 | Use a hardware wallet | Hardware wallets protect users to lose their private keys to scammers. Additionally, hardware wallets ask for another assignment before users can send tokens out of it. This additional allowance might help to think twice and not to be scammed. |
| M18 | Do not mint NFTs with risky conditions | Mints with risky conditions, e.g. hold an expensive NFT within the wallet to be able to be eligible for the mint, should be avoided. |
| M19 | Do not stake coins/tokens on random websites / exchanges | Users should not stake coins or tokens on random websites, since they may loose them. |