banner
Hoodrh

Hoodrh

人文、产品、加密探索(非正式研究)
medium
twitter
substack
hoodrh.top

"Mastering NFT with 30 Short Articles" 18: Ensuring Asset Security

NFTs are one of the foundations of web3. This series will introduce NFTs through 30 short articles, allowing everyone to gain a deep understanding and mastery of NFT-related knowledge from scratch.

In the field of encryption, no one is permanently secure. This article continues to emphasize some details of asset security.

There is an ancient Chinese saying that is very appropriate for discussing security in the field of encryption: "If you often walk by the river, you will not avoid wet shoes." The more transactions we have in the field of encryption, the greater the probability of engaging in behaviors that compromise asset security. We may click on incorrect websites, sign questionable transactions, etc. No one can claim to be absolutely secure. I have heard that a well-known expert in the field of encryption security was maliciously attacked by hackers, resulting in the theft of their wallet. This shows that it is even more important for others to pay sufficient attention to asset security.

We all know that encryption is still a rapidly growing industry, and there are many irregularities present. We may face risks. At the same time, many teams are working to solve these problems, and the infrastructure is becoming better and better. We can believe that these risks will continue to decrease as the industry matures. At this stage, we still need to take basic security precautions to protect our assets. This is why we repeatedly emphasize the need for security precautions.

In terms of asset loss, the worst-case scenario is the leakage of mnemonic phrases. If we store mnemonic phrases in online software and they are obtained by others, we basically lose control of our wallets, and the losses caused by this mistake are irreparable. Everything in the wallet will be lost, and there is no way to recover the damaged assets. If things haven't developed to such a terrible extent, I mean in the case of mnemonic phrase leakage, if the assets in the wallet are still there, the first thing we need to do is to create a new wallet and send all the assets from the leaked wallet to the new wallet. Don't forget to save the mnemonic phrase of the new wallet offline and make a backup.

In addition to mnemonic phrase leakage, another common behavior that causes asset loss is "signing malicious transactions." In this case, we usually authorize others to transfer part of our assets when signing a transaction. This type of transaction is called "setApprovalForAll," and it is dangerous when we consider the type of transaction (equivalent to obtaining wallet operation rights). When we sell NFTs, we need to sign this type of transaction. However, if we buy NFTs or mint NFTs ourselves, we do not need to sign this type of transaction. This point needs to be noted.

If we accidentally sign a "setApprovalForAll" type of transaction during a transaction, we have the opportunity to remedy the situation before the transaction is completed. Usually, at this time, the transaction we signed is in the queue on the chain, waiting for miners to confirm the transaction. We can recover the loss by "canceling the transaction." For instructions on how to cancel a signed transaction, you can refer to the following two documents:

  1. How to Speed Up or Cancel Pending Transactions - Metamask Support
  2. This Twitter thread explains in detail what to do after signing a malicious setApprovalForAll transaction: https://twitter.com/PocketUniverseZ/status/1601089513412997121

Alright, that's it for this article. Before making a transaction, be sure to carefully review the transaction type and regularly keep multiple offline copies of the mnemonic phrase for safekeeping.


If you want to learn more, you can find me in these places:
Digital Territory: Hoodrh

XLog: Hoodrh

Twitter: Hoodrh

Discord Chat Group: Hoodrh

Mirror: Hoodrh

SubStack: Hoodrh

Nostr: npub1e9euzeaeyten7926t2ecmuxkv3l55vefz48jdlsqgcjzwnvykfusmj820c

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.