How not to lose everything on the airdrop of tokens or "free" NFT
Warnings from
richerd In connection with the recent hacks after the airdrops of tokens, many questions arise as to what you can and what you definitely should not do, so as not to violate the safety of your wallet.
https://twitter.com/richerd/status/1440169148206645257 1. When airdrop receives tokens that contain the name of the site - beware of going to this site, because when connecting - you will either be asked to drive a seed phrase / sign a transaction / permission to spend tokens from your wallet.
2. MetaMask is extremely bad at displaying what is happening behind the scenes.
Many wallet users simply click "Confirm", in fact seeing what it is they are confirming.
MetaMask really needs to improve its user interface in this aspect.
3. It is impossible to compromise the entire wallet by visiting the site or signing a message / transaction, interaction with the contract is also cannot provide carte blanche to a fraudster.
4. The real danger is that signing unknown messages in MetaMask theses can allow absolutely any transaction to be executed.
Exactly what you need: use a Ledger / Trezor wallet and never drive in the seed phrase / do not store it in a text file on the computer (on Twitter today, one character was hijacked by a $394K NFT due to careless storage of a text file with a private key in the cloud service) .
5. If an airdrop NFT came to your wallet in open sea, then there are four important non:
1) You cannot move the NFT, because the interaction will be with the NFT contract, which you cannot trust
2) Do not accept bets on Opensea that came on that malicious NFT
3) Do not chat with strangers on discord / especially if they claim to be OpenSea support and others
4) Do not share your screen with the function session / access records of strangers to your hot wallet (an attacker may try to export / display the private key)
Interacting with an unwanted NFT contract may allow all your nft to be moved