NFTs are one of the foundations of web3. This series will introduce NFTs through 30 short articles, allowing everyone to gain a deep understanding and mastery of NFT-related knowledge from scratch.
In the field of cryptography, no one is permanently secure. This article continues to emphasize some details of asset security.
There is an ancient Chinese saying that is very appropriate for discussing security in the field of cryptography: "If you often walk by the river, you will inevitably get your shoes wet." The more transactions we have in the field of cryptography, the greater the probability of engaging in behaviors that compromise asset security. We may click on incorrect websites, sign questionable transactions, and so on. No one can claim to be absolutely safe. I have heard that a well-known expert in the field of cryptography security was hacked and had their wallet stolen. This shows that for others, it is even more important to pay sufficient attention to asset security.
We all know that cryptography is still a rapidly growing industry, and there are many irregularities present. We may face risks. At the same time, many teams are working to solve these problems, and the infrastructure is becoming better and better. We can believe that these risks will continue to decrease as the industry matures. At this stage, we still need to take basic security precautions to protect our assets. This is why we repeatedly emphasize the need for security precautions.
In terms of asset loss, the worst-case scenario is the leakage of mnemonic phrases. If we store mnemonic phrases in online software and others obtain them, we basically lose control of our wallets, and the losses caused by this mistake are irreparable. Everything in the wallet will be lost, and we cannot recover any damaged assets. If things haven't developed to such a terrible extent, I mean in the case of mnemonic phrase leakage, if the assets in the wallet are still intact, the first thing we need to do is create a new wallet and send all the assets from the leaked wallet to the new wallet. Don't forget to save the mnemonic phrase of the new wallet offline and make a backup.
In addition to mnemonic phrase leakage, another common behavior that causes asset loss is "signing malicious transactions". In this case, we usually authorize others to transfer part of our assets when signing a transaction. This type of transaction is called "setApprovalForAll". By looking at the type of this transaction (equivalent to obtaining wallet operation rights), we can see that it is very dangerous. When we sell NFTs, we need to sign this type of transaction. However, if we buy NFTs or mint NFTs ourselves, we do not need to sign this type of transaction. This point needs to be noted.
If we accidentally sign a "setApprovalForAll" type of transaction during a transaction, if we discover it before the transaction is completed, we have the opportunity to remedy it. Usually, at this time, the transaction we signed is in the queue on the chain, waiting for miners to confirm the transaction. We can recover the loss by "canceling the transaction". For instructions on how to cancel a signed transaction, you can refer to the following two documents:
- How to Speed Up or Cancel Pending Transactions - Metamask Support
- This Twitter thread explains in detail what to do after signing a malicious setApprovalForAll transaction: https://twitter.com/PocketUniverseZ/status/1601089513412997121
Alright, that's it for this article. Before making a transaction, be sure to carefully check the transaction type and regularly keep multiple offline backups of your mnemonic phrase.
If you want to learn more, you can find me in these places:
Digital Territory: HoodrhXLog: Hoodrh
Twitter: Hoodrh
Discord Chat Group: Hoodrh
Mirror: Hoodrh
SubStack: Hoodrh
Nostr: npub1e9euzeaeyten7926t2ecmuxkv3l55vefz48jdlsqgcjzwnvykfusmj820c