How to Protect Yourself From Signing Away Your NFTs Without Knowing

It’s important to be aware that anyone can fall victim to NFT scams. As anyone in the space now knows, even if you are well-read and technical, social engineering or fake websites have duped our friends and respected members in the space. We hope this blog serves as a reminder from Accountable Ant that only YOU can protect yourself from these scams.

The most recent scam to hit the Web3 community yesterday specifically exploited the OpenSea “set approval for all” feature. As leaders have shared more information about this scam in the space, VeeFriends wants to take this opportunity to address the issue and, most importantly, provide our community with some important recommendations and tips to protect against similar attacks in the future.

It’s important to understand that most scams or wallet “hacks” occur because users interact with fake websites or accounts that masquerade as credible persons or legitimate projects.

What Is The “Set Approval For All” Feature

“Set Approval for All” is a feature that allows a smart contract or wallet to transfer tokens (NFTs) from your wallet at any time in the future, as long as you’ve granted the platform (such as OpenSea) permission. NFT marketplaces commonly use this feature to make buying and selling NFTs easier and save money on gas. Instead of permitting each item to be sold separately, you only have to do it once for a whole group of items when using “Set Approval for All.” However, it is important to know to who the “ Set Approval for All” permission is given, as it grants full control over that NFT collection.

Opensea is asking for approval for all

Signing message approving all

2 Simple Steps You Can Take Today to Better Secure Your Wallet

To protect oneself, it is common to practice “wallet separation or siloing” and revoke “approval for all” when it is no longer needed.

1. Wallet separation or siloing is when you use different wallets for different responsibilities, such as a Hot Wallet for connecting to websites and performing smart contract interactions and a Cold Wallet for protecting NFTs and remaining completely offline. This is common best practice for users who frequently interact with websites and minting.
2. Revoking approval for all should be done if you no longer need it set on a collection. For example, if you no longer want to sell an NFT, you can revoke approval for all. You should also transfer the NFT back to the Cold Wallet with approvals off for all NFTs to ensure it is protected. You can visit https://etherscan.io/tokenapprovalchecker OR https://revoke.cash/ (a credible, common site used in the space) to see all of your tokens that have set approval for all in your wallet, including non-VF NFTs and revoke set approval for all.

Additionally, on the VeeFriends website, there is a flag in your profile collection section to show if any of your VF NFTs have set approval for all.

VeeFriends Website Wallet Connection Safety

Safety and simpler user experience were top of mind when we created the new VeeFriends Site. If you still have not created your account on the VeeFriends site, know the following:

• VeeFriends has an upgraded website, where you can create a VeeFriends Sign-In account using email and password or linking to Twitter/Gmail.
• You will only need to connect your hot wallet ONE time. The sooner you do it, the sooner you’ll know future sign-in on VeeFriends DOES NOT require you to connect your wallet for any claims.
• If you have a hardware wallet (which is highly recommended) or use a software wallet, you can link your wallet without connecting it to the website, ensuring that your wallet stays truly COLD.

Read it All and Feeling Lost? 7 Wallet Safety Starter Tips:

1. Do not share your seed phrase EVER
2. Avoid clicking links, especially in DMs on Twitter, Discord, Email, etc. Use bookmarks for frequently used websites and never open or download anything from unknown sources.
3. Disconnect your wallet from “connected sites” regularly
4. Use a hardware wallet: A hardware wallet, such as a Ledger, is a physical device that stores your NFTs and cryptocurrencies offline, making them less vulnerable to cyber attacks.
5. Make sure your cold wallet/hardware wallet has approvals off for all NFTs
6. Use 2FA for added security: Two-factor authentication requires a code and a password when logging in, preventing unauthorized access even if someone has obtained your password.
7. Keep your software and devices up to date: Make sure to keep your operating system and antivirus software up to date with the latest security patches. This will help protect against vulnerabilities that attackers could exploit.

This is not an exhaustive list, and it is recommended that before doing anything in Web3 to educate yourself on how to be safe. Even with the utmost safety, there is always a risk of hacking.

Community Threads with Deeper Discussion on Recent Scam & Security: