Bu MetaMask Ethereum Cüzdan Güncellemesi, NFT Dolandırıcılıklarını Önlemeye Yardımcı Olabilir

Social media scams are booming in the NFT space, with Twitter and Discord users duped into connecting their crypto cüzdan to malicious akıllı sözleşmeler—and having their NFT'ler and other tokens swiped as a result. Now the top Ethereum cüzdan, MetaMask, has updated its interface to try and help users recognize and avoid such scams.

MetaMask released a new 10.18.0 update to the wallet this week, which includes a change to the way that the software presents a requested setApprovalForAll permission. Granting that permission allows the akıllı sözleşme—the code that powers NFTs and merkezi olmayan uygulamalar—the ability to access and transfer out all NFTs and token kazanabilirsiniz. bir cüzdanda.

Following the update, as security firm Wallet Guard Twitter'da not edildi, MetaMask now makes it clearer that a smart contract is requesting broad permissions, including access to any funds held within the wallet—a function that can be used for so-called “wallet drainer” exploits.

Ekran görüntüleri MetaMask'ta yayınlandı GitHub yazılım geliştirme deposu show a new prompt that uses a larger font than the rest of the interface. The example text reads, “Give permission to access all of your BAYC?” (or Fored Ape Yat Kulübü), with an additional warning reading, “By granting permission, you are allowing the following account to access your funds.”

MetaMask Software Engineer Alex Donesky wrote on GitHub on June 22 that “there is some urgency to get something out there since this method is so commonly used.” He also added that the “timeline is compressed,” and admitted that it wasn’t how he would approach the change if there was more time to develop it.

Indeed, the update comes following a rash of scams that are primarily spread via hacked social media accounts. In the spring, verified accounts of numerous Twitter users were hijacked and used to share scam links inspired by prominent NFT projects like Azuki and Otherside, and steal the NFTs and tokens of users who unwittingly connected their wallets to the smart contracts.

More recently, the Twitter accounts of various NFT projects and notable collectors were hacked to share similar types of links, billing them as a free NFT or token drop. Such scams have taken place via hacked Discord and Instagram accounts as well. It has led to a debate over whether creators and projects should compensate users who lose assets via such scams.

Earlier this month, NFT drop registration platform Premint was impacted by a hack to its website that used the setApprovalForAll function to steal an array of valuable NFTs and tokens from affected users. Ultimately, the firm reimbursed users to the tune of 500,000 doların üzerinde ETH, and bought back and returned a pair of pricey NFT collectibles as well.

“The user interface for the most popular wallets need to be drastically improved to make it near impossible for someone to connect to a wallet drainer,” Premint founder Brenden Mulligan söyledi azalmak geçen hafta. "Bu çözülebilir bir sorun, ancak bir cüzdanı boşaltmanın bu kadar kolay olması ve insanları korumak için daha fazla uyarının bulunmaması çok çılgınca."

Açık olmak gerekirse, MetaMask'ın güncellemesi, kullanıcıların bağlanmaya çalıştığı sözleşme hakkında herhangi bir karara varmaz ve belirlenen dolandırıcılıklara özellikle dikkat çekmez. Ayrıca, NFT pazaryerleri gibi belirli dapp'ler için setApprovalForAll işlevinin potansiyel olarak meşru kullanımları vardır ve bu yalnızca kullanıcının kararını daha da karmaşık hale getirir.

Still, the MetaMask update could help minimize the impact of scams. Some NFT collectors who have fallen for such social media scams have been accused of recklessly approving transactions due to FOMO and speculative frenzy around NFTs, and this extra step might give users pause—and an opportunity to reconsider their actions.

We’ll see whether MetaMask takes this new feature further in future updates, as well as whether competing wallets will adopt similar techniques. Scams aren’t limited to MetaMask users, after all, and not to Ethereum either. Solana has a similar function (signAllTransactions), and a notable NFT collector just fell victim to such a scam via his hayalet cüzdan.

takma ad co-founder of MonkeDAO, Nom, last night tweeted about how his wallet was drained in an attack when he interacted with a smart contract that he thought was safe to use. Nom wrote that he lost about 500 SOL (about $20,200) and NFTs including one from Solana Maymun İşi, which the attacker then 197 SOL'a satıldı ($ 7,736).