Free Mint's latest scam, don't take advantage of it, you must DYOR!

In a bear market, it is difficult to survive and difficult to ascend to the sky.

In a bear market, people's joys and sorrows are not the same, and the endings are also different. The leek side is running Meituan; the project side is doing Freemint; those bigwigs are doing rebates, and they are talking about the famous Planb.

The leeks who run Meituan, in the summer when the body temperature is nearly 40 degrees, want to find a place with shade, drink some water and take a break, and recall the life of the previous currency circle by the way. Although I don’t have a lot of money, I still pay attention to these projects FreeMint, but who would have thought that there are scams in Freemint now, which makes us how to live with leeks.

Montana Wong, the co-founder of the Web3 creator application tool Spprise, exposed a Freemint scam discussion on his Twitter platform. The following content is translated by Pro, a trending friend.

Degen meta is a new trend in the current NFT field. The team started the project in the form of FreeMint and provided little or no roadmap. This trend has been popularized by projects like goblintown. This form of FreeMint is a good way of publicity in the bear market. At least there is no big financial risk, and it may make everyone a small profit. (Small leek language: FreeMint earned 15U yesterday, if you want to know more, add group management V:)

Scammers really take advantage of this. They no longer create fake projects to defraud you of ETH, but create a FOMO atmosphere to induce you to participate in the free degenMint project, trick you into granting them permissions, and then transfer NFT in your wallet. Often they start by using a legitimate service like Premint to create a sweepstakes for their pre-sale list. Premint doesn't vet all projects that use their service, but many people don't know this and think they have "Premint's endorsement".

To make matters worse, Premint has a feature that allows sweepstakes creators to impose certain requirements, such as having to hold a Moonbirds NFT in order to have access to the event. This can create a fake lottery that pretends to be officially recognized without the consent of the original project party. During the whitelist pre-sale, you and wallets that may still hold high-value NFTs participate in the minting, because they are needed to participate in the lottery.

This is why your NFT was stolen? Let's see how this works.

Today, a new version of this scam has emerged, "aLLtHiNg bEgiNs," which resulted in the theft of several high-value Moonbirds NFTs. If you go to their website, it's a typical garbage FreeMint project, with a link wallet and a mint button.

But once you dig into the project, you will find this, a large amount of code of this project website is directly copied from the goblintown website.

Second, if you continue to review his code, you will find a file signupxx44777.js, which is where the vulnerability lies.

What this file does is that once you connect the wallet, this code starts running and literally just says "drainNFTs", but its real purpose is:

1. Browse the contents of your wallet address;
2. Use OpenSea's API to determine which is your most expensive NFT;
3. Identify your most expensive NFT and find its smart contract information;
4. Once you click on Mint, it will generate a transaction that interacts with the contract of your most expensive NFT. This setApprovalForAll transaction will grant the scammer permission to transfer your NFT.

So, you think you are just performing a simple FreeMint operation, but you have given all the permissions to the scammer to transfer your most expensive NFT, which is simple and rude.

To briefly summarize, the principle of this vulnerability is generally

• Create a Degen Mint project for hype, and then use some legal tools such as Premint to take advantage of high-value wallet participation;
• Create a simple JavaScript website with a virus, then scan your wallet and your collection for high-value NFTs;
• Create a fake mint button, which will not actually generate transactions, but will authorize all permissions, so that scammers can transfer your NFT;
• Use the same code to create different "projects" on a large scale.

Many of these scams are done by the same person, so we must pay attention to safety at ordinary times. If you think you have been affected by these scams yourself, you can revoke access to all NFTs of your value via revoke.cash and transfer to your hardware wallet as soon as possible.

It is worth noting that in the comment area of this tweet, it is indeed found that many people have their assets stolen by this scam. At the same time, there is another scam that is circulating online, also in the form of Freemint, and then steals all your money. The current scams are almost impossible to guard against. You can read the article we wrote before, which introduces 17 kinds of scams and tells us how to prevent them. Click on the link address on the right to view:

In the article, we not only introduced related auditing and security tools, but also introduced the main track of the blockchain industry. We maintain this link for a long time, that is to say, you can learn new ones every time you open it. Knowledge.

Due to limited space, I won’t take screenshots one by one later, if you want, you can click the link on the right to view: https://bit.ly/3OZgkyw

The above views represent the views of the author only, not the views of the platform. Investment is risky, please invest carefully!