Essential Safety Guide for Beginners in Inscription Trading

As the price of ORDI tokens reaches historic highs, surpassing a market value of 1 billion USD with a maximum increase of tens of thousands of times, the Bitcoin ecosystem and BRC20 inscriptions enter a bullish frenzy. The user security leader, GoPlus, has identified various scams exploiting inscriptions and organized four typical attack cases (phishing websites, genuine and counterfeit inscriptions, Mint information, and dangerous Mint information scams) along with corresponding countermeasures to prevent financial loss during transactions.

Type 1: Phishing Websites

Case: Scammers created a website (unisats.io) remarkably similar to the official Unisat wallet platform and lured users through purchased Google search keywords. Many users mistakenly transferred assets to this phishing site, losing Ethereum and Bitcoin.

Countermeasures:

1. Before accessing any platform, be sure to confirm the link through official Twitter or community channels to avoid accessing fake websites.

2. It is recommended to use some security detection browser plugins such as Scamsniffer to detect website security.

Type 2: True and False Inscriptions

Case: On the inscription trading platform, users face the challenge of distinguishing between genuine and fake inscriptions. These platforms often display multiple inscriptions with the same name, making it difficult for users to distinguish their specific protocols. Scammers take advantage of this by adding invalid fields to forge inscriptions. This type of problem also exists in the NFT market, where fraudsters create fake NFTs by engraving the same image, with only a difference in the serial number to distinguish between genuine and fake ones.

For example, on https://evm.ink/tokens, the DOGI inscriptions may appear to be identical, but in reality they are very different.

Because the platform only captures specific fields for display on the front end, scammers can use the following methods to forge inscriptions.

NFT inscriptions also have related issues. In the early market, it was common to have NFTs with the same meta-properties but different ordinal numbers. Taking BTC inscription NFT as an example, a Collection series will only contain NFTs with specific ordinal numbers. If it is not in this ordinal number set, it does not belong to the series. Therefore, scammers often forge a certain NFT from the same series to deceive transactions. For users, it is difficult to distinguish whether the ordinal number belongs to the series.

Countermeasures:

1. Opt for mature trading platforms that better differentiate between genuine and counterfeit inscriptions.

2. Before trading, repeatedly confirm and compare to ensure the inscription’s format and protocol match your intended transaction. (Explained in Type 4 on how to verify inscription data using blockchain explorers).

Type 3: Mint Traps

Case: On some public chains, fraud teams use users’ FOMO psychology for new inscriptions to construct fraudulent Mint contracts. These contracts induce users to interact, causing users to mistakenly believe that they have obtained inscriptions. However, in reality, users receive worthless NFTs and pay high purchase taxes during the interaction process. In a case on the Sui chain, users actually received fake NFTs and paid SUI tokens to scammers while engraving what appeared to be a legitimate inscription, and in a short period of time, scammers collected more than 5000 SUI tokens.

Countermeasures:

1. Before participating in any Mint activity, be sure to thoroughly research and verify the legality of the contract.

2. Participate in unverified Mint projects, paying special attention to whether the contract has set unreasonable fee structures.

3. Carefully analyze the transaction information that has already been completed in the corresponding blockchain browser to see if there are any potential security risks.

Type 4: Dangerous Mint Information Scams

Case: GoPlus observed that dangerous Mint information was circulating in the user community. Once this information is released, many users may be eager to operate and use the inscription script tool to copy and paste private keys and transaction information for batch operations. These operations may result in asset theft. Scammers induce users to engrave by constructing special JSON fields and encoding them as hex, and as a result, users’ assets may be transferred. In addition, they may set up deceptive Mint contracts that give users worthless fake inscription tokens after paying high gas fees.

Take this chart as an example: The Mint of general token inscription is usually self-rotated by address, and a Json content of token protocol is added to the Input data to achieve the process of inscription. Many users will use the wallet’s built-in custom Hex to escape the Json content of the token protocol and input it as hexadecimal when operating. For users, they usually directly paste the hexadecimal string in the message source, but this string is likely to be a malicious string that is escaped from other Json formats.

Countermeasures:

1. For any Mint information posted in the community, thorough verification must be conducted. Avoid using unverified script tools directly, especially when dealing with private keys and critical transaction information.

2. Always obtain information from reliable sources.

3. You can search for successful transactions in the blockchain browser and check whether the hexadecimal of the transaction matches the message content.

Using the inscription of Ton as an example, first check the addresses with high positions in the holding ranking (representing early participants and large holders), https://tonano.io/ton20/ton.

Click on one of the addresses, copy and paste it, and go to the https://tonscan.org/address browser interface to view the relevant inscription transaction information for that address.

Check if the inscription transaction data matches the 「Message」 content

Disclaimer：

1. This article is reprinted from [GoPlus Security]. All copyrights belong to the original author [GoPlus Security]. If there are objections to this reprint, please contact the Gate Learn team, and they will handle it promptly.
2. Liability Disclaimer: The views and opinions expressed in this article are solely those of the author and do not constitute any investment advice.
3. Translations of the article into other languages are done by the Gate Learn team. Unless mentioned, copying, distributing, or plagiarizing the translated articles is prohibited.