As the price of ORDI breaks through the all-time high, with a market value of over 1 billion US dollars and a maximum increase of tens of thousands of times, the Bitcoin ecosystem and BRC20 various inscriptions have entered a feverish bull market. GoPlus, the leader in user security, has discovered that various scams using inscriptions have begun to flourish. Four special inscriptions have been compiled. Typical attack cases of various inscriptions (phishing websites, true and false inscriptions, Mint information, dangerous Mint information fraud) and countermeasures. Users are advised to pay attention when trading to avoid property losses.
The first type: phishing website
Case: The fraud gang created a website (unisats.io) that was very similar to the official Unisat wallet platform, and induced users to visit it by purchasing Google search keywords. This resulted in many users mistakenly transferring their assets to phishing websites and losing Ethereum and Bitcoin.
how to respond:
1. Before accessing any platform, be sure to confirm the link through official Twitter or social channels to avoid visiting fake websites
2. It is recommended to use some security detection browser plug-ins such as Scamsniffer to check website security.
The second type: true and false inscriptions
Case: On the inscription trading platform, users are faced with the challenge of identifying true and false inscriptions. These platforms often display multiple inscriptions with the same name, making it difficult for users to distinguish their specific protocols. Scammers take advantage of this and fake inscriptions by adding invalid fields. This type of problem also exists in the NFT market, where scammers create fake NFTs by engraving the same image, and the authenticity only differs in the ordinal number.
For example, on https://evm.ink/tokens, the DOGI inscriptions appear to be exactly the same, but they are actually quite different.
Because the platform only captures specific fields and displays them in the front section, scammers can use the following techniques to forge inscriptions
NFT inscriptions also have related problems. In the early market, there were often situations where the NFT meta-attributes were the same but the ordinal numbers were different. Taking the BTC inscription NFT as an example, a Collection series will only contain NFTs with a specific ordinal number. If they are not in this ordinal collection, It doesn't belong to this series. Therefore, scammers often forge a certain NFT of the same series to defraud transactions. It is difficult for users to distinguish whether the ordinal number belongs to the series.
how to respond:
1. It is recommended to choose some mature trading platforms for inscription trading. They will provide a better security experience and can distinguish true and false inscriptions on the front end.
2. Before making a transaction, confirm and compare multiple times to see if it is the same as the inscription format and protocol you want to trade (we will explain how to view the inscription data from the blockchain browser for comparison in the fourth inscription trap)
Type 3: Mint Trap
Case: On some public chains, fraud teams took advantage of users’ FOMO psychology towards new inscriptions to construct fraudulent Mint contracts. These contracts induce users to interact, causing users to mistakenly believe that they have obtained inscriptions. However, users actually receive a worthless NFT and pay a hefty purchase tax during the interaction. In one case on the Sui chain, a user actually obtained a fake NFT when inscribing a seemingly legitimate inscription and paid SUI tokens to the scammer, who collected more than 5,000 SUI in a short period of time.
how to respond:
1.Be sure to thoroughly research and verify the legality of the contract before participating in any Mint activity.
2. Participate in unverified Mint projects, pay special attention to whether there is an unreasonable fee structure set in the contract.
3. In the corresponding blockchain browser, carefully analyze the transaction information that has been completed to see if there are potential security traps.
Type 4: Dangerous Mint Information Scam
Case: GoPlus observed dangerous Mint information circulating among the user community. Once this information is released, many users will be eager to operate and use the inscription script tool to copy and paste the private key and transaction information for batch operations. These actions may result in the theft of assets. The fraud gang induces users to perform engraving operations by constructing special JSON fields and encoding them as hex. As a result, the user's assets may be transferred. Additionally, they may set up decoy Mint contracts so that users receive worthless fake Inscription tokens after high gas fees.
Take this picture as an example: Mint for general token inscriptions is based on address rotation, and a string of Json content of the token protocol is added to the input data to implement the inscription process. When operating, many users will use the custom Hex that comes with the wallet to escape the Json content of the token protocol and input it into hexadecimal. For users, they usually paste the hexadecimal string in the message source directly, but this string is likely to be a malicious string that is escaped by other Json formats.
how to respond:
1. Any Mint information posted in the community must be thoroughly verified. Avoid direct use of unverified script tools, especially operations involving private keys and critical transaction information.
2. Always get information from reliable sources
3. You can search for successful transactions in the blockchain browser and check whether the hexadecimal format of the transaction is consistent with the message content.
Taking Ton's inscription as an example, first check the address with the top position (representing the large investors who participated early), https:// ton ano.io/ton 20/ton
Click on one of the addresses, copy and paste, and go to the https://tonscan.org/address browser interface to view the inscription transaction information related to the address.
The same browser query works for blockchains like Ethereum/Solana
Check the input inscription data contained in "Message" to see if it is consistent with the inscription data you entered.
