As the popularity of the inscription concept has reached an unprecedented peak, the price of some top inscriptions has increased by tens of thousands of times. In this context, some people have begun to use the complexity and novelty of inscriptions to carry out various frauds, and this phenomenon is becoming increasingly rampant. This not only poses a serious threat to the asset security of users, but also has an adverse impact on the healthy development of the entire inscription ecosystem.

To address this issue, we have compiled three typical inscription security cases, including scam project risks, accidental transfer and burn risks, and centralized tool risks, as well as the corresponding preventive measures that users can take in these scenarios.

Scam project risks:

Currently, identifying projects mainly relies on the project name specified in the deploy operation and identified in the indexer by a unique ID. However, for ordinary users, they can usually only remember the name of the project and trade based on it. This trading method that relies only on the name is risky because there are a large number of similar but different strings in ASCII code, which provides opportunities for visual fraud. Malicious parties can use these similar but different strings to deceive users into thinking that they are trading with a well-known project and issue a large number of tokens of similar projects.

This type of fraud usually occurs during the project's minting process. Malicious parties will guide users to pay fees to obtain tokens or other virtual assets, but in fact these tokens may have no real value. This fraud not only harms the interests of users, but may also lead to instability in the entire ecosystem.

For example, suppose there is a fake project called "rats" that is very similar to the real project "rats" because they use similar ASCII codes. If users do not carefully identify this name (note the "t" in "rats"), they may mistakenly believe that they have purchased the real "rats" token and suffer financial losses.

图片

In addition to fake inscription projects, some fraudulent inscriptions will even trick users into paying additional funds during the minting process.

Take an actual case as an example. When a user casts the inscription "bitmap", the fraudulent website will additionally ask the user to pay to a specified address. If the user does not notice the unusualness of the payment amount, he may suffer huge losses.

图片

💡Countermeasures: Use inscription casting channels with caution

Currently, inscriptions are minted in a variety of ways, including:

  1. The project's own distribution website

  2. Auxiliary tools included with the wallet, such as Unisat, etc.

  3. Auxiliary tools provided by third parties

This diversity can easily confuse users and make it difficult to discern which channel is correct and safe, which may lead to falling into the trap of fraudulent inscription projects. It is recommended that users use wallets and the official issuance website of the project party to mint inscriptions more often. Before minting inscriptions, be sure to confirm the correctness of the website and carefully check the required minting amount. For large-scale batch minting, it is recommended to use the auxiliary tools provided by the wallet to further improve the security of funds.

Risk of accidental transfer and burning

Mistransfer refers to the situation where the carrier of the inscription is mistaken for ordinary Bitcoin for transfer. Traditional BTC wallets usually do not consider the added value of the inscription and only display the value of the locked Satoshi in the UTXO (unspent transaction output) model. Some users may perform traditional transfer operations without fully understanding the inscription, causing the wallet to mistake the inscription for ordinary Bitcoin assets and send it to the wrong address along with other UTXOs, causing irreversible losses.

Accidental burning refers to the destruction or deletion of inscriptions as worthless or insignificant information. Since inscriptions do not directly affect the ownership or value of Bitcoin in the split model, some users may mistakenly believe that these Bitcoin paper assets with inscriptions are of low value, unimportant or invalid, and choose to merge them with other UTXOs. This may result in the permanent loss of important information or assets associated with the inscriptions.

For example, as shown in the figure, because the wallet did not correctly identify the inscription, in the BTC transaction that should have protected the inscription, it was mistakenly regarded as garbage and transferred out, resulting in losses.

图片

💡 Countermeasures: Use dedicated inscription addresses and wallets

In order to reduce the risk of misoperation, users are advised to use a dedicated inscription address and wallet in the split model to prevent the mistaken transfer or burning of high-value inscription assets. This practice helps ensure the security of inscription assets and distinguishes them from ordinary Bitcoin transaction addresses to avoid confusion. By isolating inscription transactions from other transactions, users can better manage and control inscription assets.

Centralized tool risks

Although the inscription ecosystem is constantly developing, the vast majority of users still rely on auxiliary tools to participate in the minting and trading of the inscription ecosystem. However, these auxiliary tools may have some defects in terms of security, because most of them focus on functional implementation and ignore security considerations. For example, some tools may require users to import private keys for proxy signing, or to entrust assets to the platform for trading, which will expose the user's private key and make it possible for centralized tools to master all the user's assets, thereby increasing the risk, similar to the situation where some wallet companies declared bankruptcy after stealing user assets.

For example, the following is an example of a proxy signing tool that directly steals assets from the user's wallet by obtaining the user's private key.

图片

💡 Countermeasures: Choose a reliable inscription auxiliary tool

In order to improve the security of inscription assets, users should choose well-known inscription exploration and market platforms for transactions and operations.

For example:

  1. Geniidata: https://geniidata.com/Ordinals/index/brc20

  2. Ordiscan:https://ordiscan.com/

  3. Etch Market:https://www.etch.market/market

These widely recognized inscription platforms provide a safe trading environment and reliable inscription information. The minting, trading and other operations of inscriptions on these well-known platforms can increase the safety of users. In addition, users should always be vigilant and not trust the inscription minting and trading services provided by unknown websites. Before performing any operations, the reputation and security of the website should be carefully studied and confirmed. At the same time, users should also ensure that they will not disclose private keys or other sensitive information to any untrusted third party to avoid becoming victims of phishing or theft.

Summarize

By deeply understanding Inscription’s fraud risks, mistransfer and misburn risks, as well as the potential threats of centralized tools, we can see that although the Inscription ecology is full of potential and opportunities, it is also accompanied by some risks and challenges. Users must exercise a high degree of vigilance and caution when handling inscribed assets. Taking precautions, such as choosing official channels to cast Inscription, using dedicated Inscription addresses and wallets, and choosing trustworthy Inscription auxiliary tools, can significantly reduce risks and protect users' asset security. Most importantly, security should always be a top priority in the world of digital assets.