As the ORDI price breaks through a historic high, with a market capitalization of over $1 billion and a maximum increase of tens of thousands of times, the Bitcoin ecosystem and various BRC20 inscriptions have entered a frenzy bull market. GoPlus, the leader in user security, has discovered a myriad of scams that exploit inscriptions are emerging. We have compiled four typical cases of inscription attacks (phishing websites, genuine and fake inscriptions, Mint information, dangerous Mint information fraud) and their corresponding countermeasures. Please pay attention when conducting transactions to avoid financial losses.

First Type: Phishing websites

Case: A fraud group created a website (unisats.io) that is extremely similar to the official Unisat wallet platform, and lured users to visit it by purchasing Google search keywords. This led to many users mistakenly transferring their assets to the phishing website, resulting in losses of Ethereum and Bitcoin.

Countermeasure:

1. Before accessing any platform, make sure to verify the link through official Twitter or community channels to avoid visiting fake websites.
2. It is recommended to use some secure browsing plugins like Scamsniffer to detect website security.

Second Type: Genuine or Fake Inscription

Case: On the inscription trading platform, users face the challenge of distinguishing authentic and counterfeit inscriptions. These platforms often display multiple inscriptions with the same name, making it difficult for users to differentiate their specific protocols. Scammers take advantage of this by adding invalid fields to forge inscriptions. Similar issues exist in the NFT market, where fraudsters create counterfeit NFTs by engraving identical images, with the only difference being in the serial numbers.

Example: https://evm.ink/tokens showcases that DOGI inscriptions may appear to be completely identical, but in reality, they are significantly different.

Because the platform only captures specific fields for display in the frontend, scammers can use the following methods to forge inscriptions.

NFT inscriptions also have related issues. In the early market, it is common to encounter NFTs with the same attributes but different ordinal numbers. Taking BTC inscription NFT as an example, a Collection series will only include NFTs of specific ordinal numbers. If it does not belong to that ordinal number set, it does not belong to the series. Therefore, scammers often forge a certain NFT from the same series to deceive transactions. For users, it is difficult to distinguish whether the ordinal number belongs to the series.

Countermeasure:

1. It is recommended to choose mature trading platforms for inscription trading, as they provide better security and can effectively distinguish between genuine and fake inscriptions on the frontend.
2. Before conducting a transaction, it is important to confirm and compare multiple times whether the inscription format and protocol match the desired trade (in the fourth type of inscription trap, it will be explained how to view inscription data on a blockchain explorer for comparison).

Third Type: Mint Trap

Case: On some public chains, fraud teams take advantage of users’ fear of missing out (FOMO) psychology towards new inscriptions and create fraudulent Mint contracts. These contracts induce users to interact, leading them to mistakenly believe that they have obtained inscriptions. However, in reality, users receive NFTs with no value and end up paying high purchase taxes during the interaction process. In a case on the Sui chain, a user engraved what seemed to be a legitimate inscription but actually received a fake NFT and paid SUI tokens to the fraudster. Within a short period, the fraudster collected over 5000 SUI tokens.

如何应对：

1. Before participating in any Mint activities, it is essential to thoroughly research and verify the legality of the contract.
2. When participating in unverified Mint projects, pay special attention to whether the contract has an unreasonable fee structure.
3. Analyze the transaction information of completed transactions carefully in the corresponding blockchain explorer to identify potential security pitfalls.

Fourth Type: Dangerous Mint Information Scam

Case: GoPlus has observed the circulation of dangerous Mint information in the user community. Once these information are published, many users will be eager to use the inscription script tool to copy and paste private keys and transaction information for batch operations. These operations may result in asset theft. Fraudulent groups induce users to perform inscription operations by constructing special JSON fields and encoding them as hex, potentially resulting in the transfer of users’ assets. Additionally, they may set up deceptive Mint contracts, causing users to receive worthless fake inscription tokens after incurring high gas fees.

Using this image as an example: Minting of general token-based inscriptions is usually done by self-rotation of the address, and a string of JSON content for the token protocol is added in the Input data to achieve the inscribing process. Many users, when performing operations, use the wallet’s built-in custom Hex to escape the JSON content of the token protocol and input it as hexadecimal. For users, they typically directly paste the hexadecimal string from the message source, but this string is likely to be a malicious string that is escaped from another JSON format.

Countermeasure:

1. For any Mint information posted in the community, thorough verification must be conducted. Avoid using unverified script tools directly, especially when it involves operations with private keys and critical transaction information.
2. Always obtain information from reliable sources.
3. You can search for successful transactions in the blockchain explorer and check if the hexadecimal matches the message content.

Using Ton’s inscription as an example, start by examining the addresses with high-ranking holdings (representing early participants) at https://tonano.io/ton20/ton.

Click on one of the addresses, copy and paste it into the browser interface at https://tonscan.org/address, and check the relevant transaction information for that address.

The same browser query applies to blockchains such as Ethereum/Solana.

Check the input inscription data contained in the “Message” package to see if it matches the inscription data entered by yourself.

Thank you for your interest in the GoPlus security series articles. In this rapidly changing cryptocurrency world, security is one of the most important considerations. GoPlus is committed to continuously monitoring industry trends and providing comprehensive protection for your digital assets. By following us, you can stay up to date with the latest security updates, alerts, and best practices to help you navigate this area of opportunities and challenges safely.。

About GoPlus Security

GoPlus is the first customer security data service provider, supporting the risk-detecting engine with a maximum of 30m+ calls each day. GoPlus has the first open sourced asset contract risk classification standard and the largest contract attack sample library of the world, and has become the token and NFT security monitoring service with the highest detection accuracy and strongest service ability in the web3 world. GoPlus has been offer sustainable user security data service to 200+partners including CoinmarketCap、Coingecko、Dextool、DexScreener、Ave、Opera Crypto browser、Safepal, Bitgit Wallet, Token Pocket, MetaMask Snaps and others.

Disclaimer：

1. This article is reprinted from [medium]. All copyrights belong to the original author [GoPlus Security]. If there are objections to this reprint, please contact the Gate Learn team, and they will handle it promptly.
2. Liability Disclaimer: The views and opinions expressed in this article are solely those of the author and do not constitute any investment advice.
3. Translations of the article into other languages are done by the Gate Learn team. Unless mentioned, copying, distributing, or plagiarizing the translated articles is prohibited.