How to reverse a malicious Seaport Signature.
The transaction where it all happened
Take a careful look at the Etherscan record of the transaction that drained Rose’s wallet. https://etherscan.io/tx/0x4ae899024f8bfcb3448364dc603db2e6ed4eab7b3a8649176230d7e33e644d44
Step One: Go to the contract
First, you will need to go to the OpenSea Seaport contract on Etherscan/Polygonscan. Click the link to have it open.
Then, click «Connect to Web3» — you’ll find it on the bottom left side of the page.
Step Two: Scroll Down
Then, scroll down to «Increment Counter,» then click «Write,» and sign the signature.
What happens now?
This means that by implementing the new contract, all previous listings have been deleted, including both intended and potentially harmful ones, rendering them unable to be executed.
What are Token Allowances?
Token Allowances enable apps to access/move tokens into your wallet on your behalf.
While allowances are necessary, there are steps users can take to revoke an allowance after they’ve used a product.
Can I just disconnect my wallet?
Disconnecting your wallet from a app does NOT mean you’ve revoked allowances. The app can still execute transactions, which is unsafe.
Revoking Token Allowances
Use Revoke.Cash to revoke any unlimited allowance on Polygon, Arbitrum, or Optimism.
Step-by-step:
1. Connect Wallet to Revoke
2. Switch Chain to Polygon, Arbitrum, or Optimism
3. Click Revoke (right column)
Difficulty Intermediate
Link quest, get points and NFT: https://layer3.xyz/quests/malicious-seaport-signatures
NFT security practices
Extensions
Wallets
- Coinbase Wallet (Informative thread here)
- Rabby Wallet — Pre-sign check for Security. Supported by Rabby security engine
https://layer3.xyz/quests/nft-security
It’s important to understand the difference between cold and hot wallets. A cold wallet is offline and not connected to the internet, providing enhanced security. In contrast, a hot wallet is connected to the internet, making it more convenient for frequent transactions.
Wallet delegations, an advanced wallet security concept:
Bankless: Saving NFTs with delegate.cash
Boring Security: Wallet Delegations: Explained
https://layer3.xyz/quests/crypto-safety-part-ii-understanding-cold-and-hot-wallets