 
 Original Title: "Essential Security Inscriptions Handbook for Beginners"
Original Source: GoPlus Security
With ORDI prices breaking historical highs and a market value exceeding $1 billion, with the highest increase of tens of thousands of times, the Bitcoin ecosystem and various BRC20 inscriptions have entered a frenzy bull market. User security leader GoPlus has discovered various scams using inscriptions are beginning to emerge. We have compiled four typical inscriptions attack cases (phishing websites, genuine and fake inscriptions, Mint information, and dangerous Mint information fraud) and corresponding response plans. Please be cautious when trading to avoid financial losses.
Case: A fraud group created a website (unisats.io) that is extremely similar to the official Unisat wallet platform, and induced users to visit it by purchasing Google search keywords. This caused many users to mistakenly transfer their assets to the phishing website, resulting in losses of Ethereum and Bitcoin.

How to deal with:
1. Before accessing any platform, be sure to confirm the link through official Twitter or community channels to avoid accessing fake websites.
2. It is recommended to use some security detection browser plugins such as Scamsniffer to detect website security.
Case: On the inscription trading platform, users face the challenge of distinguishing between genuine and fake inscriptions. These platforms often display multiple inscriptions with the same name, making it difficult for users to distinguish their specific protocols. Scammers take advantage of this by adding invalid fields to forge inscriptions. This type of problem also exists in the NFT market, where fraudsters create fake NFTs by engraving the same image, with only a difference in the serial number to distinguish between genuine and fake ones.
For example, on https://evm.ink/tokens, the DOGI inscriptions may appear to be identical, but in reality they are very different.

Because the platform only captures specific fields for display on the front end, scammers can use the following methods to forge inscriptions.

NFT inscriptions also have related issues. In the early market, it was common to have NFTs with the same meta-properties but different ordinal numbers. Taking BTC inscription NFT as an example, a Collection series will only contain NFTs with specific ordinal numbers. If it is not in this ordinal number set, it does not belong to the series. Therefore, scammers often forge a certain NFT from the same series to deceive transactions. For users, it is difficult to distinguish whether the ordinal number belongs to the series.

How to deal with:
1. It is recommended to choose some mature trading platforms for the transaction of inscriptions. They will do better in terms of security experience and can distinguish true and false inscriptions well on the front end.
2. Before conducting any transactions, confirm and compare multiple times whether the format and agreement of the inscription you want to trade are the same (in the fourth type of inscription trap, we will explain how to view the inscription data on the blockchain browser and compare it).
Case: On some public chains, fraud teams use users' FOMO psychology for new inscriptions to construct fraudulent Mint contracts. These contracts induce users to interact, causing users to mistakenly believe that they have obtained inscriptions. However, in reality, users receive worthless NFTs and pay high purchase taxes during the interaction process. In a case on the Sui chain, users actually received fake NFTs and paid SUI tokens to scammers while engraving what appeared to be a legitimate inscription, and in a short period of time, scammers collected more than 5000 SUI tokens.

How to deal with:
1. Before participating in any Mint activity, be sure to thoroughly research and verify the legality of the contract.
2. Participate in unverified Mint projects, paying special attention to whether the contract has set unreasonable fee structures.
3. Carefully analyze the transaction information that has already been completed in the corresponding blockchain browser to see if there are any potential security risks.
Case: GoPlus observed that dangerous Mint information was circulating in the user community. Once this information is released, many users may be eager to operate and use the inscription script tool to copy and paste private keys and transaction information for batch operations. These operations may result in asset theft. Scammers induce users to engrave by constructing special JSON fields and encoding them as hex, and as a result, users' assets may be transferred. In addition, they may set up deceptive Mint contracts that give users worthless fake inscription tokens after paying high gas fees.
Take this chart as an example: The Mint of general token inscription is usually self-rotated by address, and a Json content of token protocol is added to the Input data to achieve the process of inscription. Many users will use the wallet's built-in custom Hex to escape the Json content of the token protocol and input it as hexadecimal when operating. For users, they usually directly paste the hexadecimal string in the message source, but this string is likely to be a malicious string that is escaped from other Json formats.

How to deal with:
1. For any Mint information posted in the community, thorough verification must be conducted. Avoid using unverified script tools directly, especially when dealing with private keys and critical transaction information.
2. Always obtain information from reliable sources.
3. You can search for successful transactions in the blockchain browser and check whether the hexadecimal of the transaction matches the message content.
Using the inscription of Ton as an example, first check the addresses with high positions in the holding ranking (representing early participants and large holders), https://tonano.io/ton20/ton.

Click on one of the addresses, copy and paste it, and go to the https://tonscan.org/address browser interface to view the relevant inscription transaction information for that address.


Welcome to join the official BlockBeats community:
Telegram Subscription Group: https://t.me/theblockbeats
Telegram Discussion Group: https://t.me/BlockBeats_App
Official Twitter Account: https://twitter.com/BlockBeatsAsia