As someone who is rather fresh into the Solana NFT space, I was not up to speed with the best practice of minting new NFTs. Been aping into some mints and secondary markets, including SolWabbits, a non-derivative with a strong community and solid roadmap. Notfinancialadvise.
Anyway, I did some research on what to do, when to do it, and how to do it. Even if you are not a newbie in the Solana NFT space, this short post might be worth a read. The point of the write-up is to increase the security of your minting process and to help you protect your wallet/s and hodlings.
Here it goes.
The reasons for using a burner wallet when minting NFTs, it is partly due to privacy and largely due to security. You should avoid connecting your main wallet (or ledger) to minting platforms. Use a one-time wallet (burner) that you create for connecting and minting, then transfer your newly minted NFTs to your main wallet.
Because of the added security to your NFTs and crypto assets. Using your main wallet right, left and center makes you more vulnerable to hackers.
There have been several incidents where wallets were connected to malicious contracts and drained of funds. The most famous example was when Aurory NFT finished their minting back in August 2021. Alongside the official mint, sophisticated hackers created a phising site that mirrored the official Aurory minting site. Unknowing users would then proceed to connect to the phising site. When they did, a malicious contract was executed and drained the user's wallet of all their funds.
Using a burner wallet when minting, in that example, would have minimized the damage from the "sweep attack".
This is an extreme example. These attacks are rarer now than they were a couple of months ago. What made hackers so successful during the minting of Aurory NFT and the weeks leading up to it, was a new feature in the Phantom wallet. The feature enabled users to auto-approve transactions by default. Something that is great for experienced and diligent users as it saves time in time-sensitive situations, for example, when minting an NFT in the Solana ecosystem. However, it was less great for inexperienced and stressed users trying to cope a new NFT. As soon as a user entered the phising site and pressed "Connect", the malicious contract would execute and proceed to sweep the account - all transactions approved by default.
After the incidents, Phantom wallet made changes, other wallets introduced the same feature. But only as an optional feature, where an advanced user can go to settings and manually opt-in to having auto-approve enabled. If you are a new however, best is to not use auto-approve. In both cases, a burner wallet is recommended. Mistakes can be made, best is to limit the costs stemming from such mistakes. If someone cleans your wallet, let it be a burner wallet with a limited amount of assets.
Everything that shines ain't always gonna be gold.
Another sophisticated way of exploiting unwitting users looking to build their Solana NFT collection is to airdrop NFTs to a users' wallet. The NFT would come with an instruction to connect your wallet to a dApp to claim more rewards or be eligible for further airdrops, and what not. This sounds great. So does the "Nigerian Letter", the longest running internet scam, that til today manage to scam people out of hundreds of thousands of euro/dollar every year. In the case of NFT scams, a user would then proceed to connect their wallet to the dApp per instructions, and in the worse case scenario get their wallet cleaned out. In these cases, 99% of the time it is a scam. In the 1% of cases when it is not a scam, use a burner wallet to connect.
The reason why these scams work is because they play on people's greed. In both an NFT scam and the Nigerian Letter, victims are promised that they will make a financial profit without much effort.
A thing scams have in common s that they are unexpected, and the source is unknown. A random NFT being airdropped into your wallet, promising riches, is too good of a story to be true. Be smart and vigilant. And if, for some reason, you just have to connect your wallet, because it seems legit or whatnot - use a burner wallet.
Random airdrops with no strings attached is another thing. It happens often that assets pop up in your main wallet. Yesterday, for example, I received a 1,000 Solana Inu airdrop because I classify as one of the X top hodlers of $SAMO. In this case, I can let the airdrop sit in my wallet in all eternity, or wait for a DEX to allow trading, or simply send them to a new or old burner wallet address - then forget about it. The same goes for NFT. You need to be vigilant and smart when strings are attached to it, and you are asked to do something. Like the wise man Kid Cudi once sang, "Everything that shines ain't always gonna be gold."
There are other types of scams and phising attempts running around out there. Just be vigilant and never leave out any password or seed phrases. Sticking to this security check list will go a long way.
There are probably more things to add to this list. But this security checklist will cover your ass in most cases. Stay smart. DM me on Twitter if you have any suggestions to add to this list.
To top things off, here is a list of potentially undervalued Solana NFT projects.
Any other projects that recently launched or is about to launch that you believe is a potential gem? DM me on Twitter, no derivatives, please.
