Beginner's Essential Safety Engraving Manual

Original Author: GoPlus Security

As the price of ORDI breaks historical highs, with a market capitalization exceeding $1 billion and increases of tens of thousands of times, various inscriptions in the Bitcoin ecosystem and BRC20 have entered a frenzied bull market. User security leader GoPlus has discovered a proliferation of scams utilizing inscriptions, and has compiled four typical attack cases (phishing websites, fake and real inscriptions, Mint information, and dangerous Mint information scams) along with countermeasures. Users are advised to be cautious during transactions to avoid financial losses.

First: Phishing Websites

Case: A scam group created a website that closely resembles the official Unisat wallet platform (unisats.io) and lured users to visit by purchasing Google search keywords. This led many users to mistakenly transfer assets to the phishing site, resulting in losses of Ethereum and Bitcoin.

How to Respond:

1. Before visiting any platform, be sure to confirm links through official Twitter or community channels to avoid accessing counterfeit websites.

2. It is recommended to use security detection browser plugins like Scamsniffer to check website safety.

Second: Fake and Real Inscriptions

Case: On inscription trading platforms, users face the challenge of distinguishing between real and fake inscriptions. These platforms often display multiple inscriptions with the same name, making it difficult for users to identify their specific protocols. Scammers exploit this by adding invalid fields to forge inscriptions. This issue also exists in the NFT market, where scammers create fake NFTs by inscribing the same image, with the only difference being the ordinal number.

For example, on https://evm.ink/tokens, the DOGI inscriptions appear identical, but are fundamentally different.

Because the platform only captures specific fields for display, scammers can use the following methods to forge inscriptions.

NFT inscriptions also face related issues. In the early market, NFTs often had the same attributes but different ordinal numbers. For example, in BTC inscription NFTs, a Collection series will only contain NFTs with specific ordinal numbers. If an NFT is not within this ordinal set, it does not belong to that series. Therefore, scammers often forge an NFT from the same series to deceive transactions, making it difficult for users to discern whether the ordinal belongs to that series.

How to Respond:

1. It is advisable to choose some mature trading platforms for inscription trading, as they will provide a better security experience and can effectively distinguish between real and fake inscriptions on the front end.

2. Before conducting transactions, confirm and compare multiple times whether the inscription format and protocol match what you intend to trade (this will be explained in the fourth inscription trap regarding how to view inscription data from blockchain explorers for comparison).

Third: Mint Traps

Case: On some public chains, scam teams exploit users' FOMO (Fear of Missing Out) regarding new inscriptions to construct fraudulent Mint contracts. These contracts entice users to interact, leading them to mistakenly believe they have obtained an inscription. However, in reality, users receive worthless NFTs and pay high purchase taxes during the interaction. In a case on the Sui chain, a user received a fake NFT while inscribing what appeared to be a legitimate inscription, paying SUI tokens to the scammers, who quickly collected over 5,000 SUI.

How to Respond:

1. Before participating in any Mint activity, thoroughly research and verify the legitimacy of the contract.

2. Be particularly cautious of unreasonable fee structures in unverified Mint projects.

3. Carefully analyze completed transaction information in the corresponding blockchain explorer to identify potential security traps.

Fourth: Dangerous Mint Information Scams

Case: GoPlus has observed that dangerous Mint information is circulating in user communities. Once this information is released, many users rush to act, using inscription script tools to copy and paste private keys and transaction information for batch operations. These actions may lead to asset theft. Scammers induce users to perform inscription operations by constructing special JSON fields and encoding them as hex, resulting in the potential transfer of users' assets. Additionally, they may set up deceptive Mint contracts, causing users to receive worthless fake inscription tokens after incurring high gas fees.

For example, the Mint process for general token inscriptions typically involves self-transferring the address and adding a string of token protocol JSON content in the Input data to achieve the inscription. Many users, when operating, will use their wallet's built-in custom Hex to escape the token protocol's JSON content into hexadecimal input. Users often directly paste the hexadecimal string from the source message, but this string may be a malicious string escaped from another JSON format.

How to Respond:

1. Any Mint information published in the community must be thoroughly verified. Avoid directly using unverified script tools, especially for operations involving private keys and critical transaction information.

2. Always obtain information from reliable sources.

3. You can look for successfully completed transactions in the blockchain explorer to check if the transaction's hexadecimal matches the message content.

Taking Ton inscriptions as an example, first check the top-ranked addresses (representing early participants) at https://tonano.io/ton20/ton.

Click on one of the addresses, copy and paste it into https://tonscan.org/address to view the relevant inscription transaction information for that address.

The same browser query applies to Ethereum/Solana and other blockchains.

Check the "Message" for the input inscription data to see if it matches the inscription data you entered.