If you go to their website, it looks like a typical low effort degen mint with a connect wallet and mint button.
However, this website is anything but typical once you look under the hood
Conversation
First thing you notice is that they blatantly copy and pasted a ton of code from 's website. Instant red flag
2
16
197
Secondly if you look at the JavaScript on the page, there is a file called signupxx44777.js
This is where the exploit lies
8
37
251
Once you connect your wallet, this code is now actively processing in your browser.
Literally code that says "drain NFTs" in it. 😐
What it does is:
3
28
260
1. Scan through your addresses's contents
2. Use 's API to determine the your most expensive NFT
3. Identifies your most expensive NFT and finds the smart contract info for it
2
17
206
4. Once you hit "mint", it generates a transaction that interacts with the contract of your most expensive NFT.
This tx grants the scammers access to transfer out your NFT. This is called the setApprovalForAll tx
More on it here:
Quote Tweet
Here's what it looks like when you're asked to setApprovalForAll on Metamask. If you ever see this function in your Metamask popup, TRIPLE CHECK that you actually want to do this. If you're not interacting with a trusted marketplace then you almost certainly don't want to do this
Show this thread
10
55
292
So while you think you just executed a typical free mint transaction, instead, you actually granted permission for your super expensive NFT to be transferred out of your wallet by a scammer.
Brutal.
5
20
214
To summarize, the exploit works as follows:
1. Create hype around a free degen mint project, use legit tools like to get high value wallets to participate
2. Create a website with malicious JavaScript that analyzes your wallet to your highest value NFTs
3
41
240
3. Fake mint button that rather then actually generating a mint transaction, creates a malicious one that grants access for a scammer to transfer out your NFT
4. Repeat steps 1-3 with the same code but under a different "project"
1
16
179
I wouldn't be surprised if many of these scams are done by the same people.
Stay safe out there frens.
3
10
199
If you think you've been impacted by one of these scams, make sure to revoke access to all of your high value NFTs through revoke.cash or transfer them out ASAP to a hardware wallet.
Replying to
If you found this thread helpful, feel free to share and retweet the original tweet!
Quote Tweet
A new NFT wallet draining exploit is taking shape that uses a mixture of social engineering and takes advantages of the "degen meta"
Let's break it down
Show this thread
20
44
383
Also check out my wallet security thread for tips on preventing this from happening to you in the future
Quote Tweet
After seeing millions of dollars of NFTs lost due to scams in the past month alone, I've put together an easy-to-setup, personal wallet security framework that can help keep you safe in your web3 explorations
TLDR in 
below
mirror.xyz/montanawong.et
below
mirror.xyz/montanawong.etShow this thread
18
34
230
What do we want to look for when we connect to revoke?
1
3
Also check the zero balance tab on revoke cash and revoke it for them. Otherwise if it get transferred back in they could steal it again.
3
Would you think it’s good practice to once in awhile use this to revoke access? Just to be safe
1
Is this normal and we pay a gas fee to revoke? Not sure how this works.
2
2
Would a hardware wallet prevent you from falling into this? I thought you still faced the risk of signing stuff that granted access to the wallet
1
1
3
Unlimited allowance to OpenSea (old) is dangerous ?
3