How To Protect Your Solana Wallet From Scam NFTs And Tokens

Scammers Take Advantage Of Solana's Cheap Fees

Solana NFTs and tokens are cheap to create - so cheap that scammers can afford to send thousands of malware NFTs and tokens for little cost with the hope of draining accounts of innocent Solana users. In this post we will cover the basics of common Solana NFT and token malware, how you can protect your Solana wallet, and how you can use Avana Wallet burn the malicious Solana NFTs and tokens to recover free Solana SOL.

“Solana NFTs are so disruptively cheap there’s spam ones. Don’t fall for em”

- @Austin_Federa, Head of Communications at @Solana Foundation. July 7, 2022

"

Over the past year there has been a noticeable rise of scam NFTs and tokens targeting Solana accounts. You might have noticed strange NFTs that magically appeared in your wallet. Most of the time this is no accident - scammers are either trying to compromise your Solana wallet or advertise some unwanted item.

Keep Your Solana Wallet Safe

Always exercise extreme caution when inspecting scam NFTs and tokens - clicking on a link or visiting the advertised website could end up infecting your device and draining your Solana wallet. Scammers often setup bogus websites that appear to be authentic with the intention of luring visitors and infecting their devices with malware. Once your device is infected the scammers can drain your Solana wallet and access all information on the device.

Contrary to popular believe, devices can get infected by malware without downloading and running files. Simply visiting a malware website can infect your device (read more here about tools you can use to protect your Solana wallet). Most scam sites use malicious JavaScript to gain access to your device.

As a general rule, you should try to get rid of scam NFTs and tokens as soon as possible so you do not mistakenly click on their links. Avana Wallet enables you to “delete” (also known as “burn”) scam NFTs with just a few clicks. As a cool bonus, you are able to claim ~0.02 free Solana SOL when you delete the scam NFTs. Scammers have to pay a small deposit to create the scam Solana NFT for your account. When you delete the NFT you can reclaim this deposit for yourself.

Deleting Solana NFTs is a simple process with Avana Wallet. When you delete a scam NFT, you instruct Solana to destroy (“burn”) the NFT and close the account associated with the NFT. This action is permanent and irreversible, so the NFT is then gone forever.

Avana Wallet enables you to delete scam Solana NFTs with just a few clicks. The NFT is permanently erased from your Solana wallet.

Avana Wallet warns users about potential risks associated with all NFT links. Users cannot click on links directly - they must copy and paste the link.

How Solana NFT & Token Scams Work

Scammers may send out 5,000 malicious Solana NFTs with the hope of infecting 1% of the recipients (~50 victims). The cost to carry out such an act is about ~$0.50 per NFT, or $2,500. The scammer is profitable once they generate more than $2,500 by draining victims wallets (about $50 per Solana wallet if 50 persons become infected). Often scammers target Solana wallets with large balances and valuable NFTs.

Scam NFTs cannot infect your device or Solana wallet by themselves. Solana wallets such as Avana Wallet do not load external code on your device. Scam NFTs typically include a website in the image or metadata, and this website is then used to load the malware. Your device is safe as long as you do not visit the website or click on links associated with the scam NFT. Avana Wallet by default does not provide active links to sites listed in NFT and token metadata in order to protect our users.

Other scam sites may ask you to connect your Solana wallet to claim a free NFT. Never connect your Solana wallet or sign messages unless you trust the site. OpenSea issued a warning to users earlier last year after many crypto wallets were targeted and attacked by malicious NFTs.

Two scam / spam NFTs are in this Solana wallet.

Often scam NFTs include website in the artwork. Do not visit the website - it could infect your computer.

Often scam NFTs include website links in their NFT metadata.

10 Tips To Keep Your Solana Wallet Safe

1. Use official support channels. Often scammers will try to impersonate support persons. Never trust anyone who proactively claims to be affiliated with a company, unless you have contacted that person through the company's official support channel.
2. Never share your secret recovery phrase. No one should know your secret recovery phrase except for you. As a reminder, the Avana Wallet team will never ask you to reveal your secret phrases or private keys. Avana Wallet is a non-custodial Solana wallet - Avana Wallet never stores or knows your secret recovery phrase.
3. Make sure your Solana wallet is the official one. Many sites try to impersonate legitimate sites. Do not download software or a Solana wallet from unofficial channels.
4. Never click on unknown or broken links. Simply visiting a malicious website can infect your computer. Always check links and trust the source before clicking on them.
5. Never reuse passwords and use a password manager. Password managers such as Bitwarden can help you protect your accounts by storing hard-to-guess passwords for you.
6. Use Two-Factor Authentication (2FA). Setup two-factor authentication for your account. Two-factor authentication is one of the best methods to prevent unauthorized access.
7. Use a crypto hardware wallet. Avana Wallet fully supports Solana hardware wallets such as Ledger Nano S and Ledger Nano X. Read more on how to setup your Solana hardware wallet.
8. Avoid cold downloading files from strangers. Always ask questions first before clicking and downloading files.
9. Email safety. Never click on links or download files from untrusted persons.
10. If it seems too good to be true, it probably is. Always think twice before acting. Many scams exist in crypto, and it is up to you to protect yourself.

Resources

How To Protect Your Solana Non-Custodial Crypto Wallet From Getting Hacked
NFT Scams: What Are They, And How Do They Work?