# NFT 防黑指南 By [SeeDAO](https://paragraph.com/@seedao) · 2022-05-08 --- |作者:[Arthur](https://twitter.com/Arthur_0x)|译者:Zhiyuan Qi|校对:[Roy](https://twitter.com/MroyBB)|排版:[龙犄角](https://twitter.com/DDragonHorn)|本文译自以下原文| [![User Avatar](https://storage.googleapis.com/papyrus_images/9a40173a88b94fdecd20cd4ca8855e021a502334ccd2803b89cdd9bd7a8cb604.jpg)](https://twitter.com/Arthur_0x) [Arthur](https://twitter.com/Arthur_0x) [@Arthur\_0x](https://twitter.com/Arthur_0x) [![Twitter Logo](https://paragraph.com/editor/twitter/logo.png)](https://twitter.com/Arthur_0x/status/1514890456596840449) Initially wrote the content below only for our portcos and partners but after some thoughts I think there are benefit to open-sourcing this. [![Like Icon](https://paragraph.com/editor/twitter/heart.png) 1,632](https://twitter.com/Arthur_0x/status/1514890456596840449)[ 3:56 AM • Apr 15, 2022 ](https://twitter.com/Arthur_0x/status/1514890456596840449) * * * 作者简介:Arthur(@Arthur\_0x),DeFi & Web3 投资人,Azuki(红豆)收藏家。恢复之中的网络攻击受害者。 * * * [![User Avatar](https://storage.googleapis.com/papyrus_images/9a40173a88b94fdecd20cd4ca8855e021a502334ccd2803b89cdd9bd7a8cb604.jpg)](https://twitter.com/Arthur_0x) [Arthur](https://twitter.com/Arthur_0x) [@Arthur\_0x](https://twitter.com/Arthur_0x) [![Twitter Logo](https://paragraph.com/editor/twitter/logo.png)](https://twitter.com/Arthur_0x/status/1514890456596840449) Initially wrote the content below only for our portcos and partners but after some thoughts I think there are benefit to open-sourcing this. [![Like Icon](https://paragraph.com/editor/twitter/heart.png) 1,632](https://twitter.com/Arthur_0x/status/1514890456596840449)[ 3:56 AM • Apr 15, 2022 ](https://twitter.com/Arthur_0x/status/1514890456596840449) 以下内容最初仅是为我们 portcos 和合作伙伴撰写的,但经过考虑,我认为将其公开是有益的。 [![User Avatar](https://storage.googleapis.com/papyrus_images/9a40173a88b94fdecd20cd4ca8855e021a502334ccd2803b89cdd9bd7a8cb604.jpg)](https://twitter.com/Arthur_0x) [Arthur](https://twitter.com/Arthur_0x) [@Arthur\_0x](https://twitter.com/Arthur_0x) [![Twitter Logo](https://paragraph.com/editor/twitter/logo.png)](https://twitter.com/Arthur_0x/status/1514890461969731584) 1/ Based on our research and conversation with leading cyber security experts, we believe BlueNorOff are running an organized campaign to target all the prominent organizations in the crypto space. [![Like Icon](https://paragraph.com/editor/twitter/heart.png) 558](https://twitter.com/Arthur_0x/status/1514890461969731584)[ 3:56 AM • Apr 15, 2022 ](https://twitter.com/Arthur_0x/status/1514890461969731584) 1/ 根据我们的研究,并与权威网络安全专家交流后,我们认为 BlueNorOff 正在有组织地展开针对加密领域所有知名组织的攻击活动。 [![User Avatar](https://storage.googleapis.com/papyrus_images/9a40173a88b94fdecd20cd4ca8855e021a502334ccd2803b89cdd9bd7a8cb604.jpg)](https://twitter.com/Arthur_0x) [Arthur](https://twitter.com/Arthur_0x) [@Arthur\_0x](https://twitter.com/Arthur_0x) [![Twitter Logo](https://paragraph.com/editor/twitter/logo.png)](https://twitter.com/Arthur_0x/status/1514890464083685376) 2/ Given how sophisticated their social engineering attack is, I believe that they already have the relationship graph of the entire crypto space mapped out and know what kind of phishing emails are most likely to slip through our mental defense. [![Like Icon](https://paragraph.com/editor/twitter/heart.png) 148](https://twitter.com/Arthur_0x/status/1514890464083685376)[ 3:56 AM • Apr 15, 2022 ](https://twitter.com/Arthur_0x/status/1514890464083685376) 2/ 鉴于他们的社交工程攻击的复杂程度,我相信,他们已经绘制了整个加密货币领域的关系图谱,并且知道哪种钓鱼邮件最有可能击穿我们的心理防御。 [![User Avatar](https://storage.googleapis.com/papyrus_images/9a40173a88b94fdecd20cd4ca8855e021a502334ccd2803b89cdd9bd7a8cb604.jpg)](https://twitter.com/Arthur_0x) [Arthur](https://twitter.com/Arthur_0x) [@Arthur\_0x](https://twitter.com/Arthur_0x) [![Twitter Logo](https://paragraph.com/editor/twitter/logo.png)](https://twitter.com/Arthur_0x/status/1514890466105315334) 3/ I highly recommend reading this article to further understand how this attack is being carried out and implement the recommended suggestions. Below is the example of phishing email they sent: [kaspersky.com/about/press-re…](https://t.co/qWz3YEmH5N) [![Like Icon](https://paragraph.com/editor/twitter/heart.png) 204](https://twitter.com/Arthur_0x/status/1514890466105315334)[ 3:56 AM • Apr 15, 2022 ](https://twitter.com/Arthur_0x/status/1514890466105315334) 3/ 强烈建议阅读本文以深入了解这种攻击是如何进行的,并实采纳文中的建议。这是他们发送的 [钓鱼邮件示例](https://www.kaspersky.com/about/press-releases/2022_snatch-that-crypto-bluenoroff-threat-actor-drains-cryptocurrency-startups-accounts)。 [![User Avatar](https://storage.googleapis.com/papyrus_images/9a40173a88b94fdecd20cd4ca8855e021a502334ccd2803b89cdd9bd7a8cb604.jpg)](https://twitter.com/Arthur_0x) [Arthur](https://twitter.com/Arthur_0x) [@Arthur\_0x](https://twitter.com/Arthur_0x) [![Twitter Logo](https://paragraph.com/editor/twitter/logo.png)](https://twitter.com/Arthur_0x/status/1514890468122771459) 4/ It is critical that this industry is highly aware that we are being actively targeted by a state-sponsored cyber crime organization that is extremely resourceful and sophisticated. They might even change the tools and attack pattern in future. [![Like Icon](https://paragraph.com/editor/twitter/heart.png) 174](https://twitter.com/Arthur_0x/status/1514890468122771459)[ 3:56 AM • Apr 15, 2022 ](https://twitter.com/Arthur_0x/status/1514890468122771459) 4/ 至关重要的是,业内要高度意识到,我们正在被一个国家资助的网络犯罪组织积极地盯上。该组织极其机智老练。将来他们甚至可能改变工具和攻击模式。 [![User Avatar](https://storage.googleapis.com/papyrus_images/9a40173a88b94fdecd20cd4ca8855e021a502334ccd2803b89cdd9bd7a8cb604.jpg)](https://twitter.com/Arthur_0x) [Arthur](https://twitter.com/Arthur_0x) [@Arthur\_0x](https://twitter.com/Arthur_0x) [![Twitter Logo](https://paragraph.com/editor/twitter/logo.png)](https://twitter.com/Arthur_0x/status/1514890472740642818) 5/ Once the current attack method gets less effective, such as a trojanized DeFi App and Wallet attack discovered lately. Given the success, it is likely North Korea will dedicate more resources to this group to scale up the intensity of the attack. [securelist.com/lazarus-trojan…](https://t.co/uogzBha4BB) [![Like Icon](https://paragraph.com/editor/twitter/heart.png) 127](https://twitter.com/Arthur_0x/status/1514890472740642818)[ 3:56 AM • Apr 15, 2022 ](https://twitter.com/Arthur_0x/status/1514890472740642818) 5/ 一旦当前的攻击方法变得不那么有效,例如最近发现的 [DeFi App](https://securelist.com/lazarus-trojanized-defi-app/106195/) 木马和钱包攻击,由于从以往的成功攻击中尝到甜头,朝鲜很可能会为该组织投入更多资源,以扩大袭击的强度。 [![User Avatar](https://storage.googleapis.com/papyrus_images/9a40173a88b94fdecd20cd4ca8855e021a502334ccd2803b89cdd9bd7a8cb604.jpg)](https://twitter.com/Arthur_0x) [Arthur](https://twitter.com/Arthur_0x) [@Arthur\_0x](https://twitter.com/Arthur_0x) [![Twitter Logo](https://paragraph.com/editor/twitter/logo.png)](https://twitter.com/Arthur_0x/status/1514890474883977216) 6/ All standard cyber security suggestions aside, below are some of the non-exhaustive crypto specific security suggestions I have produced with assistance of my cyber security minded friend [@junhaotan\_](https://twitter.com/junhaotan_) , I hope this will prevent similar incidents from happening to any of us. [![Like Icon](https://paragraph.com/editor/twitter/heart.png) 94](https://twitter.com/Arthur_0x/status/1514890474883977216)[ 3:56 AM • Apr 15, 2022 ](https://twitter.com/Arthur_0x/status/1514890474883977216) 6/ 除了所有标准的网络安全建议,在我的朋友 ── 网络安全意识很强的 @junhaotan\_ 的协助下,我提出了一些虽不详尽但很具体的加密货币安全建议。希望能防止类似事件发生在我们任何人身上。 [![User Avatar](https://storage.googleapis.com/papyrus_images/9a40173a88b94fdecd20cd4ca8855e021a502334ccd2803b89cdd9bd7a8cb604.jpg)](https://twitter.com/Arthur_0x) [Arthur](https://twitter.com/Arthur_0x) [@Arthur\_0x](https://twitter.com/Arthur_0x) [![Twitter Logo](https://paragraph.com/editor/twitter/logo.png)](https://twitter.com/Arthur_0x/status/1514890476830093312) 7/ Storing on-chain cryptoassets on enterprise grade custody solution: An EOA secured by one hardware wallet is insufficient as they can insert a false Metamask browser extension leading to approval of unintended transactions. [![Like Icon](https://paragraph.com/editor/twitter/heart.png) 104](https://twitter.com/Arthur_0x/status/1514890476830093312)[ 3:56 AM • Apr 15, 2022 ](https://twitter.com/Arthur_0x/status/1514890476830093312) 7/ 将链上加密资产存储在企业级托管方案上:仅由一个硬件钱包保护的 EOA 是不够的。因为他们可以通过注入假的小狐狸(Metamask)浏览器扩展,来导致非预期交易的批准。 [![User Avatar](https://storage.googleapis.com/papyrus_images/9a40173a88b94fdecd20cd4ca8855e021a502334ccd2803b89cdd9bd7a8cb604.jpg)](https://twitter.com/Arthur_0x) [Arthur](https://twitter.com/Arthur_0x) [@Arthur\_0x](https://twitter.com/Arthur_0x) [![Twitter Logo](https://paragraph.com/editor/twitter/logo.png)](https://twitter.com/Arthur_0x/status/1514890479115988993) 8/ At the very least it should be a multi-signature wallet like Gnosis Safe secured by a few hardware wallets. I highly recommend going for the next level of custody solution like Fireblocks, Copper, Qredo etc. As they come with native multisig 2FA for transaction approval. [![Like Icon](https://paragraph.com/editor/twitter/heart.png) 236](https://twitter.com/Arthur_0x/status/1514890479115988993)[ 3:56 AM • Apr 15, 2022 ](https://twitter.com/Arthur_0x/status/1514890479115988993) 8/ 至少应当使用一个多重签名钱包:例如由数个硬件钱包提供安全防护的 Gnosis Safe。我强烈建议使用 Fireblocks、Copper、Qredo 等更高级别的托管方案,因为它们采用原生的 2FA 验证多重签名来批准交易。 [![User Avatar](https://storage.googleapis.com/papyrus_images/9a40173a88b94fdecd20cd4ca8855e021a502334ccd2803b89cdd9bd7a8cb604.jpg)](https://twitter.com/Arthur_0x) [Arthur](https://twitter.com/Arthur_0x) [@Arthur\_0x](https://twitter.com/Arthur_0x) [![Twitter Logo](https://paragraph.com/editor/twitter/logo.png)](https://twitter.com/Arthur_0x/status/1514890481062219777) 9/ Exercise extra due diligence in hiring remote teams especially software engineers/developers: “The Lazarus APT group has even engaged in the creation of fake companies for the development of cryptocurrency software." [![Like Icon](https://paragraph.com/editor/twitter/heart.png) 115](https://twitter.com/Arthur_0x/status/1514890481062219777)[ 3:56 AM • Apr 15, 2022 ](https://twitter.com/Arthur_0x/status/1514890481062219777) 9/ 在聘用远程团队,尤其是软件工程师/开发人员时,要进行额外的尽职调查:“Lazarus APT 集团(_译注:臭名昭著的黑客组织_)甚至开设虚假的加密货币软件公司。” [![User Avatar](https://storage.googleapis.com/papyrus_images/9a40173a88b94fdecd20cd4ca8855e021a502334ccd2803b89cdd9bd7a8cb604.jpg)](https://twitter.com/Arthur_0x) [Arthur](https://twitter.com/Arthur_0x) [@Arthur\_0x](https://twitter.com/Arthur_0x) [![Twitter Logo](https://paragraph.com/editor/twitter/logo.png)](https://twitter.com/Arthur_0x/status/1514890483033550853) 10/ We have heard of this case from one of our portfolio companies where applicants for their software engineer role appear to be suspicious in interview, and unable to match up with their profile in their resume. [![Like Icon](https://paragraph.com/editor/twitter/heart.png) 96](https://twitter.com/Arthur_0x/status/1514890483033550853)[ 3:56 AM • Apr 15, 2022 ](https://twitter.com/Arthur_0x/status/1514890483033550853) 10/ 我们从自己的投资组合公司那里听说过这么个案例:一个申请软件工程师职位的人在面试中表现得很可疑,而且他简历中的个人资料也对不上号。 [![User Avatar](https://storage.googleapis.com/papyrus_images/9a40173a88b94fdecd20cd4ca8855e021a502334ccd2803b89cdd9bd7a8cb604.jpg)](https://twitter.com/Arthur_0x) [Arthur](https://twitter.com/Arthur_0x) [@Arthur\_0x](https://twitter.com/Arthur_0x) [![Twitter Logo](https://paragraph.com/editor/twitter/logo.png)](https://twitter.com/Arthur_0x/status/1514890484975489029) 11/ Dedicated computers for crypto transactions. There should be dedicated computers only for engaging in crypto transactions that do not interact with any emails, internet link, messaging apps, opening MS words documents, PDF etc. [![Like Icon](https://paragraph.com/editor/twitter/heart.png) 140](https://twitter.com/Arthur_0x/status/1514890484975489029)[ 3:56 AM • Apr 15, 2022 ](https://twitter.com/Arthur_0x/status/1514890484975489029) 11/ 用来加密交易的计算机应专机专用:应该用专门的计算机进行加密交易,该设备不参与任何电子邮件、互联网链接、消息应用程序、打开 Word / PDF 文档等交互。 [![User Avatar](https://storage.googleapis.com/papyrus_images/9a40173a88b94fdecd20cd4ca8855e021a502334ccd2803b89cdd9bd7a8cb604.jpg)](https://twitter.com/Arthur_0x) [Arthur](https://twitter.com/Arthur_0x) [@Arthur\_0x](https://twitter.com/Arthur_0x) [![Twitter Logo](https://paragraph.com/editor/twitter/logo.png)](https://twitter.com/Arthur_0x/status/1514890486925778948) 12/ Implement 2FA for all sign-in: This is non-crypto specific but is important enough to warrant a mention. Cloud storage, Emails, Messaging apps like Telegram should all have 2FA for logins, do not use SMS 2FA and use Google authenticator instead, [![Like Icon](https://paragraph.com/editor/twitter/heart.png) 103](https://twitter.com/Arthur_0x/status/1514890486925778948)[ 3:56 AM • Apr 15, 2022 ](https://twitter.com/Arthur_0x/status/1514890486925778948) 12/ 所有登录操作都要进行 2FA 验证:该步骤不仅针对加密货币,但其重要性完全值得一提。云存储、电子邮件、Telegram 等消息应用的登录操作都应该开启 2FA 验证。不要用短信 2FA, 使用 Google 身份验证器。 [![User Avatar](https://storage.googleapis.com/papyrus_images/9a40173a88b94fdecd20cd4ca8855e021a502334ccd2803b89cdd9bd7a8cb604.jpg)](https://twitter.com/Arthur_0x) [Arthur](https://twitter.com/Arthur_0x) [@Arthur\_0x](https://twitter.com/Arthur_0x) [![Twitter Logo](https://paragraph.com/editor/twitter/logo.png)](https://twitter.com/Arthur_0x/status/1514890488892993536) 13/ whenever possible a hardware 2FA like YubiKey should be used. Apply to both company and personal accounts. [![Like Icon](https://paragraph.com/editor/twitter/heart.png) 91](https://twitter.com/Arthur_0x/status/1514890488892993536)[ 3:56 AM • Apr 15, 2022 ](https://twitter.com/Arthur_0x/status/1514890488892993536) 13/ 应该尽可能使用像 YubiKey 这样的硬件 2FA。可同时适用于公司和个人帐户。 [![User Avatar](https://storage.googleapis.com/papyrus_images/9a40173a88b94fdecd20cd4ca8855e021a502334ccd2803b89cdd9bd7a8cb604.jpg)](https://twitter.com/Arthur_0x) [Arthur](https://twitter.com/Arthur_0x) [@Arthur\_0x](https://twitter.com/Arthur_0x) [![Twitter Logo](https://paragraph.com/editor/twitter/logo.png)](https://twitter.com/Arthur_0x/status/1514890490855915522) 14/ Bookmark your commonly used crypto DApp website. From time to time, phishing websites are being served out by search engine apps. If not careful during the search, you may end up accessing a phishing site. It will be better to access them through your bookmark list. [![Like Icon](https://paragraph.com/editor/twitter/heart.png) 95](https://twitter.com/Arthur_0x/status/1514890490855915522)[ 3:56 AM • Apr 15, 2022 ](https://twitter.com/Arthur_0x/status/1514890490855915522) 14/ 将常用的 DApp(加密货币应用程序)网址加入书签。钓鱼网站会不时被搜索引擎引用。搜索过程中如果不细心,可能到头来你访问的是钓鱼网站。最好通过书签列表访问它们。 [![User Avatar](https://storage.googleapis.com/papyrus_images/9a40173a88b94fdecd20cd4ca8855e021a502334ccd2803b89cdd9bd7a8cb604.jpg)](https://twitter.com/Arthur_0x) [Arthur](https://twitter.com/Arthur_0x) [@Arthur\_0x](https://twitter.com/Arthur_0x) [![Twitter Logo](https://paragraph.com/editor/twitter/logo.png)](https://twitter.com/Arthur_0x/status/1514890492856594435) 15/ Revoke unnecessary token approval. Token approvals allow another party to move your assets. It is required to interact with most smart contracts. Avoid unlimited token approvals and revoke unnecessary approval routinely. You can use [revoke.cash](https://t.co/Ffx5DrZ0mY) to do that.[ ![](https://storage.googleapis.com/papyrus_images/03e1c2a2874bfe12bd831af29f476384c9c5ef9a881189277d8eb76f788db1d9.jpg) revoke.cash Revoke Your Token Approvals on Over 100 Networks | Revoke.cash -------------------------------------------------------------- Take back control of your wallet and stay safe by revoking token approvals and permissions you granted on Ethereum and over 100 other networks. ](https://t.co/Ffx5DrZ0mY) [![Like Icon](https://paragraph.com/editor/twitter/heart.png) 153](https://twitter.com/Arthur_0x/status/1514890492856594435)[ 3:56 AM • Apr 15, 2022 ](https://twitter.com/Arthur_0x/status/1514890492856594435) 15/ 撤销不必要的代币授权。代币授权允许另一方移动你的资产,大多数的智能合约交互都需要它。避免无限制的代币授权并定期撤销不必要的授权。你可以使用 [revoke.cash](https://revoke.xn--cash-o84fp8j91d4u5dftrse5e./) 来做到这一点。 [![User Avatar](https://storage.googleapis.com/papyrus_images/9a40173a88b94fdecd20cd4ca8855e021a502334ccd2803b89cdd9bd7a8cb604.jpg)](https://twitter.com/Arthur_0x) [Arthur](https://twitter.com/Arthur_0x) [@Arthur\_0x](https://twitter.com/Arthur_0x) [![Twitter Logo](https://paragraph.com/editor/twitter/logo.png)](https://twitter.com/Arthur_0x/status/1514890495134105602) 16/ Implement an address monitoring system: Internal crypto wallet addresses should be monitored closely so that when unauthorized transactions happen, the team can be made aware immediately and take action as soon as possible. Both Etherscan and Nansen have such solutions. [![Like Icon](https://paragraph.com/editor/twitter/heart.png) 93](https://twitter.com/Arthur_0x/status/1514890495134105602)[ 3:56 AM • Apr 15, 2022 ](https://twitter.com/Arthur_0x/status/1514890495134105602) 16/ 使用地址监控系统:应密切监控内部加密钱包地址,以便发生未经授权的交易时,团队可以立即得知,并尽快采取行动。Etherscan 和 Nansen 都有这样的解决方案。 [![User Avatar](https://storage.googleapis.com/papyrus_images/9a40173a88b94fdecd20cd4ca8855e021a502334ccd2803b89cdd9bd7a8cb604.jpg)](https://twitter.com/Arthur_0x) [Arthur](https://twitter.com/Arthur_0x) [@Arthur\_0x](https://twitter.com/Arthur_0x) [![Twitter Logo](https://paragraph.com/editor/twitter/logo.png)](https://twitter.com/Arthur_0x/status/1514890497340284934) 17/ Regular cyber security training for team members: All team members should be required to go through cyber security training for their on-boarding, this is something that tends to be neglected as the organization grows. [![Like Icon](https://paragraph.com/editor/twitter/heart.png) 99](https://twitter.com/Arthur_0x/status/1514890497340284934)[ 3:56 AM • Apr 15, 2022 ](https://twitter.com/Arthur_0x/status/1514890497340284934) 17/ 定期对团队成员进行网络安全培训:应要求所有团队成员在入职时接受网络安全培训。随着组织的发展,这件事往往会被忽视。 [![User Avatar](https://storage.googleapis.com/papyrus_images/9a40173a88b94fdecd20cd4ca8855e021a502334ccd2803b89cdd9bd7a8cb604.jpg)](https://twitter.com/Arthur_0x) [Arthur](https://twitter.com/Arthur_0x) [@Arthur\_0x](https://twitter.com/Arthur_0x) [![Twitter Logo](https://paragraph.com/editor/twitter/logo.png)](https://twitter.com/Arthur_0x/status/1514890499949178880) 18/ Improve phishing and spam email detection by properly configuring your DNS setting for your email. Use hard fail or strict mode where possible for SPF, DKIM and DMARC [![Like Icon](https://paragraph.com/editor/twitter/heart.png) 87](https://twitter.com/Arthur_0x/status/1514890499949178880)[ 3:56 AM • Apr 15, 2022 ](https://twitter.com/Arthur_0x/status/1514890499949178880) 18/ 通过正确配置电子邮件的 DNS 设置来改进网络钓鱼和垃圾邮件检测。尽可能为 SPF、DKIM 和 DMARC 使用 hard fail 或 strict mode。 [![User Avatar](https://storage.googleapis.com/papyrus_images/9a40173a88b94fdecd20cd4ca8855e021a502334ccd2803b89cdd9bd7a8cb604.jpg)](https://twitter.com/Arthur_0x) [Arthur](https://twitter.com/Arthur_0x) [@Arthur\_0x](https://twitter.com/Arthur_0x) [![Twitter Logo](https://paragraph.com/editor/twitter/logo.png)](https://twitter.com/Arthur_0x/status/1514890502226649089) 19/ Trust the browser and not the website. Any content below the browser bar should be deemed insecure and can be a potential attack vector. Some DApp may pop up a window to ask you to login into your crypto extension wallet if you are not logged in. Do not type your password in. [![Like Icon](https://paragraph.com/editor/twitter/heart.png) 121](https://twitter.com/Arthur_0x/status/1514890502226649089)[ 3:56 AM • Apr 15, 2022 ](https://twitter.com/Arthur_0x/status/1514890502226649089) 19/ 信任浏览器,不要信任网站:浏览器地址栏下方的任何内容都应视为不安全,可能成为潜在攻击的媒介。如果你没有登录,某些 DApp 可能会弹出一个窗口要求你登录加密钱包扩展,这种情况下不要输入你的密码。 * * * ![](https://storage.googleapis.com/papyrus_images/7a503466a9e8e8b7dd6eacc9db35f18a75fc156e0b89aa2dfdfddb2cec0bbc7e.jpg) ![](https://storage.googleapis.com/papyrus_images/0aa5d98ecb4e010f92d06baadd68231e8a45e8732d2180a0d05ecac0dcda24a8.jpg) --- *Originally published on [SeeDAO](https://paragraph.com/@seedao/nft-3)*