It seems like Saturday should forevermore be known as Hackurday. As our Editor-in-Chief Christian observed in last Friday’s Week in Review call – ‘hacks tend to happen on weekends, [hackers] seem to assume that’s when no one’s going to notice’. Christian said this in response to the previous weekend’s Beanstalk hack, that weekend was kickstarted by the Akudreams NFT launch being exploited. Prophetic?

No weekend is complete without a hack.

In reality, this is just one of many hacked, ruined, and overall controversial projects. NFTs are a numbers game, they are scarce and therefore valuable by design, creating the opportunity for mind-blowing gains. This makes NFT sales’ contracts honeypots for “shadowy super coders.”

Understandably, competition, rumors and excitement run high. It is a market that both inspires us with its numbers, whilst stacking them against us too. In this frenzied market, any advantage that can be achieved is intensely desirable. 

It should be no surprise then that hacks, exploits, and botting have become commonplace. Additionally, last summer, gas wars became an approach to securing a prized NFT – paying higher gas fees to get transactions to the front of a minting queue. 

Minting NFTs could cost a small fortune, and fail, but if an NFT massively jumps in price due to demand, the risk to reward numbers often makes it worth it. Therefore those who waste large amounts of ETH are still well off with some of their investments.

The solution to all these problems that began evolving last summer was allowlists. The process of becoming pre-selected to be able to mint an NFT.

Allowlisting: if your name’s not on the list, you’re not coming in. Source.

But guess what?

They started to get exploited too! As a result, they’ve had to become ever more complex and demanding to defeat those trying to beat the system. Getting approved now requires users to jump through all sorts of hoops. This does add protection for everyone, but by being deliberately prohibitive. It’s almost as if you have to be willing to part with blood, toil, tears, and sweat in the arena to prove your worth, like some kind of diamond-handed gladiator.

Diamond hands: not optional.

Allowlisting hasn’t removed the overall numbers game associated with minting NFTs, but it has at least detached it from the cost and risk of getting involved in a gas war. Being on an allowlist usually means you get a ‘private’ period of time to mint, where there won’t be any competition. And that moves the risk to reward ratio back in favor of those willing to invest the time to get themselves on the list, instead of favoring the rich.

With this in mind, this week I will provide you with the tools needed to continue moving those odds in your favor so that you can succeed in the numbers game.

Before beginning, you will be working with the following:

  • Brave Browser.
  • Multiple email addresses.
  • Multiple Twitter accounts.
  • Multiple Discord accounts.
  • Multiple Metamask accounts (different from extension).
  • $ETH for each wallet – whatever you are willing to spend per NFT.
  • A safe way to record and organize ids, addresses, twitter handles etc.
  • Time and effort!

The aim is to create multiple accounts which you can use to make multiple applications to the allowlists of your choice.

The more accounts we create, the more we increase our chances of being successful, but you can do it with any amount you like. You don’t (and shouldn’t) need to create the accounts all at once. The greatest amount of effort will be in the initial setup, but once our profiles, social media accounts, and Metamask wallets are established, they can be used over and over.

The process:

Create multiple web browser profiles.

  • Use a browser that stores user data for each profile separately – rather than bundling the data from different profiles together.
  • Compartmentalizing the accounts will probably avoid some confusion for yourself, and help to avoid accidental connections being made between accounts that give away they’re all run by the same person.
  • Brave is the recommended browser.

Create Metamask accounts.

  • Add the Metamask extension to each of the browser profiles.
  • Securely record each wallet’s seed phrase and never share them.
  • If you install the Metamask extension once, and then it automatically appears in all the other profiles, this means the browser isn’t keeping data separately in the way that we need to. In this case, use a different browser.
  • Naming accounts won’t matter unless it helps you to organize them. Metamask account names are not visible to websites.

Create separate email, Twitter, and Discord accounts.

  • To shortcut this process, you can purchase premade Discord and Twitter accounts. This will save time but cost some money.
  • Ideally, spread out the creation of the various accounts, across different days, e.g. don’t do everything in one day, spread things out organically. Open an email one day, create a Twitter account the next day, and so on.
  • Create each account whilst using the specific browser profile that it will be used with. For example, don’t use one browser profile to create ten Twitter accounts.
  • Don’t use similar names for all the accounts you create e.g. Ant1, Ant2, Ant3… This again will raise suspicion amongst humans that are employed to weed out those trying to game the allowlisting process. 
  • Do however use relatively identifiable names for the various different accounts that belong to each profile. E.g. CrazyAnt88@Twitter, [email protected], AntSmith420 on Discord.
  • Work through getting the accounts all authenticated – the email will need to be done first because the email address will need to be used to authenticate Twitter and Discord.
  • You can also link the Twitter and Discord accounts.

Fund Metamask accounts.

  • Avoid withdrawing funds to all the accounts from one other account, on a centralized exchange, or otherwise, this will give away that they are all connected to the same person.
  • You could use a privacy service such as Tornado cash, but this risks getting you blocked from some mints that will consider it suspicious.
  • Try to avoid sending exactly the same amount of funds to each account, again the aim is to keep things looking organic.
  • Distribute the funds on different days, again – keep things organic.
  • Don’t send funds from one wallet to the next, this will then link them together.

At this point, you should have a number of separate and fully fleshed-out Metamask wallets, email addresses, and social media accounts. When you now apply to an allowlist, you’ll be able to carry out whatever activities are required of you on multiple occasions to improve your chances.

To really sell the effect, you will need to keep up the ‘organic’ appearance with your social media accounts – join Discord servers at different times, and follow Twitter accounts that you’re interested in on separate days. When engaging with ‘Retweet and tag 3 friends’ type activities, don’t tag the same accounts all the time. 

Because of the amounts of money involved, both humans and bots are employed to check allowlist applications, and they are becoming ever more alert to the ways that people try to game the system – have a look at this, for example, you’ll see why it is so essential to keep everything separate and organic.

Did you like the content of this Email? Follow us on Twitter.

Our research team at SIMETRI is also constantly sharing alpha. So feel free to follow me: Anthony, and my colleagues: Anton, Sergey, and Nivesh.

Disclosure: At the time of writing, the author held ETH, a range of NFTs and several other cryptocurrencies. Read our trading policy to see how SIMETRI protects its members against insider trading.