Note: This post is specific to NFTs on the Solana Network
If you’ve got a Solana address, and you’re active in the NFT space, then you’ve probably seen something like this show up out of nowhere:
What’s that? Where did it come from? Did I win something?
This is a scam! Someone is hoping that one in thousands will be tricked into going to the mentioned website to claim their “gift”, connecting their wallet, and signing a transaction that gives them open ended permission to extract funds. Before the ink is dry, the scammer’s script has fired and cleaned you out.
Before you get too mad at the appearance of one of these things, you might want to know that dealing with it is actually something that’ll turn this whole interaction into a tiny little SOL airdrop. To understand why that’s the case, let’s look at what goes into sending someone an NFT on Solana.
What’s Involved Here?
SOL NFTs are SPL Tokens. In the Solana Ecosystem, anyone can create something called a Solana Program Library token. Custom Coins, NFT sets, and unique one of one NFTs are all SPL Tokens. In order to hold any SPL token, your wallet is going to need to have an appropriate storage space – a token account. The network requires that all token accounts pay rent, either once each ~2 day epoch, or in the form of 2 years’ rent all at once for a permanent account.
Just who pays the rent is going to depend on the structure of the contract involved. When you’re minting something you actually way, more often than not you’re going to be paying the 2 year rent amount for the token account yourself as part of the overall transaction. When you aren’t signing anything yourself, you can’t possibly be the one to pay that fee, so the senders of any airdropped NFTs are going to have to cover that cost themselves.
Here’s where it gets fun
Remember me calling it Rent? Well, the scammer’s paid this rent in advance, but if you leave the property so to speak, the landlord (The Solana Network) will return it – not to the scammer, but to YOU. The math on this is in your favor. A network transaction fee is 0.000005 SOL. The rent fee is going to be 0.00203928 SOL When you initiate the transaction to Burn This Scam NFT and Close The Token Account you are going to get Over 400 Times the transaction cost passed on to you.
How Can I Get Rid of The Scam NFTs?
There are a handful of approaches, and we’ll walk through three of them:
- Return to sender, then close the account with dRaffle.
- Use the Sol-Incinerator, a free tool provided by the SolSlugs Project
- Take matters into your own hands and act as your own Crematorium
Option 1: Return To Sender
This is the first way that I learned to handle Scam NFTs, and while it does work, it’s got some drawbacks. I’m including it here because the dApp involved, dRaffle, is a good tool to keep in your belt for tidying up.
Open your wallet app, and open up the NFT on Solscan. Look for the Filter by Address field, add your own, and reduce down to your own copy of the token.
Click the signature, and you’ll open the Transaction Details. First we’ll send the token back to sender. Copy the value for “Signer” from the top of the page, open your wallet app, open the NFT, click Send, and enter the copied address. Pay the 0.000005 SOL network fee, and the token account is clear.
There will be two actions: Create Associated Account and Token Transfer. In the first section, find the value for “AssociatedAccount“. This is the account you’ll be closing out for the rent money. With the app we’ll use, you’ll need to know the first and last four characters in the address.
Open the dRaffle Wallet Cleanup Tool, connect your wallet, and you’ll see the option to close all empty accounts, or to close a selected account. For now, open the dropdown to select an account to close. Find the matching account, and close it out. Approve the transaction, and collect your 0.00203928 SOL
Option 2: Use An End-to-End dApp
A better option is to burn the token instead of returning it to the sender. Returning it lets you get rid of it without paying to open an associated token account, but it’s better for everyone if that token were to just… stop existing. The most straightforward way I’ve found to get rid of an unwanted token is with the Sol Incinerator – a tool that allows you to bundle burn and close actions for one or more unwanted tokens into one overall transaction!
Connect your wallet, and when your NFTs are loaded up, walk through them and mark all of the tokens you need to destroy. It’s cheaper to bundle your burns into one, but doing so is up to you. When you’re ready, BURN. That’s it! Sit back and wait for the process to complete and collect the combined rent!
Option 3: Use the SPL Token Program via the CLI
This one is a little more involved, but in the end it’s the only trustless approach. If you’re over-the-top secure, or you just like being more connected to the technology underneath it all, you can take care of your unwanted NFTs with the Solana CLI. If you aren’t already set up, let me help you with that:
Go through the initial steps from Option 1 – open your wallet app, follow through to Solscan. On that page you’ll want to confirm the AssociatedAccount and TokenAddress values.
Once you have the account that’s holding the junk NFT running in your terminal, list out the token accounts you have open:
spl-token accounts -v
You should see the Token and Account values among the results returned
Token Account Balance -------------------------------------------------------------------------------------------------------- DE9CvQ7mS3m6wyJ5Nz6d3cd2chniAwme1sErGTRPYFK HwAyCHVZeBoHApMGN9UFioBjgaohXH2ed6z4tEsG4Ku8 1
To get rent back, what we need to do involves two actions. First, we’re going to burn tokens in an Associated Account – the account created to house the NFT (or NFTs – I’ve gotten more than one of the same scam NFT before). Then we’re going to close out the account by asking to close on the Token. This may seem a bit backwards. The burn command uses the account address, and the close command uses the token address. Go it? Here’s what it looks like using the example token in my account:
spl-token burn HwAyCHVZeBoHApMGN9UFioBjgaohXH2ed6z4tEsG4Ku8 1
The 1 at the end is the quantity to burn within the account referenced. To see the rent deposit get returned, check and note your balance:
Next, you close the account:
spl-token close DE9CvQ7mS3m6wyJ5Nz6d3cd2chniAwme1sErGTRPYFK
This will look for an associated account for the NFT, and close it. There can be only one, so no additional detail is needed. Burn with account, close with token. Check your balance one more time and it will have increased by more than 0.002 SOL – enough for over 400 gas fees!