The Top Scams in Crypto
“There is no un-scammable person, only scripts that don’t fit.”
Even though we, earthlings, tend to have a very high opinion of our own intelligence, self-deluding ourselves into thinking that we could not possibly ever fall for a scam, the truth is that nobody is safe from falling for a scam.
And it is not Natasha L., a Scam Prevention Expert who has fallen for a scam and wrote about it in a piece called “I’m a Scam Prevention Expert, and I Got Scammed”, who is going to say otherwise.
See, no unscammable person.
Unfortunately, the Web3 Space is the land of scams, and steps must be taken to protect ourselves!
Our mindset plays a crucial role in falling for scams, that’s why we kick-started our “ How to Stay Safe In The Web3 Space” Serie by addressing what kind of mindset could be your downfall and how to change it to navigate more safely web3.
The other powerful way to dodge scams is to simply know about them, and implement strategies to keep you as safe as possible!
So that’s what we will explore in this article.
Be Cautious of ”Too Helpful & Good Natured” People
This one is much more common than people would like to admit and apply to the whole of web3.
You will meet these people on twitter, discord, telegram or a text message in what will seem to you a very basic conversation over one subject or another, that will not make you suspicious. You will bond over time, as they will invest time in building their relationship with you, you will talk about dogs and cakes, holidays and alphas, your kids and NFTs. At some point, they will build a narrative with only one endgame: getting their hands on your seed phrases or having you use a platform where they will be able to siphon your assets.
Even the most guarded fall into these types of scams, because they’re very subtle and built over such a long period that it’s extremely difficult to identify them for what they are.
Only two advices for this scenario:
- Never ever under any circumstances give your seed phrase to anyone
- Never ever connect your wallet, or buy NFTs or cryptos from projects and websites you don’t know about, that are not mainstream, that was recommended to you by this dear parasocial friend.
A cautionary tale:
Full story here:
Discord and Twitter DMs
Your dms is where you will encounter the greatest volume of scams. And as scammers are nothing but creative artists, you will be met with a legion of them of every kind possible.
The most basic ones will be “Whitelist” and NFT Giveaways you have supposedly won.
You also have:
The NFT Trade
The “ Please Help Me Out” with my crypto or NFTs
That is how the scam works:
The ones for artists:
Fake Trading
The “ You have been sued”
More about it here:
And so on, and so forth, it’s just never-ending.
The course of action here is very easy and you must have come across it multiple times since you joined web3 spaces, it is: CLOSE YOUR DMs.
This action has two functions:
- It reduces the ability of scammers to have access to you
- It reduces your ability to make a mistake because you’re distracted
A telling example of how easy it’s to be distracted and scammed over:
Another tip would be, unless it’s an intrinsic part of your digital identity, to take off any reference to web3 from your twitter.
Discord Hacks
Probably one of the most damaging scams in terms of loss of assets.
A scammer finds a way to post freely on the announcement page a link that will ask you to connect your wallet to their website.
1/ The message content is either about:
- a surprising mint
- a reopening of the mint
- a free mint
- a collab free mint
2/ He will use “Urgency Marketing Strategy”: the window to buy is extremely short.
And as sure as the sun will rise tomorrow, people fall for it due to a mix of FOMOing, distraction, the feeling of urgency, and yes, greed.
The most important thing to remember in this situation is to never ever “mint”, when you see a supposed mint that was never announced before by the team. Even if it’s from the founder’s twitter or discord account. No respectable NFT creator will ever do such a thing.
Consider the discord compromised and raise the alarm on Twitter.
The Biggest 2022 Discord Heists were done following a simple pattern, if you want to read more, here’s the explanation of Dope Ape NFT about what happened to them:
The M.O. was discussed in detail here by RugPullFinder:
Twitter/Discord/Reddit “Support Service”
When you are in a tight spot, with let’s say metamask, opensea or your cold wallet, and need help, what you will do is ask for it on twitter, discord, reddit, and that is where you will either meet fake “support service” accounts or people who want “to help you” . They will share with you forms or links through which they will have access to your assets.
Example 1:
There are more than 50 fake support accounts of Opensea Support on Twitter.
Example 2:
Example 3:
It’s so common on Ledger subreddit, that this is the automated response to every post:
The only way to protect yourself from this scam is to use the proper channels through the website and dedicated discord linked to the firm you have a problem with. This scam is extremely effective with exhausted, sometimes even desperate people who are losing quite a bit of their rationality when it seems that they have finally found a way out of the problem through the scammer. In this, unfortunately, you have no choice but to stay patient, fix your issue and then deplatform yourself! No respectable firm will have you run all over the place and after them for months.
The Free Mint Collection that will cost you all of your assets.
A lot of the NFT “Free” Mint out there have nothing altruistic about them.
Their aim is to have you connect your wallet to their shady websites and empty it out.
The tip here is very simple: create a “ Burner Wallet” aka a wallet that you will solely use to “Free” mint or receive Airdrops, so even if you’re subjected to a scam, they will not have access to your precious assets.
The Unsolicited Airdrop
Maybe you have never paid attention, but on opensea linked to your address is a “hidden tab”. This one tends to be home to a great number of unsolicited airdrops that will drain you as soon as you interact with their contracts just like so:
To be safe,NEVER interact with them and flag them on opensea, they should disappear very quickly.
If you want to know how they get your address, one of the tactics is supposed “giveaways’ ‘ farming tweets that ask you to post your address to enter it. So refrain from sharing it, no legit NFT collection or person will ask you to disclose it publicly and openly.
Website LookAlike
We explained at length here about the duty for every NFT collection creator to buy every domain under the sun linked to them, because fake website scamming is extremely widespread!
You could be tricked in two ways:
1.Google: Either with fake NFT collections being listed first and looking absolutely legit or, one often forgotten, fake NFT Marketplaces.
2. A twitter or discord account has been hacked and the legit project address has been switched up with a fake one
What you can do to protect yourself is:
- Add the marketplaces you use to your favorite bar as well as the website linked to the project you’re interested in.
- Be equipped with a very good antivirus and extension that will send you an alert to protect you from phishing and impersonation websites.
Twitter & Instagram TAG
Another widespread scam is hooking you through tagging.
You will find yourself tagged with X persons under a post linked to an NFT collection launch, which can seem absolutely legit at first sight with its high level of engagement.
If you check their account, they are following a few accounts connected to their activity, an old twitter account, a huge following and sometimes even the authentication tick.
If you’re new to this space, distracted or not very twitter literate, you could miss the flags like the @ that doesn’t match, links without the safe green tick, the absence of original content, and only retweets from the legit project or brand. That is how people fall for these tricks.
The only thing you can do is ignore them and flag the comment as well as the account to protect other people.
PRE-EMPTIVE STEPS
We went through most scams that happened in the NFT space, and many lessons have been taught:
Let’s add some bonus tips:
1. Use an Extension that Will Alert You that You’re Going to Get Scammed!
At Nefture, we’ve developed a tool that will protect you from crypto scams by analyzing and classifying your transactions into 3 risk levels through our detection algorithm.
How does it work?
- Nefture Security is an RPC: a secured network that you can add to your wallet. In short, it’s like a wallet extension that is plugged into your Metamask or Coinbase wallet. If Nefture Security detects a very unusual activity indicating that you are probably going to be scammed if you pursue the interaction, it will alert you. Learn more about it here.
2. One Web Browser Solely Dedicated To Your Hot Wallet(s)
As we have seen through many examples, one reason so many scams are successful is because we’re only a few clicks away from them, and we only have to be distracted and tired to fall for them.
The idea is to give more time to your brain to process what you’re doing, and raise the alarm by adding more steps to the process of connecting your hot wallet with a website.
Let’s say you’re choosing Firefox to add your Metamask Extension, this browser will be used ONLY to buy or sell your NFTS. No other activities are allowed, your twitter, discord, …accounts will be on another browser. It means that you will have to quit your currently used browser (1 step), open another browser (2 steps) and type your password (3 steps) to have access to your hot wallet. That’s how we turn one step into three and it could be life-saving.
Plus, it really helps sanctify the process of using your hot wallet, and while using this browser you will be more alert, and more mindful of the steps you’re taking.
Also, unless you have a very good reason to have installed Hot Wallet apps on your phone, ipad,… uninstall it.
3. Invest in a Cold Wallet
That’s the safer place you can have your assets in. Having a cold wallet and stocking your priceless assets in it is a no-brainer. This move along can prevent you from becoming a victim of almost every scam previously listed
Plus, as we love to say in web3 ”Not your Keys, Not Your Coins”. That also applies to NFTs, they’re yours only if they are locked in YOUR vault.
4. If you have a MetaMask and use iCloud, Disable iCloud Backup
It stores your seed phrase. A huge vulnerability, your iCloud hack could be enough to wipe out all of your assets.
More about this here:
One of this hack’s victims:
Reminding you once again, because this has to be engraved deeply inside you:
5. Protect At All Cost Your Seed Phrase
Never, under any circumstances, give up your seed phrase, there is absolutely no scenario where you will need to hand it over to a third party. None.
Another thing, do not store your seed phrase digitally! No pictures, no notes app, no messages through Whatsapp, Messenger, …. These equate to opening your door to a burglar.
Between, part1, and part2 of our How to Stay Safe serie you should be better armed for surviving this space!
To make you even safe we have in store two more episodes coming!
See you then!
