All Collections
Security
How to avoid most common scams
How to avoid most common scams
Ev Tchebotarev avatar
Written by Ev Tchebotarev
Updated over a week ago

Web3 is a place of opportunities. At the same time, this space is also so new for the coming wave of creators that it is important to know how to avoid the most common scams, protect your wallet, and if that fails, what to do if your wallet is compromised.

Unfortunately, because there is so much money to be made (and lost) in crypto, creators, large and small, are the targets of myriad scams. It is exacerbated by the fact that creators rely on social media and making new connections to find genuine collectors.

Most common scams today are as follows:

Strangers in DMs

Sometimes finding a collector might mean having a conversation in someone’s DMs. Be extra cautious as many “collectors” would use names or avatars to sound more authoritative.

Collectors with a good reputation will have their ENS wallet available in a name or their bio, and will have links to their gallery or a wallet. Such collectors generally announce their purchases that can be proven with a link to an artwork or a blockchain transaction.

The scam works like this: a “collector-to-be” would spend a lot of time chatting you up and saying that they love your work and are ready to collect your art, but have funds “tied up” in a trade (often along with a screenshot to prove it), so they need you to send them some money first, promising a sale or return of funds with interest within a few minutes. Don’t fall for it.

Free Mints

Sometimes the scam is particularly effective if a valid social media account was compromised. The message will say that this is a “hot drop”, and have a link to a website. Connecting your wallet on such a website will immediately expose all of your NFTs and all crypto to the scammer to grab (basically they code in a special permission to withdraw anything from your wallet). Any getting rich quick scheme in crypto is guaranteed to be a scam.

Emails

There were two types of scam emails floating around lately focusing on fear and greed. One would imply that you violated some community rules and to correct them you need to email back, which causes the attacker to send a file (usually a “.zip” or “.exe” file), which will compromise your system. The other type of email focused on greed and would imply receiving acceptance from an invite-only marketplace. Since many have shared their excitement about applying on social media, the job of a scammer is much easier. Do not respond to suspicious emails. Check in with the project team via a trusted channel.

Anonymous Teams

While scams occurred with both doxxed (identity known to the public) and anonymous teams, the vast number of them are from anonymous teams. In one of the latest scams, an anonymous team stole $800K in users’ funds just this week! If a website or a project has a team that is hiding behind an avatar and username, be cautious. The biggest projects in the space, such as Coinbase or FTX, have management teams with a known name, face, and career history.

Discord Hacks

Unfortunately, almost every discord server has been hacked at least once. There are leaderboards that show projects who have been compromised over and over again, including many large projects. The common source of a hack is a bot (a program configured to increase usability of some feature) that was improperly setup. You might see official accounts or official looking links being posted in a channel urging you to take action. Best defense: bookmark a trusted website and verify the website you are on.

Website Hacks

While all previous scams require “social engineering” to lure you into connecting your wallet or sending crypto to a scammer, a website scam requires some real hacking. There has been a large number of high profile websites that were compromised and a malicious code injected to initialize a wallet connect. For that the only solution would be to use a hot wallet with a small amount of funds in it (see “how to protect your wallet” below), and to look out for design inconsistencies when connecting to it.

Of course, much has been written on how to be careful with some suggesting not to click on any links. While it is commendable, it is unlikely to be a reasonable solution for many. So best to keep your activity to a limited number of projects, don’t trust people you don’t know (anonymous or not), and verify the links or emails you receive.

Did this answer your question?