Cat Block #2: Protecting Yourself In The Web3 Space
By Tyler Trang — Community Manager
Happy Taco Tuesday Nyan Fam,
We’re back at it again with Cat Block #2!
As a Community Manager for a Web3 Gaming Studio, I understand the concerns that many share around scams and bots. It’s something our team has had to perpetually protect against, not just for ourselves but for our entire community. Today, I want to bestow some of my knowledge onto the Nyan Army and Web3 community at large to ensure we all keep our assets safe and secure. This week, we will be going over some of my tips and tricks in the Web3 space that has helped me protect my assets and personal information from being compromised.
Disclaimer: These tips are not financial advice and you should always do your own research.
Be Wary of Private DMs
This is the most common method for a scammer or a bot. They will target your direct messages by sending you a project blurb, impersonating someone or trying to sell you on a free mint for a fake project. We mention this all the time in the Nyan Heroes Discord server but we recommend that you turn off private messaging when you join a Discord that has some sort of blockchain background.
Spam Links, Fake NFTs and Files.
Scammers will often create fake URLs that closely resemble an official project URL. Never connect your wallets or interact with these websites. Make sure that the website URL is coming from a trusted source in the project and that the website URL matches the official links that are posted. Even if an authorized admin or moderator posts a link, make sure the contents within the message makes sense and they aren’t spamming the entire discord with the link. There have been incidents in projects across Web3 where the admin or project owners have been compromised and will spam malicious links, so make sure their behavior and messaging is normal.
Fake NFTs are sent out to the holders of many projects. These Fake NFTs have no real ties to the project and promise many things such as discounts, free items or access to limited time offers. Many of these descriptions for these scam NFTs contain fake URLs that will lead you to a drainer website that will drain your currency or NFT assets if you connect your wallet to them and approve transactions.
Files can be sent from these scammers as well. You should never download anything from an untrusted source, especially in the blockchain space. Apart from random files, don’t scan random QR Codes. QR Codes can link you to malicious websites or even bypass 2 Factor Authentication for services like Discord which will grant them access to your account.
Always Do Your Own Research (DYOR)
Make sure you DYOR for a project that you are investing into. Key indicators that I like to look at are:
- Is the team doxxed?
- Do they have the project well planned out?
- How do they speak to their community?
- Are they well-connected and spoken of in the Web3 space?
- Is there anyone that is backing the project that I trust?
These are some of the indicators I look into but this doesn’t always mean the project is safe to mint or invest in.
Protecting your NFT Assets
Whether you are dealing with an Ethereum or a Solana NFT, you may have started trading and minting in the space using a 3rd party wallet such as Metamask or Phantom. I create multiple wallets for different purposes and make sure to double check a website before connecting my wallet to the website. If there’s no reason to connect your wallet to a website and confirm transactions, don’t do it.
Never give out your seed phrase and keep the phrase stored offline. This can be on a piece of paper or somewhere that you keep your valuable belongings. Once someone has access to your seed phrase, they will have access to all of the wallets that you’ve created under that service.
I have a burner wallet that contains only the needed amount of SOL to do interactions. The burner wallet connects to minting websites and other websites without having to worry about compromising my portfolio.
My storage wallet contains NFTs I have already minted and want to keep easily accessible. I will connect this wallet to marketplaces such as Magic Eden and OpenSea if I want to list or trade an NFT.
I also recently purchased a ledger or cold wallet after a few months inside this space. Don’t buy a used ledger, make sure it’s new. These are one of the most secure ways to store your cryptocurrency and valuable NFTs. They have an extra layer of security and steps to access the wallet to make transactions.
Discord Connections and Verifications
Discord is used A LOT for NFT projects and you may end up making a Discord account to join one of these projects. Before gaining access, you may have had to verify yourself using popular bots such as MEE6 or DynoBot to join a project. Oftentimes, scammers will use methods that are similar to these tools to gain access to someone’s account.
Make sure that you are verifying yourselves using the correct website or bot. I like to do a quick search for the official website of a bot that requires me to verify myself. Some scams have similar URLs that completely copy the aesthetic of the official website. Make sure the URL is legit and you aren’t trying to connect your Discord to a fake.
Only authorize Discord apps that you trust. Many apps will ask for app authorization to verify or use the tool. They will ask for permissions for certain things like, servers you are in, your username, or other required information. If they ask for too much, such as sending messages on your behalf or reading your messages, I would think twice before giving them access.
Discord also has a new feature that they’ve recently rolled out that allows you to swap between multiple Discord accounts. Another alternative is to create a throwaway Discord account to use for other projects and not have to worry about your main Discord account being compromised.
Last but not least, don’t store important information inside your direct messages or servers. What if you lose access to your account or that server?
I hope some of these tips will help you in your journey in the Web3 space. I myself have fallen victim to drain websites and fake NFT websites in the past that have made me a much more secure person. I double check everything I am doing and I make sure I always do extensive research before diving deep into a project and investing into it.
Thanks for reading and stay safe out there Nyan Army!