5 ways NOT to get scammed in crypto
One of blockchain technology’s cornerstones is an emphasis on security. After all, crypto comes from cryptography. But there is one security layer that blockchain tech is having as hard a time protecting as any other technology: the human factor. Here are five common scam tactics to be aware of and avoid in order to do your part in keeping your assets safe
1. Keep your seeds safe
Early on, blockchain developers realized that a randomly generated phrase of 12 words (sometimes 24 or another number) is much more secure than your best pA$$w[]Rd attempt, and easier to remember too. You can ue your seed phrase to unlock MetaMask, for example, or restore your funds from a lost Ledger device. So you definitely want to write it down in some place (or 3) — because, for many use cases, there will be no other way to recover your data/assets. But humans being human, we love to put passwords into electronic formats like Word, Google Doc, or email — all the places hackers love to find ways to access to steal your seed phrase.
Write down multiple copies of your seed phrases in least hackable formats
2. You did not win anything
Anyone with a Discord account and membership to at least a few crypto servers is unlikely to go a week (or day even) without receiving a direct message claiming that “you won” some free crypto or that some really hot project decided to do a free token drop. What a beautiful world we live in with so many total strangers fighting over the chance to make sure you get free Bored Apes and ETH. NOT. Every single such message is a scam. Even if it looks like it’s coming from Uniswap’s official account. Even if it’s coming from Vitalik, Elon Musk, or your best friend. Discord and other handles can be spoofed. Don’t be naive.
Telegram could be even worse, with scammers adding you to scam groups without you even knowing about it. What makes it especially evil is that they will add you to groups that look identical to the groups you’re already in but with scams for “free airdrops” that seem to come from your real group admins or even friends. To avoid being tricked, take the following steps in Telegram:
1) Click on Settings in Telegram.
2) Find and click on Privacy and Security.
3) Find «Groups and channels» and switch the setting to «My contacts» so only your current contacts can add you to a group/channel.
4) And as an added security measure, find “Calls” and change to either Contacts or Nobody.
Now there is less risk (and spam) in your Telegram account.
Don’t trust messages giving you access to something too good to be true, ever.
3. Phishing
Speaking of dubious scam messages, don’t open an email until you’re sure it’s from whom it claims to be. Coinbase in the sender field? Hover over it to see what the actual sender domain is. If you didn’t just interact with a site, be suspicious of any email from it. If you think it may be legit, ignore the email and go to the site on your own to check if there is indeed an issue. And for the love of Satoshi, do not open attachments. Do. Not. Once you open it, there are many ways to get scammed. Classic phishing will redirect you to a near-perfect copy of a site you normally use in order for you to voluntarily give up your sensitive information and get scammed. So don’t.
Think twice before opening emails and avoid opening attachments unless you’re really really sure the email can be trusted
4. Not your wallet not your money
This is one of the main tenets of DeFi, told over and over by experienced users to newcomers. It’s easy and convenient to just hold all your crypto on Huobi, Binancee, etc. and trade from there. And big exchanges probably spent a lot of money on security, so your funds are safe, right? Wrong. Centralized exchanges (CEXs) have been hacked far too many times and will continue to be. And even if not hacked, an exchange may lock you out of what you think is “your” account for any number of reasons, including political, legal compliance, or just a simple scam. In practice, they are just giving you access to one of their accounts with your money in it. If you want the money to be under your actual control, keep it in your own browser or even cold wallet. You can certainly keep a small amount for daily trading, but it’s worth the time and small cost of moving assets from/to a Ledger to actual own access to it.
Keeping a lot of assets on a CEX is asking to lose it; use a cold wallet instead
5. Don’t touch unexpected drops
Scammers have gotten smarter: instead of offering you free bogus drops, some are just dropping tokens or NFTs into your wallet without even asking, for free. But of course there is a catch. If you spend these tokens, you give their smart contract to interact with the assets in your wallet, which you just know the hackers will use to drain your wallet of all assets with actual value. So if you suddenly see some suspiciously unfamiliar coin or NFT — don’t touch it.
Don’t touch anything that just shows up in your wallet from someone you don’t know
Scammers will keep finding new ways to scam, but at least you can be aware enough to spot suspicious patterns. You will keep your crypto assets a lot safer once your first instinct is to think rather than click.