5 Most Common Scams in Web3 (And How You Can Avoid Them)
Learn How To Protect Yourself From Rug Pulls and Hacks While Navigating the Web3 Frontier
GM web3 explorers!
That's what crypto-natives are calling last month's scamfest. 💀
According to Peckshield, October saw exploits reach $760.2 million. Thankfully, the true number is much lower due to quick reactions from BNB chain validators which only allowed the hacker to get away with $110 million rather than the full $560 million.
But it's a firm reminder that scams and hacks still abound in our beloved web3 sandbox.
That's why, in today's Deep Dive, a community member, Marcu Czentye, shares his thoughts on common scams in web3 and how to avoid them. 💪
Let's dive in 🥽
Tired of Elon's memes? Then check out Lenster, the evolution of social networking 👀
The Most Common Scams and How to Stay Safe in Web3
If Carl the Moon pops into your inbox and you think “damn, I’m finally part of the Bitcoin Whale Inner Circle”, just relax, take a deep breath, and…
There’s no such thing as free money on the internet—no matter how innovative web3 is.
It's exciting to feel like you've gotten some insider information. Maybe this is your chance to get rich?
But it's important to remember: Scams are everywhere in web3.
Some attempts are obvious with their misspelled words and jumbled links. However, some scams are sophisticated and difficult to detect.
Regardless, if you receive a DM out of nowhere promising you crypto riches: Don’t reply, don’t interact with them, and don’t forget to report and block them.
Hopefully, their pervasion into web3 will eventually die out or at least significantly diminish.
But until then, here are 5 common web3 scams to watch out for:
1. Fake Verified Accounts
Unfortunately, money makes the world go around and many scammers use this to their advantage.
Some of them find popular YouTube channels or social media accounts and then offer the owner a generous chunk of money for it. They then rename the account and use it for their own purposes (i.e., scams) whilst still having the official tick next to their account name.
Other times scammers will hack verified accounts or find other ways to get the coveted blue tick.
So if ever you get a message from the official Michael Saylor account telling you that for each 0.1 BTC you send to him, you’re going to receive triple the amount back, it’s safe to say it's not Michael himself.
If Bitcoin is so valuable and scarce, why would anyone freely share their satoshis?
If it sounds too good to be true, it probably is.
2. Rug Pulls
While Squid Game was an excellent Netflix series, the crypto world saw its own version play out and it wasn't pretty.
Some anon devs decided to create a Squid Game game where users could play it to earn Squid tokens.
There were a few profitable players here and there but the majority of Squid Game investors got nothing out of the token boom even though it exploded from $0.01 to $90 (yes, that's a 9000x increase).
But don’t ever fall for insane numbers like these. This usually happens on small-cap tokens and tends to be the result of market manipulation rather than real trading.
What happened when it reached $90 per token? The devs halted trading and rugged the project.
Gone. Just like that.
It's certainly not a good feeling when you see your token falling from $90 to $0 while finding out that the ruggers made $3 million in profits. But it emphasizes the need for doing your own research rather than FOMOing into a random project.
On a personal note, here's my own rug pull story:
In November 2021, when BTC was seeing ATHs and random altcoins were pumping harder than ever, my brother told me about CryptoCars.
The project promised a lot. They had CryptoCars, CryptoPlanes, and some merging features between their games.
And when I heard that a friend was earning thousands of dollars each month from the two games, I had to try them myself.
I was minting their tokens by running some daily races. The game wasn't fun at all, but I was easily making over $10 dollars a day without much work. A big red flag in hindsight.
One month in, before being able to withdraw what I was hoping was 1 ETH, I found out on their Discord channel that the owners ran away with everything.
Prices began to inflate massively inside the game and one month later the website was taken down. *insert stupid joke sound effect*
TL;DR: I wasted a few hundred dollars acquiring CCAR tokens for as high as 10 cents while today’s price sits at around $0.00005143.
Which Crypto Scams Are the Most Difficult to Avoid?
A. Fake verified accounts
B. Rug pulls
C. Ponzi schemes
D. Phishing scams
👉 Let us know by replying below.
3. Ponzi schemes
If you were around crypto back in 2017, you'll likely know all about BitConnect.
But if you don't, over $3.45 billion was stolen out of investors’ wallets. It was probably the biggest and, sadly, most successful Ponzi scheme in crypto history.
The self-proclaimed open-source cryptocurrency guaranteed investors 40% returns, but it turned out to be nothing more than a digital Ponzi scheme.
The U.S. Securities and Exchange Commission (SEC) said, “BitConnect operated a textbook Ponzi scheme by paying earlier BitConnect investors with money from later investors.”
At the beginning of 2018, admins closed the rewards platform and the BCC coin value dropped from $525 to as low as $0.68.
So if a project, like BitConnect, offers a guaranteed 40% yearly return, take a second to think about where that yield is coming from. In saying that, it's definitely possible to achieve these returns with a sound investment plan.
But it's impossible to guarantee such significant returns without it becoming suspicious.
4. Phishing Scams: Beeple Hack case
Mike “Beeple” Winkelmann saw his Twitter account compromised.
Yep, the “official” one.
As a result, a few of “his” posts were now pointing to a Discord server already compromised by a hacker.
The new links led users to a malicious copycat server that enabled the hacker to steal user assets if they opened their wallets or tried to perform verification.
“It appears our Discord URLs were hacked and now point to a fraudulent Discord. DO NOT go into that Discord and do not verify, it will drain your wallet!!” he desperately tweeted, trying to reduce the ongoing damage.
All up, over $450k worth of funds were stolen through this hack.
It doesn't matter how big or small a project is, official accounts become compromised all the time. BAYC had three security breaches in the first half of 2022. Heck, even projects that have just minted become targets regardless of how successful they are.
Sometimes hackers will even gain access to a whole Discord channel and use this chance to swap out official links for scams.
That's why it's important to always stay vigilant by checking any and all links you plan to click—even if they're from an official account or a Discord server you frequent.
5. Fake Websites
Cloned websites aren't unique to web3, but they've been a big issue because of the amount of capital flowing into the space.
Sophisticated scammers are able to copy websites with 99.9% accuracy so they're almost impossible to tell apart. But there's one part they can't copy, the original site's URL.
For that reason, you should know (or write down) the exact URLs of the exchanges, wallets, and protocols that you use.
For example, if you use MetaMask, be sure that the website's URL is metamask(.)io. Not metamask(.)net, metamask(.)com, or any other similar name.
Always, always, always look at the URL bar. Double-check the website name before logging in and keep an eye on the lock sign to the left of the URL.
If something doesn't seem right, you might have just landed on an unofficial website that would very much like to drain your wallets.
Meme of the Week
5 Tips To Help You Stay Safe in Web3
Look, I'm no online security guru. But from my experience, these tips have helped me stay safe while exploring web3 and crypto.
Up to now, I haven’t been scammed, besides through my own foolishness—not following rule #1: If it sounds too good to be true, it probably is.
In the wild west of crypto, it's difficult to stay 100% safe, but these tips will get you most of the way there:
Be careful with your personal data: Never, ever, ever share your private keys—not even with your mom! Aim to share as little sensitive information as possible when interacting in web3, especially if you're dealing with anon accounts and projects.
Use a VPN: It's best to use a VPN every time you log onto an exchange or open a wallet. The VPN will hide your location and identity, so it's more difficult for hackers to target you.
2FA is your friend: Set up two-factor authentication on sites that you frequent. That way you'll receive a text or e-mail (depending on your preferences) with a code to input when you log in. It may take an extra minute to log in but it can save you thousands of dollars. If you’d like to be extra safe, consider a tool such as Yubikey.
Mobile data > Wi-Fi: If you’re accessing crypto applications via mobile, skip the Wi-Fi and use mobile data since it's more secure. And never access protocols or wallets on public Wi-Fi, that's asking for trouble!
Always be skeptical: Be wary of Telegram, Discord, and Reddit interactions, and don’t ever trust that random cool guy or gal who has a hot investment tip. They may have good intentions, but unless you have some fail-safes in place, it's better to avoid clicking any links they share or apeing into projects they recommend without doing your own research.
Test your transfers beforehand: Doing a small test transfer before transferring large amounts ensures your crypto goes where it needs to. The process may take a few minutes but it gives you the peace of mind that your funds are safe.
Use dummy wallets: If you're unsure of a dApp's security, create a dummy wallet that you use for potentially risky transactions. And once the transaction is complete, you can send your crypto to your real wallet which never interacts with the dApp.
Avoid holding crypto in hot wallets and on exchanges: Where possible, keep your funds in cold storage. And when you can't, ensure you diversify your funds across different exchanges and hot wallets.
How to avoid rug pulls: Read the whitepaper thoroughly and check the roadmap to decide if it’s feasible. Verify community engagement by joining their Discord. Assess the team's background and be extremely careful if they're anonymous. And finally, ask yourself it the project really needs a blockchain to function. If it doesn't, it's probably NGMI.
🤝 Together with Unlock Protocol: Create Memberships and Subscription NFTs in Minutes! ⚡
Remember Rule #1: If It Sounds Too Good To Be True, It Probably Is
Yes, we all want to strike it rich without doing hard work or waiting forever. But that's why scams are so prevalent in web3.
I can’t stress this enough. Small, consistent steps is what will actually get you to your goals. Don’t take the easy road because nothing good ever comes easy.
That's why at Web3 Academy, we're all about building sustainable businesses in this space rather than speculating on the next big project. Providing value to a community is the fastest way to success.
But you can't be involved in web3 without doing a little exploring, right?
So before you sign into the next hot protocol, make sure you keep this web3 safety guide in mind.
Happy exploring, frens ✌️
ABOUT THE AUTHOR
Marcu is a sports journalist with a keen interest in web3, crypto, and building a decentralized world.
Find him: LinkedIn
🟣 FOR THE DOERS
Take our FREE Web3 Rabbit Hole Course to get up-to-speed on the foundational components of Web3 so you can confidently build, work, or use the fastest growing technology in history.
Head over to the Web3 Explorers Club to get ready for November's community-cultivated mastermind!
Get the low down on NFT Business Models from part 1 of Kyle's series: Are NFTs a Sustainable Business Model for Creators Tokenizing Communities?