Defending Oneself in DeFi

If you aren’t ready to read through this article, or feel that you don’t have the time to — just walk away with just this one advice.

THERE WILL NEVER BE A SITUATION WHERE ANYONE WILL NEED YOUR WALLET SEED PHRASE/PRIVATE KEY.

SCAMMERS CAN ACCESS YOUR WALLET WITHOUT THE PASSWORD AS LONG AS THEY HAVE THE SEED PHRASE/PRIVATE KEY.

You have heard about them or seen people who have been victims of them. They are everywhere, not only in real life, but also online and in the DeFi space. The impacts are real and hurt many unsuspecting people, especially those who are new and are starting out in cryptocurrencies.

These are the unscrupulous scammers who stalk us investors in Telegram, Discord, Reddit, Facebook and all other social media platforms where people come together to share ideas, information and to ask for help.

I write this article in the hopes that the information within can help educate and inform people about what steps these scammers will employ, to use you as exit liquidity as well as having some tips to protect yourself better.

Before we learn about the current tactics of scammers, mitigate risk by looking at the tools that we are using online to engage with the rest of the community in the projects we love.

Telegram Recommendations

One of the most common tool used in DeFi is Telegram. It is also one of the most common ways to ask for help and thus, it is also the easiest avenue for scammers to hunt possible victims.

By default, Telegram allows anyone to invite you to other channels as well as call you, if you are using the mobile version.

My recommendation is to disallow anyone from doing the above 2 things. There is simply no good reason to allow anyone to.

This is a screenshot of the settings I use in Telegram. No one can see my number and no one can call me via Telegram. And only my trusted contacts can add me to groups.

On top of this, I have noticed some users put their phone number in their Telegram profile name. This is generally frowned upon and should be avoided. Of course, I understand some kinds of job roles may require it, like property agents or the like. But it is something you should be aware of.

Discord Recommendations

Discord is generally better than Telegram. There aren’t many scammers operating there however, spam and shills abound and may become very irritating.

For my Discord app, I essentially apply a very “hardened” approach. You can adjust the settings accordingly. But it is essential that you take a look to make sure that your settings are not overly relaxed.

General Recommendations

One very important tip to protect yourself is to be very wary of direct messages (DM) from anyone on any social media platform. There is absolutely no good reason to be receiving DMs unless asked for.

DO NOT, ever in any situation, give out your seed phrase or private key. This is the most common objective of all scams, to gain your seed phrase or private key, and subsequently drain all the funds from your wallet.

If you are using a PC to access DeFi, don’t save a few bucks by getting a cheaper or less well known Anti Virus software. If you can invest the amount you are doing right now, a subscription to a good Anti Virus like those from Symantec or Mcafee will give you adequate protection on days when you are not careful.

Be smart about it. There is almost no possibility that there will be a good deal or free lunch in the world of crypto. Someone who promises you quick riches has an agenda. The road to success is by slowly building up trust in a community and having that community trust you back.

Don’t backup your seed phrase or private key by sending yourself an email with it and hoping it gets stored in your email software safely. Seed phrases are very identifiable and an email administrator may chance upon it and steal everything from under your nose.

For me, I keep my seed phrase written down on a piece of paper, locked in a safe with instructions to my family members to contact my trusted buddy to help recover the funds should anything untoward happen. Some may say it’s not the best method as it involves a third party, but I do trust him with my life!

Last but not least, always check the URLs of the websites you are visiting. It is very common to have duplicated sites with similar URLs with the sole intention of, yes again, stealing your seed phrase/private key.

As of this article’s inception in the fall of 2021, here are some of the most commonly known tactics of scammers to ensure that you walk away with pennies left in your wallet. Do take note that they may employ a mixture of a few tactics or modify a certain tactic. The end result is almost always to gain hold of your private key or seed phrase. So BE AWARE and don’t be fooled!

The Tit-For-Tat Scam

This is a commonly seen scam method used during events, especially during an online stream, where scammers will put up a link to another website where you can send X amount of tokens and receive 2X in return.

The website will look moderately well done with a list of transactions in real time showing input and output amounts.

The transactions are fake and it is made to look legitimate because of the event that is ongoing online. Say goodbye to any amount of monies that you sent to the address specified.

The Romance Scam

The classic romance scam is when you receive a DM from a “hot chick” and she starts talking about herself and asking about you. “She” is highly interested in you as a person and may even share intimate stories or hopes that one day you guys can meet up in real life.

Assuming you keep the chat going for a while, at some point in time, the scammer will ask you to check out a partcular website to see something funny, which may end up having something malicious installed in your device. (See Anti Virus tip above) or there will eventually be a sob story that requires some financial assistance from yourself to help overcome.

My recommendation is to nip these in the bud as soon as they begin. These can happen in any social media platform. Think about it, if “she” is that hot, doubt that finding soulmates or playmates online is the desired result.

The Investment Scam

Similar to the romance scam tactic above, next up we have the investment scam tactic. Yes I know it’s a grey area here. Some people do scour the Internet to look for affiliates and the investment maybe a legit ponzi after all.

I have been given opportunities to invest in gold and diamond mining among other great deals in commodities like participating in ivory and jade trades. But I have declined them all because of my lack of knowledge in these particular subjects and an inherent distrust of these kind of DMs.

The Seed Phrase Scam

Recently there are more of these messages that seem to pop up in chats.

These seemingly innocent questions will include the seed phrase of a wallet which when imported, shows a small amount of funds inside. The only catch is that you need to send in some $BNB or $ETH in order to retrieve the funds as a gas fee is required.

Any attempt to send any token in that can be used to pay for the transaction will almost immediately be withdrawn from the wallet. Just ignore these or flag the sender of the message for a ban in your channel.

Technical Support Scam

We have all been there. Something didn’t work right or there is a question that needs to be clarified and you send a message in the chat to seek answers.

Almost immediately, a member of the support team reaches out to you to help with the query.

Doesn’t matter what you say here. The ultimate goal is for you to click on the link that you will definitely be seeing and to submit your seed phrase/private key in order to have issue resolved. The only resolution in this situation is that all your funds will be transferred out in a moment’s notice.

The Airdrop Token Scam

Some days you may wake up to free airdrops in your wallet and immediately thank the gods for a wonderful windfall!

Upon trying to liquidate them, however, you will constantly encounter errors and inadvertently try to seek help on how to cash out.

Next thing you know, someone will tell you to visit a website and pay some $BNB or other token/coin in order for your wallet to be whitelisted in order to be able to sell.

This, unfortunately, is also a scam. You still won’t be able to sell after following all the required steps and lately the process to be whitelisted have been changing so it’s hard to document it here.

The key takeaway is to just ignore any of these airdropped tokens that come unexpectedly.

I guess the best way to be protected is not to reveal seed phrases/private keys in any situation at all. There are new reports of Metamask users having their funds stolen by scanning a QR code in Discord. However, last I heard was that Metamask has plugged this.

For complete security and peace of mind, pair your wallet with a hardware wallet like Ledger so that any transaction will require Ledger to be connected. It is troublesome for users on the go but it provides a higher level of security.

You may also want to consider working with different wallets instead of depending on one for everything, on every chain. Or even limit the USD values of every wallet — for example none of each wallet holds more than $50K in assets.

Security is often valued only after a breach. But in the crypto space, security is the most important habit that everyone needs to nurture. Don’t wait for a breach. It may cost you, and set you back years of hard work.

Thank you for reading this in it’s entirety. Feel free to jump into the ApeSwap Telegram so say Hi or reward me by buying some $BANANA and staking them. ApeSwap is the #2 DEX on Binance Smart Chain and I hope it can share the throne with PancakeSwap.

JP (Derek)

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
jpmoregain

jpmoregain

113 Followers

CryptoWriter. Community moderator for ApeSwap & ApeRocket. Interested in DeFi platforms and always learning NFTs. Believe in Health > Wealth for me and you.