Heard people talking about Web3 risks and scams but don’t really know how to protect yourself? In this blog we simply explain what to look out for.
A Simple Explanation Of Web3 Risks And Scams
While the blockchain is characterized by mechanisms that by design make it more secure than its predecessors, it doesn’t provide an impenetrable fence against human error, greed and gullibility. Most Web3 scams are successful for the same reasons they are on the traditional web. If something looks too good to be true, it usually is.
Web3 Risks
Some features that make blockchain technology so powerful and revolutionary can also be leveraged by unscrupulous types looking to make a quick dollar.
These risks include:
Anonymity – while the anonymity of Web3 protects its users from centralized authorities and government control, it can also leave those same users vulnerable to scammers who hide under the cover of darkness.
Open wallets – most wallets are completely open and hence are vulnerable to receiving anything including unwanted packages like malicious airdrops.
Gas fees – fees are determined by demand on the Ethereum blockchain and can vary dramatically, meaning they may be way more expensive than the value of the transaction.
Smart contracts – much of Web3 including smart contracts remain unrecognized in the real world, leaving irregularities on the blockchain open to legal challenges.
Open source coding – making the code of smart contracts publicly available increases the chances of them being compromised.
Security vs convenience – if you don’t memorize your public and private keys and keep your seed phrase in a safe or locked box, you end up trading the security features of Web3 for the convenience of Web2.
Web3 Scams
A report by the U.S. Federal Trade Commission found that more than 46,000 users had lost more than $1 billion in cryptocurrencies in the 12 months to June 2022. Nearly half of the scams were instigated by an ad, post or message on a social media platform. Phishing, the act of sending fraudulent emails imitating a legitimate company, is one of the most common sources of Web3 scams. And it can come in several different guises:
Fake emails, websites and social media accounts – Fake emails and URLs have been commonplace for years and are just as prolific in Web3. Learn how to recognize fakes promising get rich quick schemes and delete them instead of clicking on them.
Seed phrase phishing – your seed phrase is your master key. Anyone tricked into giving that away invariably loses all of their assets.
Ice phishing – scammers send an email attempt to fool the user into signing a smart contract that gives them access to their tokens.
Whaling or spear phishing – these target specific individuals within an organization, using elaborate social engineering methods in an attempt to defraud it.
URL phishing – malicious sites that are clones of legitimate sites and trick users into giving up their passwords, credit card details and cryptocurrencies.
Malicious Airdrop Scams
This is also a type of phishing and rampant on social media and takes advantage of the open nature of wallets. Victims are often advised that some cryptocurrency has been added to their wallets and directed to an exchange or unofficial domain where it can be sold. But when users connect their wallets, they discover their funds have been emptied. OTHER SCAMS ON WEB3
Malware – any malicious software that is installed by clicking on links in emails, texts or other messages.
Compromised websites – legitimate websites which have fallen to hackers that install malware on the computers of unsuspecting users.
Fake browser extensions – these attempt to trick users into supplying their credentials or private keys into an extension that gives hackers access.
Celebrity “giveaways” – scammers gain access to a celebrity’s social media account and promise a 100% return on any Bitcoin sent to a random address. Anyone fooled into sending crypto loses it.
Pump and dumps – Influencers buy into a cryptocurrency low, raise its price by promoting its virtues to their fan base, before dumping it for a handsome profit, causing the price to crash.
Rug pulls – similar to a pump and dump but orchestrated by the token’s creator. Properly researching new projects is the best way to guard against being duped in this way.
Price changing – where an NFT is listed at an extremely low price with the seller hiking that price while the user is in the process of buying it and unknowingly paying the premium.
How To Protect Yourself On Web3
Using basic commonsense and employing the same caution that has kept you safe on the traditional web will help keep you safe on Web3.
These are the main things to consider:
- Do not click on or reply to unsolicited emails or other messages
- Research projects before investing in them
- Avoid offers that look “too good to be true”
- Don’t connect your wallet to untrusted platforms
- Avoid using public or shared WiFi networks
- Use a reputable cryptocurrency wallet
- Never share your seed phrase with anyone
- Use hardware wallets that offer “cold storage” rather than hot wallets
Want To Know More About Web3?
We’ve made it super easy to get up to speed! Just sign up for our Web3 Made Easy Webinars, and get ready for the new world or Web3.