How to Shield Your Digital Gold
It's dangerous to go alone, so take this...A valuable piece of content that will help you understand the potential risks to your digital gold.
Crypto is among the most secure forms of asset today, virtually unbreakable when properly safeguarded. But the catch is, scammers are everywhere, aiming to trick you into leaving your ‘digital vault’ open for them. Don't be that person who loses their assets over a simple mistake. With the rise of clever scam tactics, staying informed and vigilant is more crucial than ever. Let's dive into some common scams to watch out for, ensuring your journey in Web3 can remain as safe and sound as possible.
Please note, this content assumes you are familiar with a digital wallet and the common terminology surrounding a digital wallet.
🌈 Social Impersonations
You’ve probably seen “THIS IS THE LAST POST IN THE THREAD” if you’ve spent any time recently scrolling through X. Unfortunately, social media platforms, such as X, are increasingly becoming hunting grounds for scammers using impersonation tactics. Fake accounts mimic reputable brands in the space, such as Trader Joe, and post comments pretending to be part of the original content. They trick users into thinking the content is genuine and often serve phishing links to those users, which, if clicked and connected to, results in a wallet being drained.
The devil is in the detail. Always check the detail. Every last letter.
(Look close enough, you’ll see the difference is always in the detail).
To safeguard against these threats, users should adopt a VERY cautious approach by always verifying the authenticity of the account.
Double-check for:
The account tag/account name is genuine
Verification badges (yellow or blue) that match the original poster
Whether the account details, such as followers and content, are identical.
Get friends to refer/validate promotions for authenticity
The majority of the time, these social impersonation accounts post content that includes a link to a promotion, such as ‘free claim’ or ‘airdrop’. This is almost NEVER legitimate, so the standard rule of “if it seems too good to be true, it probably is” is a great sense check before you click on any links.
👾 Fake Domains
A user heads to a search engine like Google or Bing and inputs “Trader Joe XYZ”. The first result they see is “Trader Joe XYZ . com”, which looks legitimate. Without hesitation, the user clicks, assuming it's the correct site. Unfortunately, they've just landed on a counterfeit website and, in the blink of an eye after connecting their wallet, it gets drained.
So, what exactly went down? This scenario unfolds one of the craftiest scams in the space, affecting countless individuals. Scammers register fake domains that closely mimic authentic URLs, cleverly disguising their bogus sites. They then leverage pay-per-click advertising to ensure these fraudulent pages appear at the top of search engine results. This scam is particularly deceiving, capable of duping even the most diligent among us.
Bookmark, bookmark, bookmark. Always bookmark trusted sites.
How to Stay Safe:
To avoid falling victim to such cunning schemes, users must exercise extreme caution and adopt several protective measures:
Verify Official Links: Always double-check the URL in your browser's address bar for any discrepancies. Look for slight alterations in spelling or unusual domain extensions.
Use Bookmarks: For frequently visited websites, use bookmarks to ensure you're always landing on the genuine page.
Seek Official Sources: Instead of relying on search engines, go directly to the official social media profiles or forums of the platform in question to obtain the correct URL.
Vigilance is your key to safeguarding your virtual assets, always triple check everything. Never rush or let fomo cloud your judgement.
💣 Fake Airdrops
Imagine if Santa unexpectedly turned evil this year. We happily let him into our homes, only to open a present and find a lump of coal... and then open our wallets to discover he’s stolen everything we have. This is what it's like to receive a fake airdrop.
Listen buddy, santa doesn’t just turn up and drop some goodies in your wallet.
It follows the same playbook as those old internet pop-up ads saying you’ve won a new iPhone... all you have to do is give us your credit card information to "confirm it."
What feels like an unmissable opportunity turns out to be just a scam. In the crypto world, a malicious actor directly sends a token to your wallet. When you discover this mysterious airdrop token, you might approve it to trade on a DEX, such as Trader Joe, so you can "cash out." In reality, this approval just compromises your wallet, and Dirty Santa walks away with your funds like a bandit.
So, how do you stay safe? It’s simple. Don’t do anything. As long as you don’t interact with the token, your wallet will be safe. Wallets like Rabby and platforms like Debank are becoming increasingly adept at highlighting scam transactions and tokens, helping you avoid getting duped.
Fake airdrops exploit FOMO (Fear Of Missing Out). If it seems too good to be true, it probably is. Conduct due diligence on a token if you think it might be legitimate. Ultimately, keeping your wallet safe is your responsibility.
🐝 Honeypots
This scenario mirrors the classic one-way trap that has been deceiving bugs for decades: a tempting sweet inside a bottle lures flies in, only for them to discover they can't escape.
Similarly, a honeypot scam ensnares your money using a newly launched token. Buyers, attracted by the initial offering, rush in and purchase, inadvertently driving the price up and attracting even more investors. However, the smart contract governing the token cunningly prevents anyone from selling, effectively trapping your funds while the perpetrators drain all the money away.
So, how do you avoid falling into such traps? A bit of due diligence goes a long way:
Research the token thoroughly before making a purchase.
Verify if the protocol has undergone any audits.
Checkout the community on social media platforms.
Verify if the token is on the Trader Joe tokenlist + has a logo
Don’t jump in head first, take a moment to verify.
Common Misconceptions 👇
Will prescreening save me?
Platforms like Dexscreener offer Go+ security checks, highlighting potential risks associated with tokens but unfortunately no pre-screening checks are 100% certain to save you from a honeypot, there are ways around pre-screening and you should therefore NEVER trust pre-screening as the only way to identify risks.
Can I swap small amounts to test?
Swapping small amounts as a test to verify if a token is a honeypot might provide a false sense of security. Scammers can set up the smart contract to allow small transactions to go through smoothly, misleading users into thinking that larger transactions will be just as seamless.
🪝 Phishing Attacks
Crypto can be a confusing and complicated place for newcomers and veterans alike. This inevitably leads people to ask for help. This is when the “fishermen” cast out their lines. These scammers will often present themselves as a trusted party and offer support. In reality, they are imposters baiting you into revealing sensitive information.
Trust nobody in first contact, regardless of how good the bait looks.
Just like a lure dupes a fish into taking a big ‘ol bite of a metal hook, phishing attacks trick you when you least expect it. It’s all about deception. Some of the common methods used are:
Fake Captcha Bots
Modified Brand URLs
Fake helpdesk support
Exploitive 3rd Party overlays
Fake Calendly or meeting invites
Fake Discord Servers requiring you to connect/sign
They might ask you to share details, get you to connect your social profiles to their site or send you to a malicious websites that can drain your wallets if you connect. Attacks can come from anywhere. Even trusted sites could be compromised.
Unfortunately it’s also happened to Trader Joe, in November 2023 a 3rd party plugin ended up being exploited through a snippet of Javascript. This resulted in the Trader Joe frontend being hi-jacked. This attack was swiftly shut down, but not without some impact. In short, it’s important to always be alert.
How to stay safe?
There are ways to stay safe in these treacherous waters, here are some tips:
Bookmark URLs to the sites you visit often
Do not trust captcha bots, always double check the source
Never click links sent directly to you in direct messages
Never accept any direct messages nor join servers when requested, always verify
Never trust anyone offering free things just asking you to join/book
Always check URLs you are connecting with
Stop using Google Search. Find sites through official channels + bookmark
If prompted to connect your wallet, double check and ask why you are signing x/y
⚠️ Be vigilant and stay safe.
Crypto is still in its “wild west” phase right now. This can make it quite fun but also quite dangerous. From scam artists to hackers, there are a lot of things to watch out for while we explore the frontier of DeFi. The best way to stay safe is to stay knowledgeable. So let’s make sure we educate our frens. If we all work together to spot and stop these scams, we can help make the blockchain a safer place for us all.
About Trader Joe
Trader Joe is a leading multi-chain decentralized exchange and the inventor of Liquidity Book, the most capital efficient AMM in DeFi. Trade your favorite tokens, access one-click yield farming and shop for the latest digital collectibles at the Joepegs NFT Marketplace. DeFi has never been easier thanks to Trader Joe.