Learn best practices for self-custody of crypto assets to avoid scams. Stay vigilant and secure with essential tips and tools.
“The importance of controlling your own cryptographic keys cannot be overstated” – FTX truly drove this point home.
Alameda Research unlawfully accessed $8 billion in assets held on FTX. It served as a harsh reminder of the significance of managing your own tokens securely.
Now, the question arises – are your tokens truly more secure in your personal wallet compared to on an exchange?
On the flip side, the responsibility for your keys and your crypto lies squarely with you. A single misstep, such as signing an incorrect smart contract, could result in immediate loss without any recourse for recovery.
Despite considering ourselves too knowledgeable to fall victim to scams, the statistics tell a different story.
The cryptocurrency scam industry has consistently exceeded $1 billion in value each year since 2021, according to a report from the Federal Trade Commission.
Chainalysis reports a 49% increase in transfers to impersonation scammers in 2023.
Despite past losses, the community is falling prey to scams more frequently than ever.
Even the most astute traders have fallen victim to wallet drains and other scams – indicating that anyone could be targeted.
If you decide to manage your own tokens, a practice I advocate, it's crucial to understand the types of scams prevalent today and employ best practices to avoid them.
Stay Vigilant
It's important to realize that crypto scammers are highly skilled professionals. Their tactics are sophisticated, constantly evolving, and executed on a large scale.
Consider the Magic Eden NFT exploit earlier this year. Exploiting a bug in one of the platform's newly launched tools, hackers listed over a dozen fake NFTs from supposedly valuable collections.
These fake assets appeared legitimate on a platform trusted by users to host verified tokens. The scammers acted swiftly and without trace, making off with $15,000 worth of SOL before being shut down.
More recently, there was a hack on Vitalik Buterin's personal X account. Scammers posted a false offer for a free NFT, exposing victims to a wallet draining scheme.
Several prominent collectors fell for the scam, resulting in an estimated $691,000 worth of ETH being stolen.
Both of these attacks deceived experienced traders because they exploited trusted sources.
While Magic Eden's users received refunds from the platform, such reimbursements are not guaranteed.
However, victims of the Vitalik Buterin impersonation scam had no recourse.
Adopt a Zero-Trust Approach
The lesson is clear – when managing your tokens, scrutinize every transaction, even if you trust the source implicitly.
Websites you've previously visited could be under attack. A friend offering a hot tip could have been compromised.
To safeguard your self-managed assets, you must approach each transaction with the mindset that it could be a scam, proceeding only when you're confident it's legitimate.
Remember, it's not paranoia if there are threats – and there are thousands of professional blockchain hackers.
There are several low-tech best practices to help you avoid most scams, including phishing attacks, bait and scam sites, and impersonation attacks.
- Read the URL aloud. Hackers often use subtly misspelled URLs to mimic trusted sites. A gibberish URL might immediately raise suspicions for experienced traders, but they might overlook something like 'dai1yhodl.com.' Reading the URL aloud forces you to slow down and catch discrepancies.
- Avoid falling for the promise of a free lunch. The days of traders striking it rich with a free mint are long gone. Nowadays, a giveaway or free mint is more likely to lead to a compromised wallet than an opportunity.
- Engage with the community. Legitimate sources will have active engagement on their social profiles, including comments and replies, not just a high number of followers, which could be artificially inflated.
- Take your time. If you feel pressured to make a transaction hastily, consider why that might be.
- Do your research. Even if everything seems legitimate, it's wise to search for the site's name plus 'scam' before engaging. The crypto community often exposes scams rapidly.
Utilize Security Tools
These practices will help you avoid most common large-scale scams.
However, additional measures are necessary to protect against new front-end attacks or targeted spear-phishing attempts.
Various technological tools exist to verify transaction validity, even with individual entities.
For example, you can use an address scanner to check the ETH address before completing a transaction.
Such a scanner reviews the address history for signs of suspicious activity and alerts you if there are any concerns.
This diligence can safeguard your wallet from targeted attacks like romance scams, if not your emotions.
Additionally, you can set up automated services to monitor your wallet and evaluate transactions.
For instance, a frontrunner can intervene in a malicious transaction, redirecting your assets to a non-custodial wallet where they're inaccessible, even if the transaction is already in progress.
This approach protects against front-end attacks, where a legitimate site has been compromised and directs users to the wrong ETH address for transactions.
It can also prevent sophisticated attacks, such as smart contracts establishing backdoors to wallets, enabling hackers to access assets later without further action from the owner.
A frontrunner can even halt accidental transfers if it detects assets being sent to an unauthorized ETH address.
Self-managing your tokens shouldn't mean sacrificing all security.
An array of increasingly sophisticated security tools is available to individual users, facilitating evasion of and recovery from malicious trades.
Retain control of your keys, safeguard your crypto, and bolster your defenses – this is how we construct secure, decentralized trading ecosystems.
Brittany Mier y Terán serves as head of business development at Harpie, the pioneer of the first on-chain firewall preventing hacks, scams, and theft. Specializing in enterprise-grade blockchain security solutions, she is committed to public goods projects that facilitate the transition to Web 3.0 for the next generation. Recognized as one of the '40 Under 40' and honored with the 'Woman to Watch' title at CES 2022, Brittany is a leading figure in blockchain security innovation.