Introduction

Web3 is a rapidly evolving and innovative space, but it also attracts scammers and fraudsters who seek to exploit the unaware. In our mission to build a safe web3 ecosystem, we believe it is our responsibility to help the web3 community stay safe from scams.

In this guide, we will provide you with the knowledge and tools you need to defend yourself against Web3 scams. The Diverse Web3 Scam Ecosystem Web3 scams come in various forms, each more cunning than the last. Here is a brief overview of the types you may encounter:

Phishing scams: These deceptive schemes involve fraudulent websites, emails, or social media accounts that impersonate legitimate platforms. They aim to trick you into revealing your private keys or login credentials.

Example: In August 2023, a phishing scam targeting Uniswap users was uncovered. The scammers created a fake Uniswap website that looked identical to the real one. Users who visited the fake website and entered their login credentials had their accounts compromised and their funds stolen.

Ponzi and pyramid schemes: These scams promise quick riches, but they are actually unsustainable and eventually collapse. Scammers lure victims with high returns but sustain payouts using funds from new investors.

Example: In 2021, the BitConnect Ponzi scheme collapsed, leaving investors with billions of dollars in losses. The scammers had promised investors high returns on their cryptocurrency investments, but they were actually using the funds to pay out old investors and fund their own lavish lifestyles.

Fake NFT projects: The NFT craze attracts opportunistic scammers who create fictitious NFT projects, promote them vigorously, and vanish after collecting funds.

Example: In January 2023, the Frosties NFT project was rug-pulled. The scammers created a fake NFT project called Frosties and promoted it heavily on social media. After collecting millions of dollars in ETH from investors, the scammers abandoned the project and disappeared.

Rug pulls: In the DeFi realm, rug pull creators abandon a project after accumulating a significant amount of cryptocurrency, leaving investors in the lurch.

Example: In March 2023, the Tomb Finance DeFi project was rug-pulled. The scammers had created a Tomb Finance token and promoted it as a high-yield investment opportunity. After accumulating over $600 million in TVL, the scammers abandoned the project and sold their tokens, leaving investors with worthless assets.

Social media giveaway scams: Impersonators pose as influential figures or projects on platforms like Twitter and Discord, promising giveaways in exchange for sending cryptocurrency.

Example: In February 2023, a social media giveaway scam impersonating the Bored Ape Yacht Club (BAYC) was uncovered. The scammers created a fake BAYC Twitter account and promised to give away 100 BAYC NFTs to users who sent them 1 ETH. Over 1,000 users fell for the scam and lost their ETH.

Malicious smart contracts: Some scammers deploy malicious smart contracts that siphon off your funds when you interact with them.

Example: In April 2023, a malicious smart contract was deployed on the Ethereum blockchain. The smart contract was disguised as a legitimate DeFi project, but it was actually designed to steal users' funds. Over $10 million was stolen from users who interacted with the smart contract.

Token sale frauds: Fake token sales or ICOs (Initial Coin Offerings) offer the allure of exclusive deals and high profits but deliver nothing but disappointment.

Example: In 2017, the OneCoin ICO raised over $4 billion from investors. However, the OneCoin project was a scam, and investors eventually lost all of their money.

Impersonation scams: Scammers mimic well-known figures in the crypto space, reaching out to unsuspecting individuals to solicit donations or investments.

Example: In May 2023, an impersonation scam targeting Vitalik Buterin, the co-founder of Ethereum, was uncovered. The scammers created a fake Vitalik Buterin Twitter account and reached out to users, promising to send them ETH if they sent him ETH first. Over 100 users fell for the scam and lost their ETH.

NFT theft: High-value NFTs can be stolen, leaving rightful owners heartbroken and scammers attempting to resell the stolen digital assets.

Example: In June 2023, over $2 million worth of NFTs were stolen from the OpenSea NFT marketplace. The scammers used a phishing attack to steal the login credentials of OpenSea users and then steal their NFTs.

Job Scams: Web3 job scams are fraudulent job postings that aim to steal personal information, cryptocurrency, or money from job seekers. Scammers often target people who are new to the Web3 space or who are eager to find jobs in this rapidly growing field.

Example: A job seeker sees a job posting for a "Web3 Developer" position on a popular job board. The job posting offers a high salary and flexible hours, and it does not require any prior experience. The job seeker applies for the job and is contacted by the "hiring manager" via email. The hiring manager asks the job seeker to provide their personal information and to send them a small amount of cryptocurrency to cover the cost of training materials. The job seeker sends the scammer their information and cryptocurrency, but they never receive any training materials or a job offer. There a different types of job scams, we cover the most subtle one in another article here:

How to Stay Safe in Web3

Now that you know the adversaries that lurk in the Web3 shadows, let's discuss how to fend them off:

Stay skeptical: The golden rule is to maintain a healthy dose of skepticism. If an opportunity seems too good to be true, it probably is.

Identity Verification: Verify the identity of individuals or projects through multiple trustworthy sources before sending funds or personal information.

Official Websites: Always use official websites, bookmarked links, or reputable sources to access Web3 platforms. Be vigilant against phishing sites.

Private Key Protection: Guard your private keys and seed phrases with the utmost care. Never share them with anyone, under any circumstances.

Research Thoroughly: Before investing, conduct thorough research on projects. Scrutinize team members, read audit reports, and gauge community feedback.

Impersonation Checks: Confirm the legitimacy of social media accounts and official communication channels. Look out for subtle discrepancies in the spellings of usernames or handles.

Ignore Unsolicited Messages: Disregard unsolicited messages, particularly those requesting money, or personal information, or asking you to click a link. Legitimate entities do not operate this way.

Secure Wallets: Choose reputable wallets and secure them with robust passwords and two-factor authentication.

Smart Contract Verification: When engaging with smart contracts, inspect the code and ensure it has undergone a reputable audit.

Stay Informed: Keep yourself updated about the latest Web3 scams and tactics. An informed user is a resilient one. In the Web3 realm, trust is precious, and vigilance is your shield.

The key to safeguarding your digital fortress lies in remaining cautious, thorough, and continuously educated. Arm yourself with knowledge join the right communities, and may your Web3 journey be both prosperous and secure.

Our mission is to build a safe ecosystem where web3 creators, collectors, and investors can flourish. You can help us get our message out there by sharing this article.