HodlX Guest Post Submit Your Post
“Not your keys, not your crypto”FTX really brought that one home.
Alameda Research misappropriated $8 billion of assets stored on FTX. It was a bitter object lesson in the value of custodying your own tokens.
The question isre your tokens actually safer in your wallet than on an exchange?
Here’s the other side of the coinyour keys and your crypto are your problem. If you sign the wrong smart contract, you could lose everything instantly with no easy path to recovery.
And while most of us regard ourselves as too sophisticated to fall for a scam, the numbers don’t lie.
The crypto scam economy has topped $1 billion in value every year since 2021, says a Federal Trade Commission report.
According to Chainalysis, the number of transfers to impersonation scammers is up by 49% so far in 2023.
Despite the hard lessons of past losses, as a community, we’re falling for more scams than ever.
Wallet drains and other scams have happened to some of the savviest traders on the planetso yes, it could happen to you.
If you’re going to custody your own tokens, which I endorse, you need to be aware of what kind of scams are out there and best practices for avoiding them.
Head on a swivel
Make no mistakecrypto scammers are a professional class. Their attacks are sophisticated and ever-evolving, and they operate at scale.
Take the Magic Eden NFT exploit from earlier this year. Hackers were able to exploit a bug within one of the platform’s newly launched tools to list over a dozen fake NFTs from purportedly high-value collections.
These looked like legitimate assets on a platform users trusted to carry verified tokens. The scammers acted quickly and untraceably, making off with $15,000 worth of SOL before getting shut down.
More recently, Vitalik Buterin’s personal X account was hacked. The scammers posted a false offer for a free NFT that exposed victims to a wallet drain account.
Several high-profile collectors were fooled, and the scam netted an estimated $691,000 worth of ETH stolen assets.
Both these attacks hoodwinked experienced traders because both of them suborned trusted sources.
Magic Eden’s users received a refund from the platform, however. Such refunds are by no means guaranteed, but they are at least possible.
Those taken in by the Vitalik Buterin impersonation scam had no recourse.
The lesson is clearwhen you custody your tokens, you must scrutinize every transaction even when you trust the source implicitly.
Websites you’ve visited before could be under a front-end attack. A friend with a hot tip could have been hacked.
To protect your self-custodied assets, you have to start from the assumption that each transaction is a scam, and proceed only when you’re completely satisfied it’s legitimate.
It’s not paranoia if they’re out to get youand thousands of professional blockchain hackers are.
There are a few low-tech best practices that can help you avoid most scams, including phishing attacks, bait and scam sites and impersonation attacks.
- Read the link aloud. This is web security 101 ackers often use barely misspelled URLs to spoof trusted sites. A gibberish URL will strike most experienced traders as instantly suspicious, but they might not blink at ‘dai1yhodl.com.’ Reading the link aloud forces your brain to slow down and stop mentally correcting transposed characters or notice if there’s a ‘1’ instead of an ‘l.’
- Avoid free lunch. The days when traders could strike it rich with a free mint are long gone. These days, a giveaway, free mint or similar is far more likely to be a backdoor to your wallet than a window of opportunity.
- Get social. The crypto community is nothing if not extremely online. Any legitimate source will have rich engagement on their social profiles not just posts and followers, which could be window dressing and bots but also comments and replies.
- Don’t rush. If you’re being pushed to make a transaction decision before you have time to thoroughly vet it, think about why that might be.
- Google it. Even if everything looks above board, it’s a good safety practice to search for ‘site name’ plus ‘scam’ before signing a smart contract. The grassroots crypto community calls out scams quickly news of both the Magic Eden and Vitalik Buterin attacks broke on X within hours.
Tools of the trade
These behaviors will help you avoid the most common large-scale scams.
However, you’ll need to take additional steps to protect yourself from fresh front-end attacks or spear-fishing attacks.
There are technology tools you can use to verify the validity of transactionseven with individuals.
For example, you can run the ETH address through an address scanner before completing the transaction.
A scanner will check the address history for signs of suspicious activity and alert you if there’s cause for concern.
This due diligence can protect your wallet from targeted attacks like romance scams, if not your heart.
You can also set up more automated services to monitor your wallet and assess transactions.
For instance, a frontrunner can interrupt a malicious transaction even if it’s already in progress, moving your assets to a non-custodial wallet where they cannot be retrieved.
This approach protects users from front-end attacks, where a legitimate site has been taken over and is redirecting users to the wrong ETH address for transactions.
It can also stop sophisticated attacks like smart contracts that establish a backdoor to a wallet, allowing hackers to remove assets later without any further action or knowledge on the owner’s part.
A frontrunner can even prevent accidental transfer if it detects you are sending assets to an ETH address that isn’t on your approved list.
Custodying your tokens shouldn’t mean providing all of your security.
There is an increasingly sophisticated set of security tools available to individual users, making it easier to avoid and escape malicious trades.
Keep your keys, keep your crypto and fortify your position his is how we build safe, decentralized trading networks.
Brittany Mier y Terán is head of business development for Harpie, the company that created the first on-chain firewall preventing hacks, scams and theft. She specializes in enterprise-grade blockchain security solutions and is passionate about public goods projects that focus on onboarding the next generation to Web 3.0. Brittany was recently listed as one of the ’40 Under 40′ and honored with the title ‘Woman to Watch’ at CES 2022.
Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any loses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.
Featured Image: Shutterstock/GrandeDuc/Andy Chipus