HOW TO STAY SAFE IN THE NFT SPACE
A few weeks ago I had Simona as a guest. Simona is a cybersecurity expert and NFT artist who has helped many people in the community who have unfortunately been scammed. We covered the most important and serious topic in this space: security.
The replay of the live stream is in this tweet:
But you can also listen to the podcast itself directly from Spotify or Apple Podcasts (and if you subscribe there all the new episodes will be downloaded as soon as they get published).
I have made notes of the main takeaways below:
FOOD FOR THOUGHT
The criminals are using the same techniques they were using 10-15 years ago.
If you are an NFT artist it’s not only the Ethereum or the NFT that you lose. The problem is that you also lose your identity/profiles on the NFT platforms.
WHERE’S THE PROBLEM?
Looks like the technology is already quite strong and the issues rarely come from that side. The weakest part is the human psychology. 70-90% of any attack comes from social engineering.
How does social engineering work? By common psychological triggers.
SCAM EXAMPLE #1 (USING 3 TRIGGERS AT THE SAME TIME)
I am sure we have all received the nice message where scammer complements our work, says they wanna buy it at a high price and asks to help them figure out how to do that. In this case they are using not 1 but 3 different triggers increasing the possibility that at least one of those will work.
Trigger 1 – our need for attention and recognition (“I really love your art” )
Trigger 2 – financial gain or greed – (“I want to buy your art”)
Trigger 3 – feeling good about helping people (“Can you help me buy it?”)
FOMO
Not a scam per se but another trigger that may get us in trouble is FOMO. The fear of missing out makes people rush into minting/buying and the time pressure makes them forget to pause, step back and check things before clicking/approving.
HOW TO AVOID MOST COMMON MISTAKES THAT PUT YOU AT RISK
don’t store your valuable items in hot wallet (Metamask)
don’t downloading pirate software (they have backdoors as potential attack vectors)
don’t save passwords and seed phrases in digital format (NEVER do that)
check for viruses before downloading stuff from internet
don’t click unknown links
don’t fall for fake copies of legit collections
don’t go for unverified free mints
don’t use the same password everywhere
use 2FA for all accounts (for that better use Google Authentificator)
don’t save the 2FA backup codes online/in digital format
if not sure about the person ask them to get on a video call
make sure your hard wallet stays offline with no smart contract interaction
check spender approvals of your wallets on Etherscan. If it’s a spender you don’t recogniseand immediately revoke those permissions directly from Etherscan
Don’t trust fake “expert” advise. Do your Due Diligence and check their track record/knowledability
SCAM EXAMPLE #3
Free mints!
So how do they work these days?
You are mentioned on Twitter and there is a link to claim a free mint. You follow the link, connect your wallet and sign a message on your wallet. By signing you approve to take your NFTs out from your wallet.
How to prevent being scammed by this method?
even before going to free mint sites check the following: who is tagging you and if you know that person, how many followers do you have in common, does the account tweet or it’s just full of retweets
check what are you signing. If you see the phrase “approval for all” – run
make sure that name of website on top + contract/wallet that you are interacting with matches the collection that you actually want to mint (if you see a different contract from what you are minting it’s a problem). You can check by copying the contract number and putting it in Opensea.
always check the real collection account to see if they have announced any free mint
Above was just the summary. Simona mentions way more issues and examples so make sure you go through the full episode.
Check out Simona’s book here.
HACKERNOON NOMINATION
Today I had a nice surprise. Out of nowhere I received an email from Hackernoon letting me know that I have been nominated for their Hackernoon Contributor of the Year - NFT award. So if you'd like to vote for me below is the link.
THE PAYBACK
I did another collab with Pinxx called The Payback. Here is the backstory to it:
I took part in a writer's workshop a few years ago - we had many “homeworks” where we had to illustrate and share different emotions in our stories.
The Payback was one of those. We were assigned to write up extreme anger and rage in a flash fiction format, ideally something that has never happened to us before - and this is what I came up with.
The Payback is an NFT collaboration between talented artist Pinxx who created the video and music for it and myself (who wrote the story and did the VO).
If you'd like to check it out - it's still available on Known Origin.
And the last news
I am speaking in 2 events here in London.
Zebu Live - September 22-23
NFT.London - November 3-4
So if you're gonna be around feel free to come and say hi.
Well, I guess that's it for now.
I will make sure you get my thoughts in here more often from now on.
Have a great Tuesday Rebels!
Ani