Diving into the world of decentralization and crypto is meant to be thrilling: we're challenging our previous notions of ownership, finance, and culture; that means navigating Web3 can also feel like traversing the Wild West.
Scammers are co-opting the movement, preying on the many newcomers in the crypto space, and employing a litany of tactics to plunder your funds.
You can expect common targets to be your:
- Crypto Wallet
- Exchange Account
- Social Media Accounts
- Phone Number
As a result, we've jotted down some essential morsels of info for artists and creators like you—the bedrock of ZORA—to absorb and stay safe.
NEVER Share Your Seed Phrase
Whenever you generate a cryptocurrency wallet, you’ll be provided a unique list of words to keep in a secure spot: this is a seed phrase. It enables you to recover a wallet if your device is ever lost or stolen. Scammers can elicit this through a variety of clever tactics, like creating clones of MetaMask, otherwise known as 'spoofing', and be nearly impossible to detect. Your wallet or a website will NEVER request your seed phrase without your initiation. If it does, it’s a scam; once they have access to it, they have full rein to raid all of your wallet’s assets.
Consider a Hardware Wallet (Cold Storage)
If your expedition in crypto has yielded a healthy sum, we strongly recommend getting a hardware wallet. While we salute our partners at MetaMask, storing vast amounts on a chrome extension on your computer can leave you vulnerable to malicious software. So if you’re holding over $5K on your MetaMask, the hardware wallet is the prophylaxis between your computer and your crypto.
The two most commonly trusted hardware wallets are:
Enable Two-Factor Authentication (2FA)
Sometimes, wielding a secure password isn't enough to stave off the hordes of malicious actors, highwaymen, and bots to your share of your pie. 2FA provides an extra layer of security by asking a prompt when logging in. Make sure to set up 2FA with Google Authenticator, NOT your phone number (SMS).
Flex Your Skeptic Muscles: Who’s actually reaching out to me?
The age-old tale of a wolf in sheep's clothing: scammers can moonlight as a branch of a support organization or a service you already use, so if you receive an email or DM on platforms like Twitter, Discord, or Telegram, be sure to double-check that the email and/or link is exactly as the original website. If anyone asks for personal information, your seed phrase, or money: disengage and block. Authentic representatives will never randomly reach out. Let's look out for each other.
Employ a Password Manager
If you're like your uncle in the Boomerverse, you probably have the same password for every platform you enjoy. If that one password is compromised, you're in for a world of trouble. The only leak we'd want for you is some alpha. Password Managers are a bulwark to leaks because they generate and store random, secure passwords. This ensures you'll never have to use a password twice or memorize them by heart.
Recommended password managers include:
No Phishy Links: Bookmark Your Websites
Bookmarking your websites ensures their authenticity. In the age of clickbait, we may see ourselves on "Zoora.co" instead of Zora.co, or "Conbase.com" instead of Coinbase.com. Always take the time to confirm you’re on the correct website. The devil is in the details, folks.
Tone Down the Public Crypto Posting
We encourage everyone to engage in crypto discourse and bridge the gaps in the metaverse. However, gloating about how much you have is never bright. After all, every transaction that occurs on the blockchain is public, so if you post an address, it’s there for all to see. Don’t draw extra attention to yourself and become a potential target.