Diving into the world of decentralization and crypto is meant to be thrilling: we're challenging our previous notions of ownership, finance, and culture; that means navigating Web3 can also feel like traversing the Wild West.
Scammers are co-opting the movement, preying on the many newcomers in the crypto space, and employing a litany of tactics to plunder your funds.
You can expect common targets to be your:
As a result, we've jotted down some essential morsels of info for artists and creators like you—the bedrock of ZORA—to absorb and stay safe.
Whenever you generate a cryptocurrency wallet, you’ll be provided a unique list of words to keep in a secure spot: this is a seed phrase. It enables you to recover a wallet if your device is ever lost or stolen. Scammers can elicit this through a variety of clever tactics, like creating clones of MetaMask, otherwise known as 'spoofing', and be nearly impossible to detect. Your wallet or a website will NEVER request your seed phrase without your initiation. If it does, it’s a scam; once they have access to it, they have full rein to raid all of your wallet’s assets.
Example of scammers trying to exact your private 12-word recovery phrase
If your expedition in crypto has yielded a healthy sum, we strongly recommend getting a hardware wallet. While we salute our partners at MetaMask, storing vast amounts on a chrome extension on your computer can leave you vulnerable to malicious software. So if you’re holding over $5K on your MetaMask, the hardware wallet is the prophylaxis between your computer and your crypto.
The two most commonly trusted hardware wallets are:
Trezor Hardware Wallet
Sometimes, wielding a secure password isn't enough to stave off the hordes of malicious actors, highwaymen, and bots to your share of your pie. 2FA provides an extra layer of security by asking a prompt when logging in. Make sure to set up 2FA with Google Authenticator, NOT your phone number (SMS).
The age-old tale of a wolf in sheep's clothing: scammers can moonlight as a branch of a support organization or a service you already use, so if you receive an email or DM on platforms like Twitter, Discord, or Telegram, be sure to double-check that the email and/or link is exactly as the original website. If anyone asks for personal information, your seed phrase, or money: disengage and block. Authentic representatives will never randomly reach out. Let's look out for each other.
An ENS scam account—notice the Twitter @ has added one extra "n"
Fake MetaMask Twitter support
If you're like your uncle in the Boomerverse, you probably have the same password for every platform you enjoy. If that one password is compromised, you're in for a world of trouble. The only leak we'd want for you is some alpha. Password Managers are a bulwark to leaks because they generate and store random, secure passwords. This ensures you'll never have to use a password twice or memorize them by heart.
Recommended password managers include:
Bookmarking your websites ensures their authenticity. In the age of clickbait, we may see ourselves on "Zoora.co" instead of Zora.co, or "Conbase.com" instead of Coinbase.com. Always take the time to confirm you’re on the correct website. The devil is in the details, folks.
Scam ENS Airdrop—notice the incorrect ENS URL
We encourage everyone to engage in crypto discourse and bridge the gaps in the metaverse. However, gloating about how much you have is never bright. After all, every transaction that occurs on the blockchain is public, so if you post an address, it’s there for all to see. Don’t draw extra attention to yourself and become a potential target.