Hello everyone!
After seeing scam after scam over the past year, I thought it was an excellent time to lay down some NFT security fundamentals.
1. Review any Website’s URL - Multiple times!
Reviewing the URLs is probably the most crucial trick or security hack you can learn. Before clicking on a link or interacting with a website (for example, connecting your wallet), you should review the URL multiple times. Scammers create fake websites and slightly change the URLs to make them look like the real ones. Let’s use my Newsletter website as an example (https://www.kaloh.xyz).
Check the HTTPS handle instead of just HTTP. It keeps user communication, browsing, and identities private.
HTTPS (Hypertext Transfer Protocol Secure) is an internet communication protocol that protects the integrity and confidentiality of data between the user's computer and the site.
Review the URL spelling- in this case, someone could use kahlo, kal0h, or something similar to fool you.
Finally, review the domain—kaloh.io, kaloh.net, or something different than the official one. If you aren’t sure about the original one, do a Google search but keep in mind many scammers use malicious ads to confuse people. Look for non-ad official websites.
2. Don’t trust anyone on your DMs (Twitter, Discord)
Seriously, I see this every day. If you aren’t looking to engage with people (let’s say you aren’t running a business or a project), you should close your DMs.
Social scams are getting more sophisticated. Scammers will do their research and develop a story tailor-made for you. In my case, a scammer acted as a company interested in purchasing newsletter ads. Right after, they sent me a “contract” file… This takes me to the next point.
3. Don’t open any files from strangers
Files could be malicious scripts that find your wallet password, seed phrase, or interact with your computer to give access to the attacker. Even a simple png file could hide a malicious script (most of the time, the scammers rename the file type to confuse you).
4. Don’t rush!
Before making any crypto transaction, take a breath or two. FOMO (fear of missing out) makes you do crazy things. That could be from buying a very expensive NFT that you later might regret to purchasing a fake (very expensive) NFT.
In the past, stealth drops were popular. Projects will launch without previous announcements, which was the case for the Go Gos on Tezos.
The machine is up and running. 😅 gogos.tez.page
gogos.tez.pageGOGOs CastleWelcome to GOGOs Castle. We hope you enjoy your stay.
Although this launch was exciting, scammers started to take advantage by faking profiles, sites, and mints. Although legit stealth mints could happen, I think it is smarter to ignore them.
5. Be careful with “verified” Twitter accounts
Over the past months, this kind of attack is becoming more and more popular. Scammers get access to verified stolen Twitter profiles to fake affiliation with big projects like the Bored Ape Yacht Club or Moonbirds.
They will have a link to a fake website, claiming to be an airdrop or some sort of mint. These attacks have been a big issue and have scammed millions of dollars already.
6. Use a cold wallet (aka hardware wallet)
Having a hardware wallet is a must-do if you are taking NFTs seriously. The popular ones are Trezor and Ledger.
The safest place to store your NFTs is in a cold-storage hardware wallet like Ledger. Hardware wallets are protected by a seed phrase, a password, touch authentication, and remain offline; meaning hackers can’t gain access. Whereas an online software wallet like Metamask can easily be compromised.
Read the long and detailed explanation at Securely Storing Your NFTs: A Complete Guide
These were the six fundamental tricks to navigate the NFT world safely. As they say, security is a journey, not a destination. Therefore, try to stay updated with the newest hacks and trends to avoid an unpleasant surprise!
Enjoy your weekend!
- Kaloh
Consider subscribing to Kaloh’s Newsletter to receive my articles for free in your inbox. For the full experience, become a premium subscriber.
What you’ll get:
Premium posts + NFT market updates and monthly public posts.
Access to my private Discord server.
Participate in monthly NFT giveaways.
Find all the details here.
