As the world of Web3 continues to grow and evolve, regrettably, so too does the potential for security threats. While the technology behind Web3 and NFTs is exciting and promising, it's important to remember that this space is not immune to phishing attacks and smart contract scams. While your Bitski Wallet is equipped with special features to keep you safe, such as fraud notices and support for cold storage wallets, it’s best to stay vigilant and up to date on the best security practices for this new age of the internet. Below you’ll find information about the traps of Web3, very similar to Web2 with slight nuances based on the technology, as well as safety tips to avoid these pitfalls.
Just like in Web2, phishing also exists in Web3. Given the value of your assets as well, Phishing scams involving fraudsters using deceptive tactics to steal sensitive information from unsuspecting victims have become a common phenomenon in Web3. These scams can take many forms, from fake websites to fake social media accounts to email phishing attempts. They’ll come at you from all angles, Telegram, Discord, Twitter, and people might even pretend to be us!
(Bitski will never DM you unprompted or ask for your private keys, seed phrase, to send funds to us, or sensitive personal information).
You’ve probably already seen bot messages that look like this:
Yes, that can be alarming. But, unlike a lot of things, it’s a simple fix — just ignore them. Do not engage. Simply report them to whatever platform you happen to be on at the time.
Just remember to be cautious when clicking on links or providing personal information. Phishing attacks are only getting more sophisticated and convincing so it’s best to be extra careful and, again, just don't engage if you feel something’s off.
Other potential scams might come from smart contracts. Smart contracts are self-executing contracts with the terms of the agreement between buyer and seller being directly written into lines of code. Scammers may create fake smart contracts that appear legitimate but are designed to steal funds or information.
To protect against this, your Bitski Wallet simulates all transactions before you sign, warning you each time a smart contract seems suspicious or is just downright malicious. While this offers a strong layer of protection, it’s best to set up a burner wallet in our app to use when interacting with a contract that you feel hasn’t been “battle-tested” yet.
Overall, to protect yourself from these types of threats, it's important to take certain precautions when using Web3 and NFTs. Here are a few tips to keep in mind:
1. Be careful of unsolicited messages or requests for personal information. If you receive a message or email asking for sensitive information, it is best to triple-check its legitimacy before responding, or just not reply at all. It is very easy to make an email appear as if it is coming from a legitimate company or even a co-worker. A common tactic is to change the headers so the email looks like it came from “email@example.com” but it actually came from “firstname.lastname@example.org”
2. Use trusted wallets and platforms. Stick to well-known, reputable wallets and NFT marketplaces to minimize the risk of scams. DeFiLlama’s Directory is a great place to look to make sure you’re visiting the proper, reputable sites. Dextools provides automated checks for ERC-20 tokens to warn you if they are honeypots, have crazy taxes, large insider pre-mines, etc.
3. Research before ape-ing into a project. Before trading your hard-earned ETH for a new NFT or smart contract, do your research and make sure it's legit as possible. Look for reviews and feedback from other users, and be wary of anything that seems too good to be true. There is no such thing as a free lunch. A common tactic is to send tokens with little to no value to someone’s wallet for “free”, but make the fiat value appear huge! But trying to transfer or interact with them will leave you with wasted gas fees, or at worst, an empty wallet. While it is tempting to believe that Mr. Beast suddenly blessed your wallet with 200,000 USD worth of highly liquid “Pepe Elon baby doge” coins, 99 times out of 100, this isn’t the case.
4. If there’s anything we’ve all learned over the past year, it’s that there’s no substitute for self-custody. Keep your private keys (the key to your wallet and NFT holdings) safe and secure, whatever that means to use. We’d recommend using the Bitski Vault (your keys are safely stored in our hardware security modules), a hardware wallet, or another secure storage solution (like a Ledger) to minimize the risk of theft or loss. Look here for more on the support we offer for self-custody. Saving seed phrases in .txt files on your desktop is just not a good look, so come join us in the future!
5. Stay up to date on the latest security threats and trends. Staying informed about potential threats and best practices means you can better protect yourself and your assets. Scams can come and go in size and shape. For example, a common one in 2023 was random DMs that gave away a wallet address and seed phrase from a user who “needed your help.” While this does pull at the heartstrings, it’s just the flavor of the month scam designed to separate you from your assets.
Web3 and NFTs offer exciting new opportunities for art, creativity, and investment, but it's important to be aware of potential security threats. While we are constantly innovating new security features and “programming away” potential pitfalls, we need your help as well! By staying vigilant, using trusted platforms, and following best practices for security, you can help ensure a safe and secure experience in the world of Web3.
Have questions, comments, or feedback for us? Please reach out. We’re always available on Twitter to offer support and guidance, or just to chat (@bistki).