Gaming is PvP. One person is trying to beat another person with logic, skill, and speed.
Security is no different. Digital Collectibles can be highly valuable, depending on the project they’re associated with. High value projects and assets attract bad actors. This means there are people that are looking for weakness, vulnerability, and exploits, to take what is yours.
What does this mean for you as a person? It means caution should be exercised when interacting with anyone and any application online. Healthy security practices when online include but are not limited to:
Social engineering is an extremely popular way for attackers to exploit people because it has a high rate of success. A normal social engineering attack is when a bad actor pretends to be someone they’re not to get you to perform a behavior they want.
This can take many forms, but regularly it looks like someone sending DMs to you. The conversation can start off light, even conversational. Eventually though, it involves the bad actor asking you to either send them funds for something (e.g. help them with a debt), or get you to connect your wallet to a malicious contract. If you’re not careful, you might think you’re just helping out a friend or verifying your assets for an allowlist for a future mint, when in actuality you’re handing over your funds or assets to an attacker. Then poof, your money is gone, and you have no recourse.
Knowing up front that there are malicious attacks and bad actors in the Digital Collectible world is the first step in the process to protecting yourself online. Practice caution with every interaction that you have.
Sometimes speed can get you into trouble in the Digital Collectible world. Attackers will often try to generate FOMO (fear of missing out) by announcing something that looks legitimate with a short timeframe, in order to trigger an emotional response. The goal is to get you, the person with money or assets, to expose your wallet or account to them without taking normal precautions.
Let’s run through a realistic scenario for a current project. You have been following the Art Gobblers project for a while, trying to grind the allow-list but haven’t made it on yet. You see a new tweet from an account that looks identical to the project, announcing an opening to the allow-list and that minting is live.
You decide to take a minute to double-check everything before interacting, so you do an account search on Twitter. You quickly realize it’s a scam by comparing the account that tweeted, with the original Art Gobblers account. Here they are pictured below:
Can you spot the differences? There are many:
This was a relatively easy scam to spot, but it illustrates the effort that bad actors will take, in order to steal from you. Some basic questions you should be asking yourself when a Mint is being announced are:
These are just a couple basic steps to take to protect yourself.
Hackers often target team members too, in order to gain control of trusted accounts. Project team members have been hacked in the past, and inevitably, others will be hacked in the future. So even in cases where you’ve done due diligence, it’s good to verify with a collection of people. Usually, only one person is hacked at a time, so having a group of people that are available to verify something is legitimate, is another precaution that one can take.
It is important to be diligent and think critically. Constant vigilance is the name of the game.