Crypto Security 101
Simulate Transactions
Use a tool like Pocket Universe to simulate transactions before you execute them. This will not always protect you, but can help you avoid common scams such as immediate wallet drainers.
No Talking
Do not talk to anyone using your real identity about your crypto or NFT related activities. If criminals know you have any crypto related assets they may go after you and your family if they figure out you are an easy target.
If you have a reputation as someone into crypto plan your downfall now. You lost your phone in a boating accident and didn't backup your recovery phrase. You lost everything on a meme coin. Your wallet got drained and you are out forever. Or simply delete everything previously and STFU starting now.
Secure Your Wallet
You should never store your seed phrase anywhere digitally. This includes online password tools (multiple data breaches have happened). This includes password protected digital archives (data leaks happen and passwords often get cracked). This includes taking a picture with your phone (your phone may be uploading every picture you take to the cloud, someone may recover your photos in the future if you lose your device). All of these are mistakes others have made before and it is what enabled thieves to steal their assets.
You should store your seed phrase physically in multiple secure locations only you know about. Make it a fun treasure hunt for your next of kin. Don't make it easy for thieves.
Secure Your Device
The device you do crypto related tasks on should be a clean install where you do not do anything else but crypto related tasks. You should not be downloading and installing any 3rd party software. You should not be downloading anything period. PDFs can be malware. Even video files can be malware that can do remote code execution. You should not be installing any browser extensions that are not necessary. You should not use the device for random web-browsing. You should not use the device for social media or e-mail at all. Your primary crypto device should be kept clean.
Use a Vault
You can use https://safe.global/ to create a vault which requires multiple signatures to allow transactions to go through. This is useful for storing assets more securely as even if a single device gets owned, you can replace that device/wallet with a fresh one and nothing is lost. A common pattern is to use 2-3 devices for signing using multiple wallets, and then also storing some backup wallets that are also on the multisig.
Common Scams
There are a variety of common scams that people use to trick you. If in doubt, ask someone who is less stupid than you are if some link or thing you were sent is too good to be true.
The most common type of scams going around right now are scams where a site tells you it is connecting you to its site, but it is actually having you sign a transaction which allows a scammer to buy NFTs you have listed on marketplaces. If you have approved collections on marketplaces, when you fall for these scams it can enable people to buy your NFTs for ~0 ETH. This is what has happened when you see NFTs being sold for near 0 ETH. This kind of scam is why you should simply not connect to random websites, especially random sites which were sent to you by someone you don't know.
- If you get a random DM or notification that has a link to a page which wants to connect to your wallet you should be on alert mode. These are 99.99% of the time wallet drainer scams.
- If you suddenly get a DM or ping in a place like Discord to connect to a new site that you have never interacted with before you should be on high alert. It often happens that a Discord moderator gets their account compromised and a scammer uses it to blast out a fake mint site. While these kinds of sudden drops are not always scams, you should expect them to be scam, and collection creators who choose to have minting on their site need to broadcast the only domain they will be using in advance and make their audience more cautious of other random links suddenly showing up.
- If you get airdropped an NFT which lists a domain in the image or description telling you claim something you should be highly suspect. You might see these on the profiles of others too. These are 99.99% of the time wallet drainer scams. You should not interact with NFTs that you do not know the origin of, hide them.
- If someone wants to trade you NFTs out of nowhere it's likely a scam. If someone really wants to buy your NFTs tell them you will accept an offer on a common marketplace and not an OTC trading site.
- There are more common scams listed here, some of which Pocket Universe is more likely to protect you from and some you just need to know about and be more wary of. It is worth your time to review the common scams so that you are more aware of them when they show up in your timeline.
Wallet draining scams are a big reason why we encourage minting on Scatter. If the link is anywhere on the Scatter.art domain you know that it is safe. We do not allow any 3rd party code to run on our sites, all collections launched on Scatter use standardized flexible contracts that do not allow 3rd party code.
Even if you are very smart don't think you will be able to avoid all scams without some discipline. Do not use your crypto devices while you are depressed, exhausted, sick, or on drugs that alter your physical/mental state. You will be easier to manipulate in these states and more likely to fall for scams. Smart people in compromised mental states fall for scams every day. Even people who are used to seeing scams constantly still fall for scams in moments of weakness. Be diligent!