The Web3 ecosystem is a very expansive and growing one. The launch of new projects shows how innovators are hard at work to bring targeted changes. The growing technological sophistication has made scammers more intense in rampaging the ecosystem.
Web3 projects need to protect users against exploits as a fundamental responsibility. This responsibility is heightened when the Web3 project is new and trying to gain trust. Community members can protect themselves from exploitation by becoming aware of common scams
This article sheds insight into the top 5 scams in the Web3 ecosystem of interest to new protocols. These include;
Quite a lot of scams are now carried out through simple impersonation attempts.
Thanks to social media, projects can now maintain an online identity. With this, they can connect with their community.
There are weaknesses in the verification systems of these social media platforms. These are often exploited by criminals. They can clone the real project’s account and share important information through it. This often leads to a loss of funds.
This is a very common scam and projects should be on guard. When discovered, take down these cloned accounts before they cause damage.
Web3 is now paraded as a decentralized alternative to today’s internet.
It generally encompasses different aspects, but finance is the primary.
Web3 protocols that offer a financial product must always reach out to their target users. Scammers can hijack such intended messages. Most times, they do it using a phishing attack.
Phishing attacks come in the form of an exact email, message, or ad. These messages often look like the ones from the project but lead to a cloned website. Web3 users click on Phishing links and get their seed phrases or other sensitive data exposed.
This exposed data is usually an avenue through which hackers can use to drain their funds.
Knowing how common these scams are, team members must always sensitize their community. This way, everyone can stay on guard.
Scammers may target a good project and produce fake NFTs as part of their scheme.
Blockchain is an open-source technology. As such, anyone can mint the copycat of digital artwork as NFTs.
It is also possible that these NFTs get listed on marketplaces. On these platforms, they get sold to unsuspecting buyers. Acquiring such digital collectibles is risky. Attempting to verify it can show it does not belong to the original collection.
OpenSea, Rarible, and others are working hard to stop the listing of these fake NFTs. Projects can also be proactive to warn their users of such schemes.
Giveaway scams
When browsing crypto news on Twitter, you can always spot giveaways like below. A hacker will impersonate a prominent public figure or company and claim to be giving away crypto.
In most cases, the link goes to a fake “double your money” giveaway where you have to send your tokens. Supposedly, the suspicious “Vitalik Butterin” promise to give you more than (i.e., twice the amount) what you send.
And yes, you won’t get anything back.
Many accounts are even verified, making these giveaway scams even worse.
Also, there are a few things to take note of:
If you are a Web3 social media manager, we advise you to keep your community wary of these scams.
If you think that these scammers won’t target your newly created tokens, then you are wrong.
Scammers can even replicate (copy) your website, community groups, and similarly named tokens.
Customer Support Scam
Customer support scams, or CSS, are deliberate types of scams where the scammer will deliberately contact people to help them with Web3 problems.
In most cases, the scammers will ask the victims their “seed phrases”, which are the keys to the users’ wallet addresses. Once they get the seed phrases, consider your tokens lost forever.
One more thing: The average users aren’t the only target for this kind of scam. It can also happen to the developers, and that may include you.
Have you ever heard of Axie Infinity? The infamous $600 million hack happened because of a scam similar to this, except the developer somehow “disclosed” their personal information to the scammers.
We mentioned this above, and yes, scammers can create IDOs that copy other token names, including yours. These are the signs to spot fake IDO/ICO:
• Fake team members: Scammers will use stock images, fake testimonies, and celebrities’ quotes to make the IDO look “legitimate.”
• Missing or poorly-made whitepapers: Some fraudulent companies even managed to create convincing whitepapers (e.g., PlexCoin).
• Hidden token sale : Scam IDOs will hide their token sale progress. Sadly, this is not easy to spot.
Project auditing sometimes requires thorough knowledge and experience. If you want to avoid getting scammed under any circumstances, working with an agency like us is another good option.