Keep Your Friends Close and Your Crypto Closer
The dangers of fraud in a shifting financial paradigm
Holding anything of value makes you a target for at least one fraudster. And many of us are well prepared for the typical scams. Maybe Tom Holland’s instagram page reached out and he needs five $100 Walmart Gift Cards so he can reinstate his visa and make a new spider man movie. Or someone has finally reached you about your car’s extended warranty (lucky you!). But as the stakes increase so does the sophistication of a fraudster’s approach.
The FTC reported in May of 2021 that fraud-related crypto losses skyrocketed toward the end of 2020 and the beginning of 2021. 7,000 people reported losses of over $80 million through the scams.
@Thomasg_eth took to Twitter earlier this week to share his experience with fraudsters, and was fortunate not to become part of this year’s statistics. Thomas is the founder of Arrow, a decentralized autonomous organization (DAO) that is developing an open source vertical take-off and landing (VTOL) aircraft and air taxi protocol. If you’re interested in learning more about that take a look at Arrowair.com.
Thomas engages with a variety of individuals through discord, and many of these people end up contributing toward the project. In this particular interaction, Thomas begins speaking with an individual “@Heckshine” who then introduces him to a metaverse creator, Linh, who was developing “Space Falcon” an NFT-based gaming platform. Linh (or the person pretending to be Linh) asks Thomas to stake one of the limited NFTs produced for the metaverse. If you’re unfamiliar with staking, think of it similar to a certificate of deposit at a bank. The asset is “locked” or “held” and interest is earned and distributed to the asset holder according to terms of the smart contract. These contracts can be complex, and the underlying functions are written in code, so reviewing the terms can be difficult for many individuals participating in the industry. Therefore, this underlying code can be used to separate the rightful owners from their holdings.
Responsibly, Thomas holds and stakes the NFT to a wallet that does not contain his majority holdings. Typically crypto holders would use a hot wallet (a wallet connected to the internet for activity) but Thomas just creates a new wallet address expressly to stake the the NFT.
As the fraudsters continue to work on getting Thomas to stake the malicious NFT on his main account, he realizes he was misled about the original NFT he staked, and starts to read more into the contract he was about to approve, finding that he was close to losing everything in his main account.
Thomas came away with three takeaways from his experience.
Token approvals can be super dangerous. I’m always going to be extremely cautious with them going forward. It makes sense to always put a cap on approvals when you can.
Scammers are getting smarter. Before now, the best scam I’ve really encountered is basically “hi this is tech support please share your private key so we can help”.
Always verify, no matter how much you trust. These guys spent two weeks targeting my own specific weaknesses, and I was extremely close to falling for it. You can’t be too paranoid.
Thomas’s story is scary, but with the proper precautions anyone can safely engage with crypto. If this is a space you’re interested in, make sure you take the proper precautions to secure your holdings. In addition to Thomas’s points remember:
Never share your private key or the seed phrase associated with your cryptocurrency wallet.
Store your private key and seed phrase somewhere safe, preferably offline.
Fully investigate any investment you are going to make. As of January 2022 there were close to 10,000 active cryptocurrencies, and not all of those come to market with pure intentions.