星期二, 1月 31, 2023
  • 登录
  • 登记
  • 关于
  • 广告
  • 接触
Web3 Domains℠
  • 🏠首页
  • Web3 新闻
    • 📰科技
      The ENS Referral Protocol Post Cover

      The ENS Referral System: Adding an Affiliate Program to ENS Protocol

      What is the ENS Name Wrapper Post Graphic

      ENS 名称包装器:Web3 中的功能、优势和可能性

      ENS Domains, Lost NFT Relics Post Graphics

      ENS 域,丢失的 NFT 遗物

      热门标签

      • 提示
      • 销售量
      • 指南
      • 身份
      • 域
      • 999俱乐部
    • 📰 整合
      ENS Normalization Updates & Benefits

      ENS Normalization Updates & Benefits

      The ENS Referral Protocol Post Cover

      The ENS Referral System: Adding an Affiliate Program to ENS Protocol

      Using ENS With BTCPay Server (Guide)

      Using ENS With BTCPay Server (Guide)

      热门标签

      • 提示
      • 销售量
      • 指南
      • 身份
      • 域
      • 999俱乐部
    • 📰文化
      ENS and Unstoppable Domains Comparisson

      ENS vs Unstoppable Domains

      Impulse Buying ENS Domains

      Impulse Buying ENS Domains

      Rebuilding Trust with Web3 Journalism

      Rebuilding Trust with Immutable-Web3 Journalism

      热门标签

      • 提示
      • 销售量
      • 指南
      • 身份
      • 域
      • 999俱乐部
    • 📰 生态系统
      ENS Normalization Updates & Benefits

      ENS Normalization Updates & Benefits

      Lens Protocol Partners with ENS

      Lens Protocol Partners with ENS

      The ENS Referral Protocol Post Cover

      The ENS Referral System: Adding an Affiliate Program to ENS Protocol

      热门标签

      • 提示
      • 销售量
      • 指南
      • 身份
      • 域
      • 999俱乐部
    • 📰名称销售
      The Mystery 👨.eth Wallet Post Cover

      Mystery of the “👨‍🦲.eth” Wallet

      Brands are Racing to Secure their ENS Names

      Brands Racing to Secure Their ENS Names!?

      SIGNVM Onboards Hublot into ENS Post Coveer

      SIGNVM 将宇舶加入 ENS

      热门标签

      • 提示
      • 销售量
      • 指南
      • 身份
      • 域
      • 999俱乐部
    • 📰安全
      #4 Web3 Security Practices Post Cover Graphics

      Web3 安全最佳实践:第 4 部分

      #3 Web3 Security Practices Post Cover Graphics

      Web3 安全最佳实践:第 3 部分

      #2 Web3 Security Practices Post Cover Graphic

      Web3 安全最佳实践:第 2 部分

      热门标签

      • 提示
      • 销售量
      • 指南
      • 身份
      • 域
      • 999俱乐部
  • Web3 身份
    • 步骤 1️⃣ 铸造或购买 Web3 名称
    • 步骤 2️⃣ 设置主要用户名
    • Step 3️⃣ 设置头像资料-图片
    • Step 4️⃣ 添加其他文本记录
    • 步骤 5️⃣ 添加加密地址
    • 步骤 6️⃣ 使用 IPFS/TOR 网站
  • Web3 论坛
    • 🔐 安全 + 隐私提示
    • 🛠 Web3 工具/资源
    • ⚖️ Web3 法律/法律主题
    • 🕸 ICANN/DNS 作为 Web3
    • 🦾 SIWE + 集成
    • ♣︎ 域名俱乐部
  • Web3 市值
    • 💵 $ENS 代币
    • 💸 $ENS 图表
zh_CN Chinese
zh_CN Chinese en_US English es_ES Spanish fr_FR French de_DE_formal German ar Arabic pl_PL Polish it_IT Italian pt_BR Portuguese
没有结果
查看所有结果
Web3 Domains℠
  • 🏠首页
  • Web3 新闻
    • 📰科技
      The ENS Referral Protocol Post Cover

      The ENS Referral System: Adding an Affiliate Program to ENS Protocol

      What is the ENS Name Wrapper Post Graphic

      ENS 名称包装器:Web3 中的功能、优势和可能性

      ENS Domains, Lost NFT Relics Post Graphics

      ENS 域,丢失的 NFT 遗物

      热门标签

      • 提示
      • 销售量
      • 指南
      • 身份
      • 域
      • 999俱乐部
    • 📰 整合
      ENS Normalization Updates & Benefits

      ENS Normalization Updates & Benefits

      The ENS Referral Protocol Post Cover

      The ENS Referral System: Adding an Affiliate Program to ENS Protocol

      Using ENS With BTCPay Server (Guide)

      Using ENS With BTCPay Server (Guide)

      热门标签

      • 提示
      • 销售量
      • 指南
      • 身份
      • 域
      • 999俱乐部
    • 📰文化
      ENS and Unstoppable Domains Comparisson

      ENS vs Unstoppable Domains

      Impulse Buying ENS Domains

      Impulse Buying ENS Domains

      Rebuilding Trust with Web3 Journalism

      Rebuilding Trust with Immutable-Web3 Journalism

      热门标签

      • 提示
      • 销售量
      • 指南
      • 身份
      • 域
      • 999俱乐部
    • 📰 生态系统
      ENS Normalization Updates & Benefits

      ENS Normalization Updates & Benefits

      Lens Protocol Partners with ENS

      Lens Protocol Partners with ENS

      The ENS Referral Protocol Post Cover

      The ENS Referral System: Adding an Affiliate Program to ENS Protocol

      热门标签

      • 提示
      • 销售量
      • 指南
      • 身份
      • 域
      • 999俱乐部
    • 📰名称销售
      The Mystery 👨.eth Wallet Post Cover

      Mystery of the “👨‍🦲.eth” Wallet

      Brands are Racing to Secure their ENS Names

      Brands Racing to Secure Their ENS Names!?

      SIGNVM Onboards Hublot into ENS Post Coveer

      SIGNVM 将宇舶加入 ENS

      热门标签

      • 提示
      • 销售量
      • 指南
      • 身份
      • 域
      • 999俱乐部
    • 📰安全
      #4 Web3 Security Practices Post Cover Graphics

      Web3 安全最佳实践:第 4 部分

      #3 Web3 Security Practices Post Cover Graphics

      Web3 安全最佳实践:第 3 部分

      #2 Web3 Security Practices Post Cover Graphic

      Web3 安全最佳实践:第 2 部分

      热门标签

      • 提示
      • 销售量
      • 指南
      • 身份
      • 域
      • 999俱乐部
  • Web3 身份
    • 步骤 1️⃣ 铸造或购买 Web3 名称
    • 步骤 2️⃣ 设置主要用户名
    • Step 3️⃣ 设置头像资料-图片
    • Step 4️⃣ 添加其他文本记录
    • 步骤 5️⃣ 添加加密地址
    • 步骤 6️⃣ 使用 IPFS/TOR 网站
  • Web3 论坛
    • 🔐 安全 + 隐私提示
    • 🛠 Web3 工具/资源
    • ⚖️ Web3 法律/法律主题
    • 🕸 ICANN/DNS 作为 Web3
    • 🦾 SIWE + 集成
    • ♣︎ 域名俱乐部
  • Web3 市值
    • 💵 $ENS 代币
    • 💸 $ENS 图表
没有结果
查看所有结果
Web3 Domains℠
没有结果
查看所有结果
家 安全

Web3 安全最佳实践:第 4 部分

How To Avoid Common Hacks & Scams in Web3

PhoenixxDown.eth 经过 PhoenixxDown.eth
2022 年 9 月 1 日
在 安全
阅读时间: 9 最小读取
1 0
一个 一个
捐
0
#4 Web3 Security Practices Post Cover Graphics
通过电子邮件分享分享到Twitter在领英上分享在脸书上分享扫描网址

In the final part of this beginner’s series on Web3 security, where we will cover the most “common types of hacks and scams”.

Armed with the foreknowledge of these dirty deeds – all of which are used against both newbies and seasoned veterans alike – you will have a much greater chance of detecting these nasty traps at first glance, and thus hopefully avoiding them altogether.

You can catch up on Web3 Security, Part 1, Web3 Security, Part 2 和 Web3 Security, Part 3 via the highlighted links.

Fake Websites (Traditional Scams)

There are many fake versions of “commonly visited Web3-websites”. You can detect these by carefully examining BOTH the domain extension and domain URL that you’re visiting. For example, the official ENS Vision URL is ens.vision/tools, and there are many ways that a scam version of the URL may present itself: 

  1. may use a different TLD (IE .xyz, in replace of the TLD ‘.vision’), or
  2. may use a different TLD WITH Subdomain (IE ens.vision.com/tools, which uses the ‘.com’ TLD), or
  3. may use a number in the page name (ie: “/t00Is” uses number ’00’, in replace of the letters ‘oo’), or
  4. may use a capital letter in the page name (ie: “/tooIs” uses a capital letter ‘i’, in replace of the letter ‘L’).  

These fake sites may have a fake MetaMask-prompt where they will ask you for your password-or-seed-phrase at the ‘connect wallet’ stage. However, as this is not your genuine MetaMask extension, all password attempts will fail and you will be asked to recover your wallet by typing in your seed phrase. As we know, we never acquiesce to the request of typing our seed phrases.

However, it is also possible for the MetaMask-prompt to be real, and for the scam-website to trick you to authorize them to have access to your wallet. This would put your wallet at risk, even if you are using a hardware wallet.

Website Links Sent via DMs

A common tactic by scammers is to send bulk messages out to server members, often masquerading as the project itself, saying you have won a whitelist spot with them. They will attach a link to their scam website, which will often look very legitimate in appearance, saying you need to claim there. There are many incarnations, but some scammer will pretend to be someone you can trust, and then will try to trick you to click the link to their scam site. In reality, if you connect your wallet with that scam website, and you sign a transaction via your MetaMask after following that link, it will likely be a ‘Set Approval For All’ transaction which will allow the scammer to move any-or-all of your assets, from your wallet, to their own scammer wallet.

The strict rule of “Do Not Click Links” sent to you via Discord/Twitter DM (or from Anyone, Anywhere), which will protect you most of the time. All the same, always check the domain extension and full domain name of the URL, and any of the links that come across your screen (See Examples, Above). Truly, if you’re fresh into Web3 it’s advisable to just “Keep Discord DMs Switched Off” until you’ve found your feet a little.

Hacked or Scam Discord Servers

Unfortunately, the culture of FOMO (fear of missing out) and hyped launches have contributed to people disregarding safety measures temporarily and paying the price for it. If a Discord is hacked, a telltale sign is chat channels have been locked (ie: you’re unable to send a message in the General areas of the server).

Additionally, if the announcement channel is pushing a ‘surprise’ giveaway or mint (often copying and pasting the same message repeatedly) then this is a huge red flag telling you to stay clear and alert anyone you know that Discord is compromised. Much like the Discord DMs example, the hackers will push a fake link with the same consequences of your wallet being drained of its assets, should you proceed.

Never FOMO in and always double-check what you’re clicking. Again, “Always Check The Links” that come across you are going to click (See Examples, Above). If it’s a legitimate project, and you do miss out, then there will always be another opportunity. It only takes one mistake to end it all, and it is not worth the risk, but you can mitigate your risk if you “Do Not Connect Your ‘VAULT’ Wallets” to Discord or to any Website.

社会工程学

Social engineering is arguably the number one cause of stolen assets in the Web3 space. So much so, that it likely requires its own focused article. You could have five Ledgers all stored in a fireproof safe, with their seed phrases protected by armed guards and placed in different locations around the world – and still, that would not save you from a social engineering scam.

The most common approach used by scammers is asking you to trade an asset in a private deal, with any one or more of the following occurring:

  • Being approached in a Discord DM by an unknown user to make a trade.
    • Not every instance of this happening is a scam, but the overwhelming majority is so.
    • It’s wise to check the post history of a user in the server before engaging.
      • You can do this by typing ‘ from:username ‘ in the server search bar.
      • A red flag would be if no results are returned.
    • If there are many messages, then still don’t take that as a green light – instead, ask inside the server if anyone can vouch for that user.
      • If they are legitimate, it’s likely someone would have interacted or traded with them previously.
  • Impersonating Moderators/Project Owners.
    • More recently, scammers have been scoping out servers for the Discord IDs of reputable community members, replicating them aesthetically via the display picture/name and using their clout to gain automatic trust with the victim.
      • They then begin to approach server members with another account looking to make a trade and use the impersonator account to act as an intermediary in the deal.
    • Moderators/Founders of projects will generally never contact you via DM, lest of all partake in private trade activity.
      • If you end up in a group DM with one and trade is being discussed, it’s 99% likely you’re talking to a fake ID of those trusted individuals.
  • Loaning or lending your crypto or NFT to someone.
    • Sadly, even people you have grown close to in the space can act out of character and betray your trust.
      • One recent example I witnessed: a trusted member of a community offered to act as an intermediary in a private swap deal.
      • They were to hold both assets and then distribute the funds/assets accordingly once both were received from the buyer and seller.
      • He disappeared shortly after taking everything with him. If it wasn’t for the scammer being so sloppy with his digital footprint being linked to his real ID, he never would have returned the stolen items – and this was only after an onslaught of pressure to track him down was made by fellow community members.
    • This was a person who knew his victim for almost a year; as sad as it is to say, the best way to avoid this is to never get involved in such a scenario in the first place.
      • As such, that rule can be applied to all of the above situations – be naturally paranoid when your assets are at stake.
  • Being asked to set the price to $0.
    • For self-explanatory reasons, this is never a great idea.
    • The scammer will pledge to do the same in order to make a straight asset-to-asset swap with no liquid funds involved.
    • The scammer will not follow through on their end, of course.
  • Other New Social Engineering 骗局
    • There will always be new social engineering scams seeking to take advantage of users knowledge & emotions.
    • It will always involve someone pretending to be someone you trust, or setting-up a story for you to trust them.
      • Typically, it will play on your emotions of, such as your: compassion and empathy, or FOMO and greed.
    • It is important to always remain vigilant. With the advent of video deep-fakes, you can never be too careful.

Hackers Used #Deepfake
[of Binance CCO] to Scam.
Expect to see this everywhere.
There is a 'next gen' of scams/scammers;
They're seeking to attack individual-users, at scale.
Self-Custody Your Keys + Attack Vector Awareness. #Web3 #SIWE #ENS $ENS https://t.co/BfuAMUV7EU

— GaryPalmerJr.eth.limo 👁 2223.eth 🌱🐇 (@garypalmerjr) August 31, 2022

Scam and Phishing Emails

If you have your email address linked to your 外海 account, be wary of any email which purportedly comes from them.

In June of this year, OpenSea had an email address database leak where an employee of one of their vendors misused their access to download and share OpenSea users’ addresses with an unauthorized 3rd party.

OpenSea DATA LEAK. I've just received this email from OS. So be careful out there if you receive communications from people pretending to be OpenSea's staff. 🙏🚨 pic.twitter.com/QP6erbE7xj

— jackasscrypto.ethᵍᵐ (@crypto_jackass) June 30, 2022

So with this in mind, it’s almost a certainty that those affected will be set to receive phishing emails for some time. If you ever receive an email from OpenSea, double-check the sender and ensure it is from the official OpenSea mailbox. A scam email will redirect to a fake website. I mitigate this by simply never clicking on anything within an OpenSea email. They can never get me this way!

Malicious Contracts & Airdrops

A malicious contract has code written into it that will grant the scammer (who is the owner of that contract access) access to drain your wallet of funds-and-assets.

If you’re not savvy with reading Web3 contracts, the best way to avoid this pitfall is to ask someone who is to examine it for potential issues. Alternatively, although not a perfect option, is to wait to see how others are affected after using it. Again, avoid FOMO as that’s where a lot of mistakes are made – especially with contracts by unknown developers or not from a highly reputable source.

Scammers, are relentlessly enterprising individuals, and scammers have branched out into airdropping Scam-NFTs to Web3 wallets.

They most target wallets that are holding high-value projects, such as BAYC, but anyone can be targeted. Despite the fact that the artwork on these airdrops is often “ugly”, which is bad enough in itself, but when interacting with these scam NFTs (ie: trying to sell them, or move them, to another wallet) will mean that you are interacting with a malicious contract, which could end-up with you risking all your assets to get stolen.

A recent common theme is a scammer will airdrop the NFT, and then make a large WETH offer on it. This is in order to tempt the potential victims into accepting the offer and thus interacting with the malicious contract. It a waste of time and a risk, as the WETH offer can never be completed, even if accepted, so it is an entirely fruitless and risky task.

Malware, Keylogging & Protection

As previously mentioned, be extra vigilant of the downloads you make, specifically if they originate from Twitter or Discord DMs. Unless you know and trust the person you are interacting with, downloading a link via an unsolicited DM has a terrible risk-to-reward rate.

Once live on your device, these malevolent downloads can sometimes grant a hacker remote access to your PC or install malware. On that note and as referenced in Part 1, purchasing some trusted software like MalwareBytes is a good investment and is regarded as the best antivirus protection software for a very affordable price of $30 per year.

Downloading an untrusted version of a program, such as LedgerLive, will fool you into a false sense of security by typing your seed-phrases into it. Additionally, these fake versions of programs have the ability to install malware on your device. Always check that the source of the download is legitimate using the advice given in Part 1 under the ‘Be selective with your browser extensions.’ bullet point.

综上所述

This concludes the series on Web3 Security Best Practices. Hopefully, these basic tips will have you all set to embark on a safe and highly prosperous journey into Web3!

Remember, being safe and careful will always require more time and effort, but it’s worth doing so. It only takes one mistake to wipe out years of hard work.

Take care!

标签: 空投合同深假货不和谐私信黑客键盘记录恶意软件网络钓鱼骗局安全社会工程学钱包Web3
发送鸣叫分享分享扫描

直接在您的设备上获取有关此帖子类别的实时更新,立即订阅。

退订
PhoenixxDown.eth

PhoenixxDown.eth

PhoenixxDown is a web3 enthusiast and investor, predominantly with an interest in NFTs and ENS technology. Phoenixx has been an avid writer since as long as he can remember, venturing into all forms of literacy expression from writing screenplays, to composing marketing copy for large brands, and most recently, information based articles for web3. He lives in London, and when not complaining about the weather, enjoys horse racing, saunas and raising his family.

有关的 帖子

#3 Web3 Security Practices Post Cover Graphics
安全

Web3 安全最佳实践:第 3 部分

经过 PhoenixxDown.eth
2022 年 8 月 18 日
56
#2 Web3 Security Practices Post Cover Graphic
安全

Web3 安全最佳实践:第 2 部分

经过 PhoenixxDown.eth
2022 年 8 月 17 日
29
#1 Web3 Security Practices Post Cover Graphic
安全

Web3 安全最佳实践:第 1 部分

经过 PhoenixxDown.eth
2022 年 8 月 5 日
58

发表回复 取消回复

您的电子邮箱地址不会被公开。 必填项已用*标注

我同意条款和条件,并且 隐私政策.

翻译 网站

zh_CN Chinese
zh_CN Chinese en_US English es_ES Spanish fr_FR French de_DE_formal German ar Arabic pl_PL Polish it_IT Italian pt_BR Portuguese

跟着我们 跨社会

订阅 我们的时事通讯

*我们不会出售您的电子邮件或发送垃圾邮件。

市场 价格

  • 比特币
  • 美元
  • 欧元
  • 日元
  • 英镑
  • ethereum
    以太坊(ETH)
    -1.54%
  • chainlink
    链环(LINK)
    -0.99%
  • ethereum-name-service
    以太坊名称服务(ENS)
    4.87%

搜索方式 硬币和交易所

浏览方式 标签

999俱乐部 API 声音的 最佳实践 品牌 商业 购买 俱乐部 社区 注意事项 合同 域名系统 域 EIP-4361 Emoji Keycaps 表情符号 ENS 以太坊 指南 身份 面试 IPFS 市场 铸币 名称包装器 NFT 正常化 入职 播客 团结 注册 销售量 搜索 安全 西维 子域 合并 提示 托尔 推特空间 更新 用户名 视频 钱包 Web3
The Original, Open Source, Hardware Wallets. The Original, Open Source, Hardware Wallets. The Original, Open Source, Hardware Wallets.

搜索 网站文章

没有结果
查看所有结果
Web3 Domains℠

Web3 Domains℠ 创建关于去中心化域、分布式网站和 Web3 用户名的内容。了解 Web3 安全性和 Web3 隐私。

跟着我们 跨社会

最近的帖子

  • ENS Normalization Updates & Benefits
  • ENS vs Unstoppable Domains
  • Impulse Buying ENS Domains
  • Mystery of the “👨‍🦲.eth” Wallet
  • Lens Protocol Partners with ENS

Web3 主题

  • Web3 市值
  • $ENS Web3 代币
  • 名称展示
  • 生态系统
  • 名称 销售
  • 安全

订阅 我们的时事通讯

*我们不会出售您的电子邮件或发送垃圾邮件。
  • 关于
  • 广告
  • 接触

Web3 Domains℠ & Web3Domains.com © 2023 TechnoRealism, Inc., UCC § 1-308 | 隐私

没有结果
查看所有结果
  • 🏠首页
  • 技术
  • 集成
  • 文化
  • 生态系统
  • 名称 销售
  • 安全
  • Web3 论坛
    • 使用 ENS 开始
  • zh_CNChinese
    • arArabic
    • en_USEnglish
    • fr_FRFrench
    • de_DE_formalGerman
    • it_ITItalian
    • pl_PLPolish
    • es_ESSpanish
    • pt_BRPortuguese

Web3 Domains℠ & Web3Domains.com © 2023 TechnoRealism, Inc., UCC § 1-308 | 隐私

欢迎回来!

在下方登录您的帐户

忘记密码? 报名

建立新帐户!

填写以下表格进行注册

各个领域都需要。 登录

找回您的密码

请输入您的用户名或电子邮件地址以重置您的密码。

登录

添加新播放列表

zh_CNChinese
en_USEnglish es_ESSpanish fr_FRFrench de_DE_formalGerman arArabic pl_PLPolish it_ITItalian pt_BRPortuguese zh_CNChinese
本网站使用cookies。继续使用本网站即表示您同意使用 cookie。访问我们的 隐私和 Cookie 政策.
您确定要解锁此帖子吗?
向左解锁:0
您确定要取消订阅吗?
-
00:00
00:00

队列

需要更新 Flash插件
-
00:00
00:00
转到手机版