How to avoid cryptocurrency phishing attacks

[benalexis12]

[1] Seed Phrase
- this is the most common method of a hacker to steal our funds. And it usually preys on newbies who don't know anything about the crypto space. What is happening is that there will be a pop-up in our metamask wallet asking to enter the seed phrase or a link will open saying to enter the seed phrase. Like for example to claim airdrops even if they don't know where they got it, and of course out of curiosity they will enter the newbies that they don't know will be hacked. A simple social engineering method can easily trick people without proper knowledge in the crypto industry. And when that happens, the investors have no recourse. The wallet is compromised, all funds will be scraped or lost, and the only solution that can be done is to create a new wallet and not use the old wallet that was hacked. Because there is no way for you to recover the wallet even if you report to the police.

[2] Direct Transfer
  - Also one of the methods of hackers and what they do is they will send an email from a legitimate person or company and say that you send them coins and they will promise to return its value in a larger amount.
But for those of us who have been in this industry for a long time, we already know this gimmick. But of course the newbies don't know that because of course there are still people out there who bite the hackers' bait. Sometimes scammers do a trick using metamask if the wallet has been compromised. There is a signature request that will appear but the truth is that it is just hiding its function hall. What will happen is that the fund will be transferred to the scammer. And sometimes it's a security update but it's the same. When this happens, the fund cannot be recovered but the wallet can still be used, that's why it's dangerous.
However, such tricks are difficult to detect especially if we do not track what web3 website we are using.

[3] Approval
  - also one of the methods of hackers or scammers to steal your funds. A way for them to access our tokens or NFTs. The Approval or Permit has two flavors. This is the onchain transaction that grants access to our NFTs or tokens. What the scammers do is legitimize the transactions that we will approve, but in reality our tokens or nft will be transferred to another wallet. And they can do this by creating update applications that request permission and once we approve that, they will have full access.
So normally what these scammers will do is they will make it appear that we have received airdrops and we need to claim it, and sometimes we will receive an email like that. Like the example in the picture, sometimes in groups or social media channels you will see something like that.

Of course we already know this kind of trick and we don't just believe in it of course. But as usual with newbies they don't know this, so newbies always be careful.

[4] Permit
  - It is also a way to get access to our wallet like the approval, the only difference is that an off chain signature is needed here instead of an onchain transaction like the picture below. The process is almost the same as the approval.


Now the only solution to avoid this is to be vigilant about the decentralized applications we access, and always check the url of the website and make sure that the one we access is the official website. And when we receive a link to the airdrops, don't just believe it, because normally the project owners don't do this. So it should be confirmed first on their official channel or their social media channels.

And our other solution here is to revoke the approval after we used the applications. It's just a different way of disconnecting connected sites, though we also need to disconnect the site from the metamask. And we have a certain website for this, all we need is that we have a balance in our wallet for the transaction we will do here because we are dealing w/ onchain transaction. So we have to pay the gas fee here, and the most popular here is https://revoke.cash/

all we do here is connect the wallet and the beauty here is that almost all blockchains are available to them. Once you see it, you just revoke it so that your wallet's connection to that application will be lost forever.
So we will just do this every time we have an interaction with decentralized applications, Defi or any nft market place just so we can be sure even if we pay a fee at least our wallet is secure especially if the wallet we use has funds.
Or another solution here that we can do for additional protection is that we can install a web3 antivirus in the chrome extension, its job is that before we use metamask, it runs first if there is a threat in metamask or not. Because if something suspicious is seen, it will give you a warning.

[1714658619]

1714658619

[cryptoaddictchie]

Nice suggestion. Thats right been using revoke cash app whenever I engage on some suspicious dapps especially the airdrop page of recent hype arbitrum related. This will add extra careful on the dapps that potentially can stole from us. What I hate is the gas fee. You need to shell out something for this to work. Maybe they could improve it by letting us use this for free however, I understand the need of the transaction and this is just a free useful dapp for avoiding being scam.

[Stalker22]

OP, thank you for this information about the different methods hackers and scammers use to steal cryptocurrencies. This is something we are facing in the crypto world more and more often, and all crypto users need to be aware of this tactics and be careful when accessing decentralized applications, and check the website URL before taking any action. Revoke.cash seems like a useful tool to disconnect linked sites or apps, and prevent unauthorized access to our wallets. But the most important thing is to be informed and be careful when it comes to our seed phrase, direct transfers, approval, and permit requests. We should never share our seed phrase with anyone, even if it seems like a legitimate request. We should also be cautious when receiving emails or messages asking for direct transfers, and always verify the sender's identity before taking any action.

If something is suspicious or too good to be true, it probably is. This is especially true in the crypto world where scams and frauds are becoming more sophisticated.

[so98nn]

That’s amazing article and refresher course to everyone on board. It makes sense that this has to be read by newbie very first before they could enter into vast reality of crypto currencies. It’s so much deceptive world out there one could imagine easy steal from them. For example, approval and permit are really bestest phishing method that you can have already.

I mean most of the new peeps would start with easy money earning tricks where they end up doing free airdrops. They would join hundreds of different telegram groups. Connect with bots and start clicking without seeing what they are doing.

This is where such links and banners are embedded. I hope everyone read through OP and understand how it works. This is helpful article.

[bettercrypto]

Great reminders to all newbies who will enter in this field of business here in crypto space. This would be a very helpful things for us to know what we should do to avoid hackers and scammers. And revoke application was very new to my earns and it seems really helpful to us as well.

      I just hope that eventually the gas fee will disappear to complete hellfull things for everyone, but if it can't be removed, I think there is no problem as long as the gas fee is not expensive, as long as the important thing is to be away from danger our wallet account on metamask.

[umbara ardian]

This is a very useful article for those who are new to the field of the cryptocurrency market. It is important to be aware of the risks and take steps to protect yourself when entering the crypto space. The use of security measures such as two-factor authentication, hardware wallets, and being cautious of phishing scams can help safeguard their assets. By regularly updating information, using security tools like Revoke.cash and being vigilant, we can protect ourselves and our crypto assets from potential threats.

[Xal0lex]

Less need to participate in all sorts of dubious airdrop and events related to the draws of new cryptocurrencies, as well as less need to follow all kinds of links in discord, where you supposedly won something, and also carefully check your mail for phishing links, this is the most frequent phishing attacks, in which people lose their money. Also in NFT marketplaces they often slip fake NFTs, which supposedly are very expensive and you suddenly have one of these in your wallet.

[BitDane]

Thank you for the information, this will greatly help readers to avoid being victim of phishing attacks or if they stumbled unconsciously on a suspicious site.  Many newbies don't know what to do after they stumbled and give permission to a non-reputable sites, giving them suggestion on using Revoke application will greatly help prevent future phishing attack if the owner of that suspicious site decided to use the data they gathered and launch an attack.

↑ I agree, we should be vigilant whenever we participate in airdrop, not all airdrop are genuine, many of them are just collecting data so that they can sell it to third party.  Others are just using it to connect and gain access to our wallet.  So it is great that @OP expose the hackers means of connecting and phishing other people's key to access their crypto wallet.

[passwordnow]

That's an interesting app and I have never heard of it until you shared it here. Another way to avoid being phished is to have some added layer of security through 2FA.
Let's say that someone has already been phished and his details that have been taken by the hacker are correct and ready to be taken into account like the ones from exchanges. But if there's a 2FA, that hacker won't be able to get on it unless the 2FA has already been compromised or being bypassed but I don't know how.

[bitbollo]

That's an interesting app and I have never heard of it
...

What is this app?! Sorry I missed this point....

Coming back on topic...
These tips are always useful and it is good to pay attention to these topics. unfortunately those who are victims of these scams will continue to exist... because they will never notice these tips/suggestions and will never do a search about to avoid scam
the same applies with HYIP or other ponzi schemes... people fall victims most of the times because they have not done properly researches...

[fvb]

It seems that these are already known truths, but you voiced them very clearly. Thanks for the solid information. I think it will be useful for new users

[poodle63]

Good points but the problem is how can we know whether the project is good or not? i meant once someone received tokens or NFT which has value and this guy will talking to himself about whether he will able to sell it or not. Then, that guy was trying to swap it caused by the money is attracting him to do that. This is the problem that can't be easily avoided. It can be checked by smartcontract but we can't know whether that's legit or not.

[bittick]

always avoid interacting with smart contract that you know nothing about, there has been many attacks that could drain quite literally our assets in metamask through interacting with some random smart contract which is quite harmful, only interact with popular platform like uniswap, pancakeswap and the like and your assets will never drained, good thing metamask have already given some warning in their wallets.

[ammo121810]

[1] Seed Phrase
- this is the most common method of a hacker to steal our funds. And it usually preys on newbies who don't know anything about the crypto space. What is happening is that there will be a pop-up in our metamask wallet asking to enter the seed phrase or a link will open saying to enter the seed phrase. Like for example to claim airdrops even if they don't know where they got it, and of course out of curiosity they will enter the newbies that they don't know will be hacked. A simple social engineering method can easily trick people without proper knowledge in the crypto industry. And when that happens, the investors have no recourse. The wallet is compromised, all funds will be scraped or lost, and the only solution that can be done is to create a new wallet and not use the old wallet that was hacked. Because there is no way for you to recover the wallet even if you report to the police.

[2] Direct Transfer
  - Also one of the methods of hackers and what they do is they will send an email from a legitimate person or company and say that you send them coins and they will promise to return its value in a larger amount.
But for those of us who have been in this industry for a long time, we already know this gimmick. But of course the newbies don't know that because of course there are still people out there who bite the hackers' bait. Sometimes scammers do a trick using metamask if the wallet has been compromised. There is a signature request that will appear but the truth is that it is just hiding its function hall. What will happen is that the fund will be transferred to the scammer. And sometimes it's a security update but it's the same. When this happens, the fund cannot be recovered but the wallet can still be used, that's why it's dangerous.
However, such tricks are difficult to detect especially if we do not track what web3 website we are using.

[3] Approval
  - also one of the methods of hackers or scammers to steal your funds. A way for them to access our tokens or NFTs. The Approval or Permit has two flavors. This is the onchain transaction that grants access to our NFTs or tokens. What the scammers do is legitimize the transactions that we will approve, but in reality our tokens or nft will be transferred to another wallet. And they can do this by creating update applications that request permission and once we approve that, they will have full access.
So normally what these scammers will do is they will make it appear that we have received airdrops and we need to claim it, and sometimes we will receive an email like that. Like the example in the picture, sometimes in groups or social media channels you will see something like that.

Of course we already know this kind of trick and we don't just believe in it of course. But as usual with newbies they don't know this, so newbies always be careful.

[4] Permit
  - It is also a way to get access to our wallet like the approval, the only difference is that an off chain signature is needed here instead of an onchain transaction like the picture below. The process is almost the same as the approval.


Now the only solution to avoid this is to be vigilant about the decentralized applications we access, and always check the url of the website and make sure that the one we access is the official website. And when we receive a link to the airdrops, don't just believe it, because normally the project owners don't do this. So it should be confirmed first on their official channel or their social media channels.

And our other solution here is to revoke the approval after we used the applications. It's just a different way of disconnecting connected sites, though we also need to disconnect the site from the metamask. And we have a certain website for this, all we need is that we have a balance in our wallet for the transaction we will do here because we are dealing w/ onchain transaction. So we have to pay the gas fee here, and the most popular here is https://revoke.cash/

all we do here is connect the wallet and the beauty here is that almost all blockchains are available to them. Once you see it, you just revoke it so that your wallet's connection to that application will be lost forever.
So we will just do this every time we have an interaction with decentralized applications, Defi or any nft market place just so we can be sure even if we pay a fee at least our wallet is secure especially if the wallet we use has funds.
Or another solution here that we can do for additional protection is that we can install a web3 antivirus in the chrome extension, its job is that before we use metamask, it runs first if there is a threat in metamask or not. Because if something suspicious is seen, it will give you a warning.

This is a very good article. All of us should be aware and careful of phishing attack, we should evaluate first the airdrop that we are about to join and if they are asking to connect the metamask research first if it is safe to approve signature on our wallet. Once they had access we may loss all the balances that we have in our wallet. Thank you so much for this kind of information buddy. This is to spread awareness to all investors specially to the beginners.   

[Mr. Magkaisa]

  -   This is a very good thing when it comes to avoiding the methods of scammers or hackers to prey on them. OP has done this well, it is a great help not only to newbies but also to old members here on this forum platform.

I will bookmark this topic, very good OP, I will share this if necessary for the communities who are not aware of this scenario in cryptocurrency business to be honest.

[someone703]

Recently I have used Revoke App, and feel more confident when accessing suspicious websites, indeed in recent years the problem of users having information stolen is very common in this market. There are parties that have interfered with them, these situations still happen often, perhaps users also need to be more vigilant when any behavior of people in this environment can be taken advantage of. But in my opinion, in addition to protection, it is also necessary to share the problems that the market situation is affecting users to warn people can avoid mistakes in the process of using.

[passwordnow]

That's an interesting app and I have never heard of it
...

What is this app?! Sorry I missed this point....

Coming back on topic...
These tips are always useful and it is good to pay attention to these topics. unfortunately those who are victims of these scams will continue to exist... because they will never notice these tips/suggestions and will never do a search about to avoid scam
the same applies with HYIP or other ponzi schemes... people fall victims most of the times because they have not done properly researches...

I was talking about the revoke.cash, I'm not really aware of it so I find it new when OP included it on this post and what it can do to all of us and that made me say that it's interesting which really is.

Recently I have used Revoke App, and feel more confident when accessing suspicious websites, indeed in recent years the problem of users having information stolen is very common in this market. There are parties that have interfered with them, these situations still happen often, perhaps users also need to be more vigilant when any behavior of people in this environment can be taken advantage of. But in my opinion, in addition to protection, it is also necessary to share the problems that the market situation is affecting users to warn people can avoid mistakes in the process of using.

Thanks for sharing that experience of yours. I was thinking of using it but then I still need to learn how to use it and just as you've used it folks, this gives me more idea on how to use it well.

[yhiaali3]

Thanks for the great hints, these scams have become very popular and only beginners who have no experience with scams fall victim to it.

Unfortunately, scammers are always developing their methods to get more victims, recently there was a vulnerability in SushiSwap platform so that hackers steal tokens as soon as you make an approval, such a vulnerability is difficult even for experts.

[jaberwock]

Thanks for the great hints, these scams have become very popular and only beginners who have no experience with scams fall victim to it.

Unfortunately, scammers are always developing their methods to get more victims, recently there was a vulnerability in SushiSwap platform so that hackers steal tokens as soon as you make an approval, such a vulnerability is difficult even for experts.

It is possible to avoid them without needing to experience them first. That is by doing a research. They can type the specific keyword like this> "guides on how to avoid scams and phishing attacks here in crypto" and there will be many results that will pop up and this thread here of the OP might also show as one of them.

Some scammers are smart and they know that their old scam tricks are not effective anymore because it was already been exposed by the concerned citizens so they are now creating a new trick. This time its more harder but time will come that it will be discovered and busted out again. Just always stay updated for the news and latest happenings here in crypto.

[woez]

Yes, it's great to hear that you are taking extra precautions to protect ourselves from potential scams by using the Revoke Cash App. While gas fees can be a bit annoying, it is important to remember that they are necessary to ensure the security and validity of transactions on the blockchain. I think it's always better to be safe than sorry when it comes to protecting our assets and be innovative solutions to emerge that will help us stay one step ahead of scammers.