Guide to a safe journey in Web3.0

The article is a little long but covers almost all the types of Scams running in the space. I advice you to go through all of it in order to gain little exposure to the dark side of this world and learn from the experience of others. These are just a few of many incidences that we face almost daily and we are compiling them at one place to help anyone that ever comes across this article.

Frauds

Who hasn't faced them. Who wasn't blocked by some Instagram /Twitter promotion page or influencer after you sent ETH/BUSD/USDT to their wallet. Feeling so frustrated, tensed, angry and what not. These things are faces especially by smaller projects/artists and also by those who are comparatively newer to the space. ​

Then there comes the problem of rug-pull projects. There is no standardized process to understand, evaluate and identify such projects as the NFT space is still in the pre Big-Bang space.​

Many of us don't know what to look for in a project and depend on information we can gather from the community and all the hype around a project but the MOST important thing in this space is RESEARCH. Here we'll list out all the ways you can be defrauded, all the ways we were tried to be scammed, red flags in a conversation/project/person, how to verify authenticity and how to proceed.​

Let's start!

Examples

We have been approached by scammers a lot of times but we suffered actual monetary loss twice, once on Instagram and once on Twitter. One was from a promotional page and the other, from a "well known renowned" NFT Influencer. Other than that, we have received a lot of scam messages on Instagram, Twitter, Discord and Email which were attempts ranging from

  • Scams
  • Fraud
  • Rug pull projects
  • Paid followers and mass DM services
  • Trojan, Malware and Ransomware.​

See for yourself, what they look like.

The end result will be the same, after the payment they'll block you. What differs is, how deep they weave the net to lure you in. For promotional pages on Instagram, they'll just send you a text about rates, negotiate a bit, there rates are usually low so no one minds betting on that they might actually do it. Then there are those individual accounts which text you to promote your work on pages, they'll comment under your post, send you a DM and even follow you. Then come the influencers, They are the worst. They weave the deepest and strongest web to lure you in and make it sound so legitimate and trustworthy that you almost every time fall for it.

!! 99.99% of them are Fraud !!

The most ideal approach right now is to follow the motto : “Guilty until Proven Innocent“

The First Fraud of $12.
The First Fraud of $12.
A few more attempts.
A few more attempts.

The Epic NFT Influencer “NFTAddict” Caught in the Act on Twitter. Watch the Video here.

We got scammed by NftAddict_31 on twitter for 0.145 $ETH and then caught him on record red handed trying to do the same thing again for 0.5 $ETH. He has been doing it since a long time and has accomplices too.

He claims to be the owner of punk #7107 and Meka#2475.

Culprit :

Prologue:

He says that he is followed by @garyvee and @PostMalone. This generates a sense of authenticity as these are well respected people in the NFT world and them following him means something. In our case, He was also followed by @bigger, @JDaIey and a few more verified profiles. @bigger and @JDaIey follow us too along with other verified profiles. (We are not saying they are a part of his scam, We intend to say that He is using their name to get away with scams. These are well respected people by the community and us.) We go ahead to show the chats we had and the accounts he uses and the projects he claims he has served in path (they are verified projects on opensea.) and how he blocks us after the payment.

The Real Deal:

We use our friend's ID on twitter (Which now we own) and sent him a follow request to which he follows us back and initiates the conversation again. We make him think that we are a non native English speaker and excited about his offering and that we have a budget of 1 $ETH. He moves ahead with the same promises, words and strategies and asks us for 0.5 ETH (Remember he asked us for 0.145 ETH). He claims that he will put in the same money into buying our NFTs on minting day. That shows he didn't read about us as the profile doesn't sell NFTs it just airdrops them to anyone and everyone free of cost. HE EVEN CLAIMED HE TALKS TO GARY VEE AND HE COULD CONNECT US WITH HIM. He took our bait and when we finally confronted him, He blocked us again.

Epilogue :

This could have been you getting scammed. This is a lot of us who got scammed and these people think they can get away with anything. Well not this time, we have him and let's show him what it means to mess with one of the strongest communities in the world right now. So that every scammer is afraid to bones before trying scam.

These are the addresses he uses : 0x9ee9a8d76CD828Ed14Cbfc5ad8b4a6789ce3419C 0x5811603405403ded128b944387e2c7244d0b3b52https://opensea.io/Jas2222And we believe he impersonates that he is : https://opensea.io/Jas225 (Who is the original owner of punks and meka)

Checkout the video

Twitter Promoters, Pages and Mass DM Accounts.
Twitter Promoters, Pages and Mass DM Accounts.

Crypto Jacking / Trojan Virus attempt via mail and Twitter. They'll disguise as a company/representative and offer you somewhere around 1000-5000 bucks. Then they'll send a file which is from dropbox/google drive/any other cloud file hosting site.

The file will be a rar file (compressed file) and contain mostly a file ending with .scr

!! Never Download the file !!

Always ask for documents in their original form (jpeg, png, svg, pdf etc)

Spoofing attempt via discord. They are exceptionally good at conversations and convincing you they really care, they'll even send you email to verify but never on twitter or instagram because they don't have access to the official ID. They use some third party services which mask the email address and If you view it on a mobile device you’ll see only the authentic email ID but that’s spoofed. Always ask them to communicate via the official Social Network channels and not Email.

Another type of Scams are the phishing emails where the sender claims to be an authentic business and send links for updates and claims but in reality those links will either drain your wallet or hack your account. Stay aware of them.

ENS v2 Phishing Scam
ENS v2 Phishing Scam

How to be safe ?

Here's a checklist of what you should consider before moving forward with any transaction on any platform regarding NFTs.

  • Always consider that everyone is out there to cheat you.
  • Always suspect everyone and DYOR (Do your Own Research).
  • If it's too good to be true, It's not True.
  • With the advent of NFT pfp on Twitter, deal with people who have an NFT pfp. Check about their pfp, Its details and the collection it is a part of, on Opensea and how much total sales that collection made.
  • When an individual claims that they played a part in promoting a project, try to confirm that from someone on the project team, or, check if they hold NFT from that project in their wallet. Take the wallet address from the NFT pfp details.
  • Check when did they join twitter.
  • Check what is the follower to engagement ratio. Ex: If someone has 781.6k followers but only 50-100 people engaging with their posts, they are almost a 100% scammers.
  • Try to investigate their most recent 100 followers and check if they are bots. It takes time to build a community.
  • When they ask you to make the payment, take the wallet address and check it on etherscan/bscscan to see the frequency of transactions, how often they received similar amount of money and how often they took it out from the wallet. Also check, how old the account is, i.e. since when are they doing this. The older the account the better. The less number of withdrawals and the more number of deposits, the better.
  • Stay aware of Verified profiles too as they are available for sale and rent (Yes, that’s a thing apparently, There are marketplaces for them too) It’s Highly possible a Verified Profile is has been purchased by someone who want to run a scam. This has been at All time High since the apecoin launch and Azuki success.
  • Always ask to communicate via the official account. Spoofing accounts contact you via discord, telegram and email, not from Twitter and Instagram. If they say they are from YouTube, go to the official YouTube account, about section , get the email address and mail them a code, ask them to give it to you.
  • When they give you a wallet address, go to opensea.io/, It'll open their profile. It'll show what they are holding and all the activity they did, Try to ask them about what NFTs they hold and verify it against the address they gave you. If they say they hold it in some other account, Insist on that you'll send the money to that account. This happens a lot on twitter, there are many fake people who claim to hold BAYC, MAYC, CryptoPunks, RTKFT etc. Insist that you'll send money to the address that holds the NFT. Also try to look at how old and account is and what transactions have been done, on EtherScan.
  • CryptoJacking/Trojan horse attacks/Virus are spread via files sent over cloud storage. NEVER DOWNLOAD THOSE FILES. No matter how much money they offer you, Your PC/Mobile will be infected 100%.
  • Try to deal on Twitter the most as it dosen’t have the feature to edit/delete messages in DM. Avoid Instagram, Telegram, Facebook, Discord or any other Social Media.
  • Try to deal with people who have their opensea address on their Social Media and Vice-Versa.

The reason Blockchain is so popular and a revolutionary base technology is because it removes the need for trust. Trustless environment is its biggest USP. So Never trust anyone and only trust the data. These are the pre big bang stage for NFTs and other blockchain products.

Rug Pull Project Case Study

I always heard about rug pull projects, saw a few on OpenSea but never experienced it live until 2 Feb 2022. This project was AstroFriends.

I joined them a day before launch and was impressed by the way the founders were interacting with the community. The community itself was great. Met a lot of lovely people there. I was immediately invested into them and the artwork + roadmap looked sick. I was impressed. I started interacting, giving feedback and advice and in no time, I was a community favorite because of the knowledge and insights I provided not just to the founders but the people too. I was directly talking to the founders after 8-10 hours. I even got on the whitelist. Then it happened.​

First 🚩. 10 minutes before the Minting process, they announced that they would close the general chat channel and every other channel.

Second 🚩. Then they forgot to close one channel where I got in and started asking questions. I also noticed a discrepancy in the total number of users, WL and actual people there. Then they announced the minting page on general chat, not in the announcements or minting info channel.

Third 🚩. The minting site link, it should have been mint.astrofriends.io (sub domain) but it was, astrofriends-mint.com.

Fourth 🚩. I visited the Twitter handles and Instagram handles of founders on their website and texted them, turned out, that was also fake, the identity they gave was someone else. I talked to the man and he said he was approached by them to change his username and tweet a little about AstroFriends which he refused.

Thankfully, No one minted significantly and the project was a flop because they did a small mistake that they closed the general tab. But if they didn't, they would have been successful in scamming about 5000 people and more which is scary as  hell. That's how I witnessed a rugpull project.

How to be safe ?

  • Always DYOR (Do Your Own Research)
  • Never mint first on WL. Wait for sometime and simultaneously check on Opensea the rate at which minting is being done. You always have minutes and checking up and being sure requires much less.
  • The project minting date is at least 1 month away from the announcement date.
  • The project is not only active on discord but also on social media with a good engagement.
  • The founders are active too. The roadmap looks promising and not too dreamy.

You have to be vigilant, careful and always attentive to detail. If something feels off, It most probably is.

Stay Safe and Stay Vigilant.

Have a safe trip in the ever evolving world of Blockchain.

Subscribe to The DarkMonk Studios
Receive the latest updates directly to your inbox.
Verification
This entry has been permanently stored onchain and signed by its creator.