Cautionary Tips: An Overview Guide for Community Members When Handling Digital Assets
As the market dips and the hype quiets down for crypto winter, many existing crypto community members are potentially redirecting their interests away from the volatile market with the exception of occasionally buying the dip. Yet there may also be interested parties that are looking to enter the market now that it’s calmed down. Regardless if you’re a newbie coming into the market, or someone who has been away for awhile, there’s some basics that we want to remind our members of when handling crypto.
Caution 1: Traders focused on key centralized exchanges may not face the first issue– when you see a OAX/BTC pair trading on Binance, you can be pretty sure that the OAX token is truly the token belonging to OAX Foundation. However, as many articles and seasoned professionals will remind you (oh wait, we touched on this point in one of our recent articles too!)– keeping all your digital assets on a centralized exchange wallet is not the best idea.
So what happens when you’re trading on decentralized exchanges or moving tokens to self-custody wallet? Always check the contract addresses to ensure you’re interacting with the token you think you are. Token names are just that, a name. And just as you might know more than one John or one Christine, the name might be the same but the person (or the token) is very different. Similarly with adding tokens to your metamask account, find the token address from legitimate sources. (In case you’re wondering, you can find OAX’s token addresses from the Etherscan and BSCscan link found at the footer of our website). Likewise for NFTs (afterall, they’re just tokens as well), always check to make sure you haven’t purchased a fake!
Why can’t these fake tokens be removed from the platform? Unfortunately in a decentralized environment, any type of trading pair can be listed, it’s open to the market and there’s no centralized entity that sorts through everything. Decentralization means the user must take ownership and do the necessary checks and precautions.
Caution 2: As mentioned above and in our recent article, we cannot stress enough– don’t store all your tokens and NFTs in one account! We refer to the old adage “don’t put all your eggs in one basket” in this scenario– should the wolves come it’s best to limit the access they have in one go.
We’ve already gone into some detail about the different wallets you should use for your digital assets so that’s all we’ll say at this point, but it’s a fundamental first step to keeping your assets safe.
Caution 3: If you’re new to the world of self-custody wallets, you’ll soon encounter what is known as a “Secret Recovery Phrase”. Sound familiar? Generally running around 12-words long, this is the absolute essential to your wallet.
Repeat after us: Never, EVER share your Secret Recovery Phase with anyone, including the company that created the wallet you’re using. Chances are, if someone has asked you for the recovery phrase, you’re not actually speaking to legitimate support staff.
Caution 4: You’ve created your new self-custody wallet and you’re ready to take ownership. At some point you may even go to look at your wallet on a blockchain explorer and you find random tokens have been sent to your wallet that you’re not familiar with. Sweeeeettt– did someone forward you their tokens by accident?
When this happens, we have another saying for you: “there’s no such thing as a free lunch”. This isn’t loose change that you find when cleaning your sofa. Airdrop scams (we said tokens but actually this can apply for NFTs as well) are often used as bait by nefarious players with the hope that you’ll connect with their platforms, give up important information and/or grant permissions. Earlier versions of airdrop scams might have requested you to send information to the platform to receive free tokens, but they soon morphed to sending tokens, laying the bait for you to claim and do more.
Of course there’s a small chance that they might be legitimate tokens (for example, via periodical airdrops or benefits from exchanges or HODLing certain tokens that you might have forgotten about) but when things are too good to be true, they very often are.
Caution 5: Authorizing permissions to connect to your wallet is exactly what it sounds: do you allow a third party to gain access to your self-custody wallet. Depending on the platform, the access required differs, similar to giving apps permission on your phone.
Unlike the app permissions you mindlessly grant on your phone, the implications of authorizing third party permissions connecting to say your Metamask account could have far greater consequences. When done correctly, an exchange for example can not only see what assets you own but also take your tokens out to do a swap and put tokens in. That sounds fine and good, but when code is added into the contract that allows for others to access your funds even without your permission, whatever sits in your wallet can easily be drained.
So when you get an approval pop-up asking if you want to grant permission, make sure you know what you’re connecting to, and if it’s something you’re testing out, remember to connect with one of your spare wallets that you now know how to create.
Furthermore, every now and then, go through your permissions to see who you’ve granted access to and clean it up! Revoke unnecessary permissions to avoid future trouble. While we realize that every interaction on the chain requires gas fees, you’d rather pay a little extra in gas fees than to become a sitting duck.
Caution 6: Scams and phishing isn’t only done for normal tokens, but also for NFTs. Even when you’re super excited to mint an up-and-coming NFT collection on its public sale round, be extra careful and check the NFT site (for potential phishing/duplicates) before authorizing any Metamask transactions!
We’ve talked about the Bored Ape hacks in previous blog posts, but users ought to be cautious even when getting information from projects’ official platforms as well. Previous scams have included hacking into the project’s official sites or creating fake sites with fake NFTs. Always, always, always, DYOR!
What do you think? What else would you caution your new joiner friends when they begin their crypto journey or need a refresher reminder?