Original Source: Alpha Rabbit Research Notes
Original Source: Alpha Rabbit Research Notes
With the rapid growth of the NFT market, the transaction volume of the NFT market will reach nearly 44.2 billion U.S. dollars in 2021. The temptation of huge amounts has led to a large number of professional scammers and professional scammers in the digital world to infiltrate the encrypted world, and these scammers in the encrypted world, in the face of Inexperienced encryption novices carry out dimension reduction strikes, in order to provide you with some useful security guidelines, which is the opportunity to write this article.
This article is mainly divided into the following parts:
1) As a newcomer to Discord or want to participate in NFT projects, what should you pay attention to?
2) The current environment of Discord
3) Safety guide from Discord official
first level title
NFT Anti-Scam Guide
First provide some security operation guidelines that ordinary users need to remember, and we will analyze it further later.
First of all, we must pay attention to: the deceptive nature of the scam is usually to use human hope, greed (for example, the heavens are auspicious! Congratulations, you have won the big prize) and fear (we are official personnel, you have deceived people, you must Arrest you, and report your ID card and bank card password quickly).
0. Do not believe all DM (Discord Message) with links, it is recommended to close the DM directly
secondary title
Some possible doubts about NFT projects (need to pay attention)
1. Discord does not open public chat rooms
2. Twitter does not open comments
3. Non-original design
4. Non-WL can also Mint in Presale
5. The team is completely anonymous, especially the designers ️
6. There are very few core members, and the MODs are all volunteers found online ️
7. Never held an AMA️ (Ask Me Anything)
8. The lottery will always only draw WL or the free NFT of this item️
9. There are basically no other activities except the lucky draw ️
10. Among the WL requirements, head pulling accounts for a large proportion ️
11. Presale is very hasty ️
12. The number of Mint in each wallet is large (3 is more)️
13. The project cycle is relatively short (2 weeks is short)️
14. The activity of the General channel is extremely low (accurate harvesting of domestic leeks)️
15. Few people follow on Twitter, few comments and retweets ️
16. There is no linkage with other project parties (the blue chip Holder is not considered as linkage)
17. Do not believe all DMs with links, it is recommended to close the DM directly
(The above is for reference only)
Notice:
Notice:background
background
Let's start with a story:
In July 2021, when Heart, a 50-year-old part-time outdoor coach, was training outdoors with her children, her home was burned down due to a short circuit of the wires. The house insurance had expired, so all her property was destroyed. Later, through a giveaway from the blockchain company Nametag, Heart obtained a Boring Ape NFT.
The brand attribute of Boring Ape NFT is like LV Chanel in the world of consumer goods, and the current price in the secondary market can reach millions of dollars. The monkey was worth about $35,000 when Heart received it, and has since risen to $80,000.
But just last August,Heart received a link to a VeeFriends giveaway sent directly from a stranger on the chat platform Discord, and everything seemed to make sense, with the URL pointing to the project's official website.However, when she was about to receive the gift, the official website asked to enter her mnemonic phrase, after she entered:
All the Eth and monkeys in my own account are gone.
With the rapid growth of the NFT market, the transaction volume of the NFT market will reach nearly 44.2 billion U.S. dollars in 2021. The temptation of huge amounts has led to a large number of professional scammers and professional scammers in the digital world to infiltrate the encrypted world, and these scammers in the encrypted world, in the face of Inexperienced encryption novices carry out dimensionality reduction strikes.
As a public chat platform, Discord is one of their breeding grounds.
Data shows that in January 2022, at least 44 Discord servers were attacked and the loss exceeded $1 million.The NFT project is an arena that is very attractive to scammers. Some people have begun to enter the NFT field with industrial models and large-scale fraud teams. However, none of this has affected Discord's growth. In September, Discord raised $500 million, more than doubling its valuation to $15 billion amid huge growth. Chat services have long been a popular platform for video gamers,Over the past year, it has become the de facto town square for the crypto community, so much so that every major NFT project and decentralized autonomous organization now has a Discord server.
On the surface, Discord doesn't offer anything significantly different from traditional enterprise messaging platforms like Slack or Telegram, which primarily offer voice and text chat tools. Founded in 2015, the company was mostly a communication platform for video game players in the early days, but in the past year, it has become an active organization for the cryptocurrency community, but in fact Discord does not provide any traditional corporate messaging platforms such as Slack or Telegram. completely different value,It is mainly a voice and text chat tool.
Discord was primarily a place to hang out, but gamers have since been replaced by crypto gold diggers, many of whom firmly believe in the advent of a decentralized internet age, and as NFT prices soar, Discord provides a ready-made venue for DAOs and NFTs,A free club with no janitor, and a meeting space big enough to host parties of thousands。
From 2019 to now, Discord's MAU has grown from 56 million to more than 150 million, which has brought great security challenges, and the governance rules for personal Discord servers have not been iterated. Therefore, the responsibility for maintaining platform security lies with the main It is the individual person in charge of the server, some are volunteers, and some are employees of DAO and NFT projects. The division of employees is relatively chaotic.
While Discord has rolled out new moderation tools like blocking a user and hired a full-time security team, moderators are often the first line of defense when scammers start scamming a channel.
The way Discord is set up, it makes it really easy to fall for those scams between notifications flying in every five seconds and the way you can change your avatar, your username,” said Nicholas Ptacek, a former computer security specialist at SecureMac who now writes about NFTs and crypto. “It's kind of a scammer’s paradise.”
According to Nicholas Ptacek, former computer security expert at SecureMac:
"The way Discord works (you can send messages at will, you can change your username and avatar at will) is a bit of a scammer's paradise."
Even in the Internet age, phishing schemes will appear frequently, but because the NFT industry is still in the early wild era, with valuable digital anonymity, large assets, and mysterious technology, the influx of Xiaobai... This really is a playground for criminals.
The consequence of the decentralized system is that no one can be fully responsible for something. Does Discord have a security responsibility for the welfare of its users? Or does the person in charge of each server need to protect users? Or do users themselves need to learn all the basics of security, like not clicking on links sent by strangers?
From the perspective of security experts, the number of scams is only one aspect; more importantly, many scams are becoming more and more sophisticated. Just like how the immune system works:Although NFT holders have a certain immunity to common scams, such as not trusting any unfamiliar information, they will protect their mnemonic phrases. However, since the security features are still limited, more and more new ways are starting to appear for users to deceive Web3er.
However, there is basically no way for the deceived to recover their losses. Although OpenSea flags stolen items and prevents them from being traded on the platform, it cannot reverse transactions, meaning it cannot return stolen NFTs to their rightful owners.Jonathan, an intellectual property lawyer at Chilton Yambert Porter, believes that usually, victims can only write to the person who inadvertently bought the stolen NFT and buy back the artwork in full. Because the relevant departments do not have clear supervision of this world, most of the time they can only be willing to admit defeat.
Safety advice from official Discord
First of all, when we are about to click on the link to join the server and welcome the new airdrop, it may happen that although the link seems to be correct, something still seems wrong.
Feature 1, the way the other party speaks is not humane, such as threatening you with certain matters, and there is a certain deadline, warning you that you must join a certain project? Link? Otherwise you will lose your chance. One of the characteristics of this kind of scammer is that he has never posted information on any common server with the user, nor does he share a common server with you, but he will suddenly strike up a conversation.
According to the Federal Trade Commission, 2021 will see a surge in online scams. While Discord's mission has always been to make Discord the best place on the internet for people to find a sense of belonging, and we've enjoyed seeing interest-based communities bring people together, we've also seen some dangerous people try to take advantage of them.
So here we are to share with you the extra steps we are taking and introduce some ways you can protect yourself on Discord. I hope you keep these safety skills in mind:
For regular users:
Do not click on links from unknown senders or that look suspicious.
Do not download programs or copy/paste code you do not recognize.
Do not reveal your password to anyone!
Do not share or screen share your authorization token.
Don't scan any QR codes from people you don't know or whose legitimacy you can't verify.
Enable 2-Factor Authentication to keep your account as secure as possible.
For server principals:
Audit server permissions, especially with advanced tools like webhooks.
Keep the official server invites up to date, especially if most of your new server members are from communities outside of Discord.
Likewise, don't click on suspicious or unknown links, if your account is compromised it could have a bigger impact on the community you moderate.
Internet Safety Checklist
(Internet Safety Checklist)
text
1. Only open trusted links from people you know
A lot of security issues stem from users clicking on links before checking whether they are real or not. Always double check the links you are about to click. Link shortening services can easily mask unsafe websites or programs. It is recommended to check it through a resource like VirusTotal to see if someone has flagged it as potentially dangerous.
2. Pay attention to URL spelling
3. Don't download programs or run code you don't understand
4. Do not download or run software from unknown sources
5. Be cautious about programs sent to you by strangers
if someone claims to have"A particularly wonderful software" requires you to run on your own computer, and it is likely to mislead you so that they can use phishing programs to obtain your personal information.
Discord Safety Checklist
(Discord Safety Checklist)
Decide who can send you DMs: Disable DMs for specific servers to prevent scammers hiding in large communities from contacting you.
To adjust who can and can’t DM you, head into User Settings > Privacy & Safety, then scroll down to “Server Privacy Defaults.” From there, you’ll find the option to “Allow direct messages from server members.”Note that this new state only applies to servers added after changing the setting; it will not affect your existing servers.
If this option is turned off, newly joined members of the server will not be able to contact you via DM unless you are friends with them beforehand, there is a certain risk of receiving suspicious messages from people you don't know.
If you're on a server you trust and don't mind being messaged by people on it, you can toggle privacy settings on an individual basis.Head to that server on desktop or mobile and select its name to open the server's settings, and choose “Privacy Settings.” Once there, you’ll find the “Allow direct messages from server members" option. Turn that on, and you’re free to receive all sorts of DMs from everyone in that server, regardless of if you’re friends or not!
Audit Server Permissions
Knowing what permissions are available to templates and members within the server is key to keeping each member of it secure. If you are a server owner, have you checked the permissions list recently? Who has what authority? Do you know they have this access and for how long?
Make sure only moderators you trust have permission to alter powerful server tools, including any bots you may add to your server, and be wary of bots masquerading as large, well-known bots.
Keep Invitation Links Updated
If links to servers are updated, make sure your community and new users are aware of the changes, and always update any social media pages where you share those links. If possible, include references to the old invite links and let everyone know that these links have been updated.
(This is doubly-so for servers Partnered, Verified or Level 3-boosted servers that utilize a vanity URL: if your server loses or changes its custom invite link, nefarious communities may swoop in and claim your old one. If this happens before you update your public-facing invites, people trying to join your community may instead join a server that’s looking to cause trouble. )
Notice! If someone gains control of your Discord account, they can change your username, password, email associated with the account, and any other information associated with your account.Once a thief has access to your Discord account, they can see all your personal information. From server layout to server permissions, to robots, you can even kick all your users out of the server, if your account is the person in charge of the server targeted by hackers, you may even use your account as a stepping stone to further damage within the community, Impersonating you to trick unsuspecting members.
All professional scammers, may also target Discord accounts with unique profile badges that cannot be duplicated, such as an early supporter charter badge, etc. If you have one of these unique badges, you should be extra wary of your account.
It is recommended to enable 2-Factor Authentication on the account, because scammers also need to provide 2FA codes to change your password(The rabbit will continue to explain in related articles later)
Reiterated
For regular users:
Do not click on links from unknown senders or that look suspicious.
Do not download programs or copy/paste code you do not recognize.
Do not reveal your password to anyone!
Do not share or screen share your authorization token.
Don't scan any QR codes from people you don't know or whose legitimacy you can't verify.
Enable 2-Factor Authentication to keep your account as secure as possible.
For server principals:
Audit server permissions, especially with advanced tools like webhooks.
Keep the official server invites up to date, especially if most of your new server members are from communities outside of Discord.
Likewise, don't click on suspicious or unknown links, if your account is compromised it could have a bigger impact on the community you moderate.
Some possible doubts about the NFT project (need to pay attention, need to continue to add)
1. Discord does not open public chat rooms
2. Twitter does not open comments
3. Non-original design
4. Non-WL (W List) can also be Mint in Presale
5. The team is completely anonymous, especially the designers ️
6. There are very few core members, and the MODs are all volunteers found online ️
7. Never held an AMA️ (Ask Me Anything)
8. The lottery will always only draw WL or the free NFT of this item️
9. There are basically no other activities except the lucky draw ️
10. Among the WL requirements, head pulling accounts for a large proportion ️
11. Presale is very hasty ️
12. The number of Mint in each wallet is large (3 is more)️
13. The project cycle is relatively short (2 weeks is short)️
14. The activity of the General channel is extremely low (accurate harvesting of domestic leeks)️
15. Few people follow on Twitter, few comments and retweets ️
16. There is no linkage with other project parties (the blue chip Holder is not considered as linkage)
17. Do not believe all DMs with links, it is recommended to close the DM directly
I wish all friends who read this article will be safe and successful!
