My DeFi Wallet Got Hacked | Don’t Repeat This Mistake!
DeFi scams are rising, and everyday scammers are using new tricks to steal our money. If you don’t understand the difference between a real offer and a fake one, the chances of getting scammed are very high.
How I Almost Got Scammed😨
When I was new to Crypto, I didn’t know about Crypto Scams and one day I received a DM with Crypto Wallet’s Recovery Phrase and Private Key.
I was surprised to see the recovery phrase in my DM but when I imported that recovery phrase into my wallet, I was shocked to see real 3800 USDT.
Obviously, after looking at that amount anyone would think about withdrawing the money and I was also thinking the same. However, the wallet didn’t have enough $ETH to cover the gas fees so I wanted to send $50 worth of ETH to that wallet because gas fees were between $40–50 USDT but I am lucky that I didn’t have enough ETH at that time and I never sent funds to that wallet.
I was sad because I was unable to claim free 3800 USDT but later I did some research and got to know about the multi-signature wallet scam.
1. What’s Multi-Signature Wallet Scam?
Multi-signature wallets require confirmation from two or more owners to approve an outgoing transaction. This means you can see the balance or deposit more funds but withdrawing isn’t possible without the approval of two or more owners.
Scammers create multi-sig wallets and share recovery phrases to scam crypto investors. That day, I lost $50 USDT but also learned that we should not trust anything when it looks too good to be true.
Multi-Signature Wallet is one of the many scams. Let’s learn about other DeFi Scams & Security Risks and how to avoid them.
2. AirDrop Scam
The DeFi industry in 2024 is filled with 100s of live and upcoming Airdrops but there are 1000s of fake airdrops that are active too and identifying the difference between a real and fake airdrop is very difficult for a crypto newbie.
Scammers often go after new crypto investors, tempting them with the promise of free tokens while trying to get into their Web3 wallets.
What’s the Solution?
I would not tell you to stop airdrop farming because real airdrops can give you 1000s of dollars in crypto for free but to keep yourself away from scam airdrops you should never connect your main wallet to farm airdrops.
- You should always keep a separate wallet for airdrop farming, which significantly decreases the risk of getting scammed by connecting the scammer’s websites.
- Understand the difference between a real profile and a fake one because scammers create real-looking profiles with Verified Tick on social media to promote fake airdrops and 1000s of users fall for this.
3. Risk of Token Approval
No dApp can access the user’s crypto assets without token approval from the user’s wallet. This allows smart contracts to access a specific amount of a user’s tokens without needing a wallet signature for individual transactions.
Crypto investors approve 100s of transactions while trading on dApp but some users don’t have any idea that they are giving token access permission while trading + they also don’t understand the risk of smart contract token approvals.
Scammers exploit token approvals through the use of malicious smart contract functions to drain tokens from the user’s wallet.
What’s the Solution?
Token approval is the most important step when trading on dApp so skipping token approval isn’t possible.
- The only solution to keep your funds secure is to use two different wallets, one for connecting with DeFi and the other for storing crypto. Keeping funds for DeFi in a separate wallet limits your risk because you only keep that amount of funds in the wallet that you need for DeFi.
- The second solution is revoking token access. Websites like Revoke.cash allow you to remove the token approval from the wallet. You need to paste your wallet’s address and it will show you a list of all approvals and the option to revoke permission. However, you need to pay gas fees to revoke each transaction.
4. Fake Website Scam
Some users visit dApp by searching the name of the dApp on Google and they end up connecting their wallet to a fake but original-looking (Clone) website.
Similar to the Airdrop scam, scammers promote ads on Google and you know for Google it doesn’t matter if it’s a scam or real they will always show ads before the real website websites.
What’s The Solution?
You should bookmark the real web address of all dApps you visit regularly. Accessing a dApp using the bookmark section completely removes the risk of accessing a clone website.
Sometimes, we use a new device where we don’t have bookmarks. In that case, you should always double-check the website’s address to be sure you’re on the right website.
5. Files With Virus
This is my real story. Around two years ago, I was downloading an important file. When the download was complete, I got a security warning but I was in a hurry so I ignored the warning and opened the file but within a second of opening the file all the account that were logging in to my PC was hacked including my Metamask wallet.
Virus usually comes with .EXE file. Sometimes, you also receive .EXE files with viruses in email so stay alert to avoid these scams.
I also tweeted about this incident.
What’s The Solution?
- Use a secure antivirus on your PC or Laptop. The default free Windows Defender on Windows PC is also good enough to alert you.
- Always download files from official sources and don’t ignore the alert (if you receive any).
- If you have enough budget buy two different PCs or Laptops, one for only Crypto/DeFi and the other for everything else.
Now, this article has come to an end. I hope you found this article helpful and now you will stay safe in DeFi.