How to keep your info SECURE

Midnite Movie Club
7 min readJan 25, 2022

--

NFT & Crypto best practices

The crypto and NFT space is still new and very much the Wild West. You’re gonna encounter snake oil salesman and scammers along the way so it’s best to be aware of how best to keep your information and assets secure. The following is a guide to common scams in the space, but please be aware: scammers are constantly coming up with new ways to try and bilk you out of your money, so this is by no means a complete guide!

Never share your Secret Recovery Phrase (aka Seed Phrase) or do a Screenshare with a stranger!!!

#1 Turn OFF your Discord DMs

A lot of the scams happen on Discord and the majority of these are within your private Direct Messages or DMs. Scammers will be finding way to get your Secret Recovery Phrase aka Seed Phrase — NEVER REVEAL YOUR SECRET RECOVERY PHRASE TO ANYONE… I REPEAT ANYONE!!

The easiest and BEST way to protect from scam DMs is to close your DMs globally, which means when you join a new server, your DMs will by default be set to OFF (unfortunately Discord defaults them to ON).

To turn these off globally, go to your account settings by clicking the gear icon next to your Discord name (see below):

Then navigate to the Privacy & Safety tab (below left), then turn the “Allow direct messages from server members” and set it to OFF -greyed out- (below right). You might get a pop-up asking to set all your current servers to this as well, you should definitely do this, you can always turn them on again later if there are servers you feel safer in, like say a server that’s just you and your friends.

Another way to turn OFF your DMs for individual servers is by clicking the name of the server at the top of the channel side bar and selecting Privacy Settings and turning them OFF that way (see animated gif below):

So what should you be on the look out for exactly? The scammer will phish for ways to get your Secret Recovery Phrase, usually by trying to assist you in “validating” your wallet, which is not a real thing. Here is an example from one of our MMC members who was DMed through a different server where her DMs were not turned off. Luckily, we trained her well and she knew this was a scam immediately and sent us screenshots to share and help others from recognizing scammers. These types of scams are the NFT version of the “Nigerian Prince” scams that plagued email when it first came around.

#2 Fake Discord Bots / Team Members

Example of fake CollabLand verification bots

NFT projects typically use bots like CollabLand to verify your wallet is holding their NFT, once verified you gain access to all their member perks. Scammers have used this as a way to bilk people out of their assets by making imitation bots. In this scan, you don’t give the scammer your Secret Recovery Phrase but instead sign a contract that gives them access to your wallet. They make the bots looks very similar to the REAL bots (as seen above). Always be careful when dealing with bots and if unsure, verify with the project Team that the bot you are interacting with is in fact the real deal.

Fake Team Members/Mods

Scammers will also mimic the Discord Mods or Team members profiles from a project and DM you that way. Because Discord allows people to make any user name and even allows duplicates (but not duplicate names and user #s) always check to verify that the name and # MATCH the members running the project. Again, Team Members and Mods will never DM you out of the blue and send messages like the one below:

Fake DM where scammers are posing as project Team

These fake team member DMs will usually offer a free airdrop or a special early mint. This is always bullshit, never click links in your DMS.

#3 Discord Server Hacks

Some scammers have found ways to exploit security holes in some Discord server’s settings (usually through webhooks — read up on those if you wish). What they do is hijack the server and lock out the Team and post fake messages that the mint is happening early (or they’ll wait til the ACTUAL mint day to do this to really trick people) and post fake minting links. Members try to mint from these links but do not get an NFT, they’re just sending money to the scammer’s wallet.

This is why we have decided to ONLY post our MMC minting link via Twitter, so you know if you ever see links posted in our Discord claiming to be mint links you’ll know it’s not real. Other projects have used this method with great success.

An example of a hacked server posting multiple fake early minting alerts

A lot of times it’s very obvious when a server gets hacked because every channel is posting multiple minting links over and over again, but some are not as obvious. These scams rely on members FOMOing and clicking the link immediately in order to not miss the mint in case it sells out. It’s better to miss a mint and buy on it secondary market than sending your money to a scammer!

#4 Fake Minting Websites

Some scammers will completely clone an NFT project’s website but have a slightly different URL. This tricks people into thinking they’re buying from the actual project but you’re really just sending your money to a scammer.

These scams rely on changing the url for the site ever so slightly where you might not notice it, such as rearranging the letters. For example you might not notice that the site actually says midntiemovieclub.com or midnightmovieclub.com which are NOT the real website url.

This is why projects always tell you to only use the official links listed in their Discord links channel. When in doubt go through the links posted in their Discord or on their actual Twitter account. (scammers will also make fake Twitter accounts).

This ALSO applies to secondary market sales. ALWAYS confirm you are on the ACTUAL site you think you are on. It’s best to type these in manually or save a Bookmark and search for the NFT you’re looking for rather than clicking a suspicious link.

#5 Fake Secondary Market Collections

The scams don’t stop with the minting process either. You have to beware of fake collections on the secondary markets like OpenSea as well.

Here is an example of a project that launched on the Solana network but was cloned and posted as a fake collection on the Ethereum network by scammers.

If a project is revealed, the scammers will download the jpeg images of some or ALL of the NFTs in the collection and make a fake collection page on OpenSea. They’ll even link to the projects REAL socials and website from that page to seem more legit. Always get the OpenSea collection link from the project’s official links on their site, Discord, or Twitter.

There used to be a time where OpenSea would give a Blue Verification Checkmark to the real projects, but OpenSea has been shitting the bed with their Customer Service and lots of MAJOR projects who minted months ago are STILL waiting on their verification while scammers continue to make money (and OpenSea still collects royalties on the scam sales). This is why lots of people have been embracing LooksRare as the new secondary market because they are verifying real projects very quickly.

You can also click through the NFTs and check the smart contract on Etherscan to verify they are owned by the actual team.

--

--