Snowball Docs
Searchβ¦
π
Welcome
π³
Governance
π
Our Products
π
DeFi University
π»
Smart Contracts
EX 151 - Spotting Scams
The ability to spot scams in the world of decentralized finance is incredibly important, as this is a new and rapidly growing industry. This course will cover the following:
- Exploring Types of Scams
- How to Avoid Scams
Suggested Prior Reading:
None.
Introduction
To begin with, it's important to be aware of the types of scams out there. There will always be new ones being created, but most can be categorized into the following:
- Fake Websites
- Social Engineering
- Scam Tokens
- Rug Pulls
- Pump & Dumps
Let's look at each one of these in detail, and how to avoid them:
Fake Websites
This type of scam is probably the simplest to understand, and to avoid. It quite simply involves a scammer setting up a website that looks similar to a legitimate project's, in order to fool users into using it. For example, a scammer could try and impersonate snowball.network by creating a website with the URL sn0wball.network. They would then pay or manipulate search results so that their website appears high up on Google search results, for example.
The difference would be that when a user visits their site, instead of depositing their funds into Snowball's compounding strategy contracts, they would likely just be sending their funds to a scammer's wallet.
The ways to avoid falling for this type of scam are as follows:
- 1.Bookmark the DeFi projects you are using. This means you will not have to search for them when you wish to access their apps.
- 2.Always check the URL of a site extensively before making any transaction.
- 3.Always make sure the website has a valid SSL certificate. This means checking if the site's URL is prefixed by https:// and not http://, or clicking the lock symbol on the URL bar of most modern browsers.
- 4.Confirm the transactions being made. Are they to the right contract? Search for the address in a block explorer to verify if that is the case.
Social Engineering
This type of scam can take place through email, social media platforms, messaging boards, or anywhere you are communicating through. This is because it revolves entirely on scammers trying to get information from you.
Someone could reach out to you through Telegram or Discord, for example, telling you of this really cool airdrop (free tokens) that is taking place on any specific site. To claim it you'll just have to input your wallet address, seed phrase, twitter handle, and your favorite color! Wait. Did they just say seed phrase?
Giving your wallet's seed phrase or private key to anyone will always result in you losing all of your funds. The scammer will be able to access your wallet and simply transact all your funds into their wallet.
The single and most effective way to never fall for these scams is simple. Just never give your seed phrase or private key to anyone. Ever.
Scam Tokens
These tokens usually come in two forms; tokens pretending to be another token, and tokens that encourage a user to visit a specific site/app for scamming purposes.
An example of the first type would be a token with the symbol USDC, that isn't actually the real USDC token. There are many reasons why scammers could try and convince others that their token is the real deal. Regardless of their strategy, their goal is to create some money out of thin air.
The other kind is more common, however, and is especially prevalent in blockchains such as the Binance Smart Chain. This is where a scammer sends a scam token, usually with the name of a website, to thousands of wallets. Visiting the site will likely start some form of social engineering scam, or attempting to sell the token will instead trigger a malicious transaction that will try and steal your other funds in your wallet.
An example of such tokens can be found here. Very often block explorers are smart about these types of scams and have warnings on their pages:
Warning on bscscan.com (BSC's block explorer)
In order to avoid these scams, do the following:
- 1.Always check the token address of any token you are transacting, especially for any token not natively supported by a decentralized exchange.
- 2.If you suddenly receive a random token you do not recognize in your wallet, simply ignore it.
Rug Pulls
Rug pulls are perhaps the flashiest of all scams in DeFi, especially since they are a little harder to spot and affect a ton of users at once. This is where a project's smart contracts allow the team behind it or whoever deployed its contracts to simply take control of all the funds deposited in them.
In practice, this usually means a project markets themselves for a couple weeks or months, offer a lot of rewards for early investors, probably deposit a lot of their own money to fool others into doing the same, wait until a lot of people deposit and then steal it all.
To avoid these sort of scams, there are many strategies:
- 1.Use protocols that have been audited by a credible source, or is a direct fork of an audited project.
- 2.Look at their documentation and/or Github repositories. If they are lacking one or the other, or don't have their contract addresses and code open-sourced, don't use that protocol.
- 3.Check the contract you are interacting with on a block explorer. If it is verified, you can look at its code to confirm it is not different that what the team indicates.
- 4.By checking the contract on a block explorer, you can also see where the deposited funds are coming from. If 90%+ is from a single wallet, that is a huge red flag.
- 5.In general, have common sense. If a protocol seems too good to be true, or its value comes from their own token instead of any inherent value of the protocol itself, make sure you know exactly what you are getting into before investing any money.
Pump & Dumps
A pump and dump is a scam very common in traditional finance, where scammers make hyperbolic or greatly exaggerated claims about an asset in order to get others to buy into it. The scammer at this point would already own a lot of such asset, and once the price increases due to their marketing / scamming efforts, they sell their assets, resulting in a dramatic drop in price of the asset. As the name suggests, this is a rapid pump in asset prices, and then a rapid dump in asset prices.
This scam usually takes place in assets of low marketcap and/or liquidity, since their prices are easier to manipulate. Since in DeFi there are a lot of new tokens with low liquidity and marketcap, this type of scam has become relatively common. Buying such tokens can quite enticing since you'll likely see a huge increase in price in a short amount of time. It is also possible to make quite a bit of money while willingly participating in such a scam, but only if you sell your tokens before the scammer, which is not likely to happen.
In order to avoid becoming a victim in one of these scams, do the following:
- 1.Avoid sensationalism around any specific token. Never invest in anything just because someone on social media or YouTube is talking about it.
- 2.If a token does not provide any utility, or doesn't derive its price from any product, it is likely only being propped up by sensationalism. While not exactly a pump and dump scheme, it usually results in very sudden and large drops in price from early investors selling their tokens.
- 3.Don't buy a token simply because of a sharp rise in its price. Especially in low-marketcap tokens, this could be due to a single large investor buying, and is prone to equally as sharp drops in the future.
Closing Thoughts
There are many scams to be wary of in the DeFi ecosystem. Sticking to reliable, open-source and governance-oriented projects will always be a surefire way of avoiding most of them. Ignore any messages you receive in social media about free tokens, and don't sacrifice the safety of your funds for a temporary massive yield.
A common saying in DeFi and cryptocurrency circles in general is "Don't trust; Verify". This hints that the fact that in a blockchain, everything is transparent and public. You should verify everything you do in DeFi, and not just blindly trust in any person or entity. Simply put, if you can't verify it, leave it be.
Last modified 1mo ago
Copy link
Edit on GitHub