DeFi is all the rage these days. It has opened up new avenues for us to earn income with little to no work. However, with great gains comes great responsibility. And, Unfortunately, the DeFi space is also rife with scammers ready to pounce on investors who are not security savvy.
One of the main downsides to DeFi is that you have to use non-custodial wallets, like MetaMask, to interact with decentralized exchanges. This means that you and you alone are in control of your private keys and your security. One small mistake when using these wallets can be costly.
Twitter, Facebook, and Reddit groups are full of horror stories of people who have lost their funds due to their MetaMask wallet being hacked. And, they all swear that they did not reveal their password or private keys to anyone. However, a scammer was somehow able to drain their wallets dry. How did this happen? Were they actually hacked?
As it turns out, it is possible to be hacked, however, this is rare. A more common explanation is that you lost your funds due to something you did but were unaware of. In this DeFi space, there is no shortage of ways in which you could lose your money.
Therefore, it is important to know what these scams are and how you can avoid scammers from getting anywhere near your wallet. Let’s take a look at some of the most common ways that scammers can access your MetaMask wallet funds and how you can prevent it. Note that these tips can also apply to other popular non-custodial wallets, like Trust Wallet.
You Downloaded a Fake Version of MetaMask
While this is not common, it has happened. What scammers do is they create a scam version of MetaMask, complete with a fake website that looks similar to the original. They will then use Google Ads to show the bogus site at the top of the Google search results. You unknowingly download and install the fake MetaMask-and BOOM-the hackers now have access to your private keys and your funds. So, always make sure you are downloading MetaMask from their official website.
You Have Malware and Keyloggers on Your PC
It goes without saying that if you are investing in crypto your computer needs to be well protected from viruses, malware, and keyloggers. These nasty software applications can help hackers gain access to your computer. Keyloggers, in particular, can record your keystrokes, including your password. Even if the scammer does not use a keylogger to get your password, they can access encrypted private keys from your computer and use brute force methods to guess your password.
Therefore, always make sure that you are using a strong password that is easy for you to remember, but difficult for others to guess. You can use this tool to gauge how strong your password is.
Also, be sure that your computer has an antivirus application installed and that is always up to date. AVG antivirus is a powerful free antivirus that you can use if you don’t already have one installed. However, I do recommend getting the paid version for maximum security.
You Connected Your Wallet to a Scam Application
One of the most common ways that people lose their funds in MetaMask without even knowing what they did wrong is by connecting to scam applications. As you know, for MetaMask to interact with any decentralized exchange or application, you must first give that application permission to connect to your wallet. In the case of decentralized exchanges, like PancakeSwap, you must give the application permission to “spend” your tokens. So, as you can imagine, if you connect to an application that is not legit, you are essentially giving that application permission to steal your funds.
But how do scammers get you to connect to bogus apps? You should be able to spot these scams easily, right? Well, this is where phishing and a bit of social engineering come in.
The Fake Helpdesk and Support
One of the most prevalent types of manipulation scammers like to use is pretending to be “support” for a particular crypto project. These types of scammers love to lurk on Twitter and Telegram, just waiting to pounce on unsuspecting investors. They will often change their profile picture and name to look like one of the project’s developers to try to fool you into believing that they are part of the team. As soon as they see you asking for help, they will DM or call you offering “assistance”. However, it turns out that this assistance is just a ploy to get you to connect your MetaMask to some fake website or application developed by the scammer. Once you connect, it’s game over, the scammer now has access to your wallet and your funds.
The Fake Giveaway or Promotion
Another tactic scammers like to use is tricking you into claiming a fake airdrop, promotion, or giveaway.
Always remember, NEVER respond to any DMs from anyone claiming to be support. NO legitimate project developer or team member will DM you first. If you ever get a DM from anyone claiming to be part of the team, just delete it and move on. Seriously!
These scammers can also be found on Twitter. A common tactic is to use bots that automatically respond to persons mentioning the word “MetaMask”, “help”, or “support.” Unsuspecting persons mistake these bots for actual help and proceed to follow the scammer’s instructions.
If you ever want real support, NEVER respond to any messages you receive on Twitter, Telegram, Facebook, etc. If you do need help, go to MetaMask’s official helpdesk.
You Were the Victim of a Dust Attack
The final reason your MetaMask wallet might have been hacked is due to a dusting attack. Have you ever been on Etherscan or BscScan and noticed random tokens in your wallet? Tokens that you’ve never heard of or can’t remember buying. Well, if you do see them, don’t touch them! These small token amounts, known as dust, are not in themselves harmful…unless you try to transact with them.
Dusting attacks occur when a scammer sends you a small number of worthless or fake tokens in an attempt to figure out your personal information. The scammer hopes you interact with the token (either by trying to sell or transfer them), allowing them to track your wallet activity and unmask your identity.
Dusting attacks can be devastating since you not only stand to lose the tokens in your wallet, but you can also become a victim of identity theft. So again, if you do not recognize any token in your wallet, leave it alone.
So, as you can see, scammers are getting more sophisticated every day. While you may try to keep your seed phrase and password a secret, your wallet can be accessed in several other ways. To summarize, use antivirus software, do not respond to DMs, and do not connect to any websites or applications you do not recognize. Happy trading!
