🚩𝐒𝐎𝐂𝐈𝐀𝐋 𝐄𝐍𝐆𝐈𝐍𝐄𝐄𝐑𝐈𝐍𝐆 𝐈𝐍 𝐏𝐑𝐀𝐂𝐓𝐈𝐂𝐄🚩
🧵Meet Samuel, a verified holder of a MAYC that just joined the
@BoredApeYC
discord. Check out the thread below on how Samuel Social Engineered his way to potentially draining over $100K worth of MAYC & BAYC ⤵️
🚩𝐓𝐑𝐀𝐈𝐓 𝐒𝐍𝐈𝐏𝐄𝐑 𝐓𝐎𝐊𝐄𝐍 𝐑𝐄𝐃 𝐅𝐋𝐀𝐆𝐒 🚩
🧵I'm sure by now you have been seeing all over your timeline the "Trait Sniper" token tweets but did you know Trait Sniper went out of business in 2022?..
I want to share some of the red flags I've found so far... ⤵️
Want to win a
@wallstbullsNFT
#7356
? Follow the rules below and come here us chat about WenMint and some alpha!!
1. Follow
@ATSNFT
&
@wenmint_nft
2. Retweet & tag some friends!
3. Be in the spaces below!!
To celebrate creating a new twitter specifically for NFT’s, I am doing a
@PartyPenguinNFT
giveaway!!! 🎉
To win the Party Penguin below do the following:
🔹 Follow
@nft_dreww
🔹Like + RT + Tag 2 friends
Winner will be announced in 72 hours!!!
#PolarParty
#NFT
#NFTGiveaway
To celebrate Halloween being only a couple days away, I am doing a spooky
@PartyPenguinNFT
giveaway!!! 🎉
To win the Party Penguin below do the following:
🔹Follow
@nft_dreww
🔹Like + RT + Tag 2 friends
Winner will be announced in 72 hours!!!
#PolarParty
#NFT
#NFTGiveaway
I got scammed just joining a discord....
Have you ever gotten sent a discord invite, or clicked on a "trusted" discord vanity url link but it redirected you to a discord where you had to "verify" with
@Collab_Land_
to join?
This is a newer tactic bad actors are using that…
9/ The example I love to show is this white hat hacker shows how she was able to use Social Engineering in less then 2 min. to gain access to a cell phone account, often used for sim swapping
Soft Locking, wtf is that?
@wallet_guard
has just released a new game-changing feature called "soft locking". This feature allows you to "lock" your NFTs to your wallet preventing you from being scammed by gas or gasless signatures and taking these assets (which many wallet…
7/ This just goes to show everyone the length these scammers will go through to social engineer and scam anyone for financial gain. You must always use your best judgment and perform your due diligence no matter who the tool or link comes from. So how do I prevent this?
8/ Use tools like
@wallet_guard
, double check in trusted circles for others opinions, and never blindly install anything. If something doesn't seem right, it usually isn't right. Social Engineer is programmed to gain your trust or manipulate a situation perfectly..
10/ I hope you found this helpful, and a use case example of social engineering that happens everyday in Web3. The same tactics are used over and over with a new logo, new PFP, and new brand.
Stay Safe & Stay Smart. Special thanks to
@wallet_guard
and all of my security budz!
6/ I proceeded to spend 30+ min. with this Samuel who finally gave up because I couldn't get "my screenshare working". After confirming with my security friends
@0xQuit
@OxSaiyanGod
&
@1c4m3by
we indeed confirm that this is a drainer scam which we knew from the start :)
🛡️ 𝐍𝐞𝐰 𝐘𝐞𝐚𝐫, 𝐍𝐞𝐰 𝐒𝐜𝐚𝐦 🛡️
If you are trading tokens on Solana, you NEED to install
@wallet_guard
extension. They just added the ability to detect SOL wallet drainer kits meaning they will proactively stop you from going to scam Solana domains and getting your Solana…
🎮𝐒𝐎𝐂𝐈𝐀𝐋 𝐄𝐍𝐆𝐈𝐍𝐄𝐄𝐑𝐈𝐍𝐆 𝐏𝟐𝐄 𝐒𝐂𝐀𝐌 𝐉𝐎𝐁𝐒🎮
🧵Looking for a job? Want to earn $$$ in a P2E game? CryptoJobs is a common resource for Web3 jobs BUT also an attack vector for scams..
The below job posting is an elaborate scam but how can you tell? Lets see⤵️
4/ Once I installed the extension, it immediately redirected to blur and asked to connect my wallet.
From here I was able to act like I didn't know what I was doing and for him to walk me through this on the call. The below is the audio recording from call
#1
🛡️ 𝐖𝐚𝐥𝐥𝐞𝐭 𝐆𝐮𝐚𝐫𝐝 𝐀𝐦𝐛𝐚𝐬𝐬𝐚𝐝𝐨𝐫 🛡️
I am excited to announce that I am officially a brand ambassador for
@wallet_guard
!!
Wallet Guard is a free tool that anyone can use for proactive protection against security threats in web3 and it takes less then 1 min. to…
I am excited to announce that I have become a Contributor for
@BoringSecDAO
to help spread best security practices and prevent the scammers from getting your assets and $$$$!
What is Boring Security?
Boring Security is a non-profit ApeDAO funded organization that provides FREE…
I hate to see these hacks continue to happen and drain 100s of ETH, but it takes 5 minutes to take appropriate safety precautions and this has to be a requirement in the space:
- Install
@PocketUniverseZ
,
@wallet_guard
, &
@RevokeCash
plugins
- Use Yubikey or Google Titan as…
𝐓𝐢𝐫𝐞𝐝 𝐨𝐟 𝐛𝐞𝐢𝐧𝐠 𝐬𝐩𝐚𝐦 𝐭𝐚𝐠𝐠𝐞𝐝?
🧵The bots lately have been out of control... There's one thing you can do to avoid getting 20+ notifications a day from scam bot affiliate accounts⤵️⤵️
- It cost less then ~$200 for a ledger
- It takes less then ~45 min. To set it up properly
- It takes a couple articles to read and familiarize yourself with Web3 security best practices
- It take less then ~5 min. To cross reference links
Realize this before it’s too late
⛔ 𝐂𝐚𝐥𝐞𝐧𝐝𝐥𝐲 𝐒𝐨𝐜𝐢𝐚𝐥 𝐄𝐧𝐠𝐢𝐧𝐞𝐞𝐫𝐢𝐧𝐠 𝐒𝐜𝐚𝐦 ⛔
Have you been contacted by a 'Forbes Employee' or someone who wants to interview you for an article, partnership, or job? Are they asking you to connect your wallet or twitter account to Calendly? If so, DON'T…
3/ Samuel would only share the link once I got on a call, but once he was on, he immediately asked me to share my screen to assist. The link he shared sent me to this "Blur Sniping Bot", which immediately had many red flags 🚩
⚠️ 𝐒𝐂𝐀𝐌 𝐊𝐔𝐂𝐎𝐈𝐍 𝐓𝐄𝐗𝐓𝐒 ⚠️
Please be aware that if you use
@kucoincom
that there are malicious actors taking advantage of the SMS services used impersonating KuCoin texting you and leading you to phishing/drainer websites...
In the first text message this is a legit…
5/ At this point, I was telling him I was new, never used Blur, and really needed to understand signatures and information on how to use this "amazing sniping bot", so we hopped on a second call where I tried to get as much info as possible, grab your popcorn 🍿
1/ Once Samuel started chatting he immediately begins to tell us about how he got his mutant overnight via a sniping tool for a 4 ETH discounted snipe. He was kind enough to share the link only in DMs
1/ I want to preface this thread by saying these are the red flags I have discovered and want to share my due diligence for you to take into consideration as this is not financial advice and should not be interpreted any which way to make anyone do a single action
𝐒𝐞𝐞𝐝 𝐏𝐡𝐫𝐚𝐬𝐞 𝐯𝐬 𝐏𝐫𝐢𝐯𝐚𝐭𝐞 𝐊𝐞𝐲𝐬 ❔
This is a common misconception I see in the Web3 space, especially when it comes to ledgers and important ledgers into MetaMask... If you do this wrong then your cold wallet becomes a hot wallet and loses its security edge,…
Extremely excited to announce that I have been approved for 𝐌𝐚𝐝𝐞 𝐁𝐲 𝐀𝐩𝐞𝐬 𝐋𝐢𝐜𝐞𝐧𝐬𝐞 #𝟎𝟎𝟐𝟏𝟑 for my Security Services!!!
These security service offerings are:
- Discord Security Audits
- Creating new Secure Discords
- Security Training
and more to come!!…
2/ He was king enough to offer instructions and the link to anyone interested in the DMs with instructions, and even offered to hop on a call to help with the setup of this amazing bot sniping extension
Had a new record for a smart contract
@wenmint_nft
created, 3 NFTs minted for a total of $.70 gas cost on ETH. Need a gas-optimized secure smart contract that can accept crypto and fiat? Then hit me up!!
🧠𝐃𝐫𝐞𝐰𝐬 𝐖𝐞𝐞𝐤𝐥𝐲 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐓𝐢𝐩 #𝟒🧠
I am posting weekly security tips everyone can use to help stay safe!!!
This weeks Security Tip is to explain and understand wallet delegation via
@delegatedotxyz
and how to keep your cold wallet a true cold wallet while…
⛔𝐇𝐔𝐍𝐃𝐑𝐄𝐃𝐒 𝐎𝐅 𝐓𝐇𝐎𝐔𝐒𝐀𝐍𝐃𝐒 𝐎𝐅 𝐃𝐎𝐋𝐋𝐀𝐑𝐒 𝐃𝐑𝐀𝐈𝐍𝐄𝐃 𝐕𝐈𝐀 𝐓𝐖𝐈𝐓𝐓𝐄𝐑/𝐗 𝐒𝐂𝐀𝐌 𝐀𝐃𝐒⛔
🧵I'm sure everyone has seen a Scam AD on your timeline.. In this thread I will go over scam ads and how you can alter your settings to stop these..
⤵️⤵️
⚠️ I got scammed, what do I do? ⚠️
This is a question I often get in frantic, after someone sadly has fallen for a scam, they immediately don't know what next steps are.
Typically the next steps depends on how you got scammed which are usually the below 3 ways:
- Gas Paid…
2/ I first want to start off by saying that in October of 2022, Trait Sniper went out of business due to a faulty founder and mismanaged funds, a full explanation can be found by this youtuber reporting on it and referencing tweets from previous founder
⚠️ 𝐏𝐋𝐄𝐀𝐒𝐄 𝐃𝐎 𝐍𝐎𝐓 𝐅𝐀𝐋𝐋 𝐅𝐎𝐑 𝐓𝐇𝐄 𝐅𝐀𝐊𝐄 𝐋𝐄𝐃𝐆𝐄𝐑 𝐑𝐄𝐅𝐔𝐍𝐃 𝐒𝐂𝐀𝐌𝐒!!! ⚠️
No one will be reaching out in your DMs, Tweeting, or asking you to fill out any form for a "refund" of the compromise ongoing...
Scammers are fully taking advantage of this…
14/ Based on all the red flags I believe this is one of the best social engineering scams I've seen lately manipulating the use of social engagement like Blur used to claim the token. Please DYOR and due diligence and don't just do something because you saw it on timeline
Something to add here is that if you go to the contract, download all transactions you can see they have already "given out" more tokens then their apperent tokenmics allocation:
Tokenomics allocation is 1 trillion and given out is more...
⚠️ 𝐒𝐎𝐋 𝐃𝐫𝐚𝐢𝐧𝐞𝐫𝐬 ⚠️
Scammers are still hitting large with draining SOL wallets.... It is so important to be aware of the below three tips to stay safe ⤵️⤵️⤵️
-𝐒𝐎𝐋 𝐖𝐚𝐥𝐥𝐞𝐭 𝐒𝐢𝐦𝐮𝐥𝐚𝐭𝐢𝐨𝐧-
Most SOL wallets , like
@phantom
, have embedded wallet…
⚠️ I just got scammed by a fake article... ⚠️
It started with a 'representative' from 'OurNetwork' opening up a ticket in a discord & asking if I could chat in the DMs about getting an article written about my work. I was ecstatic but this is where everything went wrong...…
⚠️SCAM DMS⚠️
I have seen a large amount of people receive DMs from the below accounts and sadly are falling for their tricks. You should always treat all DMs as scams, as the two prominent ones are below:
- Interview requests
- OTC Deal
🧵⤵️
11/ Since this token is not live yet I can't simulate it, but you didn't have to sign anything malicious expect to pay gas to claim the token from the contract, however my gut feeling is when you go to "approve" the selling of this token its going to be a drainer...
3/ We can see in the post the twitter referenced at that time is the official twitter
@trait_sniper
which no longer exist & this is the twitter that is still linked to the official Trait Sniper Lifetime Pass on OpenSea and in their SubStack which hasn't posted anything in a while
@TraitSnipergame
@opensea
Hello
@TraitSnipergame
thank you for your response as cleaning up old scam links and updating information should have been done long ago, there were many comments in this thread by individuals who have gotten drained as of this week do to the lack of cleaning up across the board.…
⚠️ 𝐈 𝐣𝐮𝐬𝐭 𝐠𝐨𝐭 𝐚𝐢𝐫𝐝𝐫𝐨𝐩𝐩𝐞𝐝 𝐚𝐧 𝐍𝐅𝐓 𝐰𝐢𝐭𝐡 𝐚 𝐡𝐢𝐠𝐡 𝐖𝐄𝐓𝐇 𝐨𝐟𝐟𝐞𝐫 𝐛𝐮𝐭 𝐢𝐭 𝐜𝐚𝐧 𝐝𝐫𝐚𝐢𝐧 𝐦𝐲 𝐰𝐚𝐥𝐥𝐞𝐭? ⚠️
We have all received NFTs we aren't sure of but how do they pose a risk to us? Lets deep dive into the scam tactics used & see ⤵️⤵️
6/ When you join the new discord, its actually a scam verify drainer, this is sadly a common way to drain people from every attack vector, discord, twitter, and website.
⛔️P2E FAKE SCAM⛔️
🧵
Everyone, please be aware there is a large group going around sending DM's asking individuals to "test a P2E game" and scamming many folks!!
Let's take a look at this very good social engineering scam and how you can spot the red flags and avoid it ⤵
Effective immediately, I will be stepping down as Co-Founder of WenMint and all subsidiaries for personal reasons. I will not be leaving Web3 whatsoever, and will be looking forward to new opportunities!
Happy to announce that I am now a
@Server_Forge
Approved Discord Auditor and a
@goodknightbot
Affiliated Discord Auditor 🎉
𝐖𝐓𝐅 𝐭𝐡𝐚𝐭 𝐝𝐨𝐞𝐬 𝐭𝐡𝐚𝐭 𝐦𝐞𝐚𝐧?
Server Forge is a community founded by
@Plumferno
in which there is a collective group of security enthusiast…
I am delighted to announce the official launch of my website, now live at !!
This signifies a pivotal step in broadening my service offerings including secure Discord creation, comprehensive security audits, and team training !!
Stay Safe & Stay Vigilant
🚩𝐒𝐜𝐚𝐦 𝐒𝐩𝐫𝐨𝐭𝐨 𝐃𝐢𝐬𝐜𝐨𝐫𝐝 🚩
Everyone please be aware of a scam sproto discord message that leads to a wallet drainer.. I have seen a scammer message in 5+ discords today saying they are “looking for mods” when it leads to a discord verification drainer!!!
Proper…
🚩I just got scammed joining a discord...🚩
Commonly projects use vanity links for discord to get people to join their own discord server, so how can you get scammed by simply joining the server??
🧵Lets find out ⤵️
🚩I just got scammed joining a discord...🚩
Commonly projects use vanity links for discord to get people to join their own discord server, so how can you get scammed by simply joining the server??
🧵Lets find out ⤵️
@TraitSnipergame
@opensea
@TraitSnipergame
can you also comment on the current tokenomics of this drop? As the current claimed far surpasses your original tokenomics of 1 trillion. How much will be in circulating supply and how much in liquidity will be put up? Where/How was the liquidity raised? Thanks…
9/ This tweet must stay there for at least 90 seconds and then you get your tokens! Wow a free guaranteed $1,000 based on my social influence. Giving me .1% of the supply, but if you look at tokenmics that doesn't add up with their math and yes thats the full tokenmics page...
Have you ever been saved by a Web3 Cybersecurity investigator, sleuth, educator, etc. Like
@zachxbt
?
Many of us do this for free and help stop people from getting scammed or recover assets but most don't know donations are kindly appreciated and accepted to help us pay for…
Seeing a ton of questions I’d like to answer:
- If your playing the game and still proceeding do it on a “burner wallet” which means using a wallet holding literally nothing
- YOU should still DYOR/DD on your own for everything
- If you claimed and are worried, then use…
Congratulations
@hedera
on surpassing 4 Billion transactions, $HBAR staking with
@HashPackApp
, and Dell joining the governing council; Things are looking extremely good 🚀
⚠️ 𝐏𝐋𝐄𝐀𝐒𝐄 𝐃𝐎 𝐍𝐎𝐓 𝐅𝐀𝐋𝐋 𝐅𝐎𝐑 𝐓𝐇𝐄 𝐅𝐀𝐊𝐄 𝐋𝐄𝐃𝐆𝐄𝐑 𝐑𝐄𝐅𝐔𝐍𝐃 𝐒𝐂𝐀𝐌𝐒!!! ⚠️
No one will be reaching out in your DMs, Tweeting, or asking you to fill out any form for a "refund" of the compromise ongoing...
Scammers are fully taking advantage of this…
𝐇𝐨𝐥𝐝 𝐮𝐩, 𝐈 𝐒𝐡𝐨𝐮𝐥𝐝𝐧'𝐭 𝐈𝐦𝐦𝐞𝐝𝐢𝐚𝐭𝐥𝐲 𝐓𝐫𝐮𝐬𝐭 𝐚 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐓𝐨𝐨𝐥?....
🧵Just because something is a "Security Tool" doesn't mean it should be trusted... Malicious actors are finding new & clever ways to scam you...
Let's dive in to see how ⤵️⤵️
⚠️𝐓𝐫𝐚𝐝𝐢𝐧𝐠 𝐦𝐞𝐦𝐞𝐜𝐨𝐢𝐧𝐬?⚠️
🧵Given the recent events, I want to share some tools and checks I go through when degening and trading memecoins to prevent honeypots and scams⤵️⤵️
😲Crucial Safety Tip about Google Authenticator😲
Did you know that if you are using Google Authenticator app as a 2FA, your app could be syncing to the cloud and posing a security risk?
The risk?
Google Authenticator doesn’t use end-to-end encryption for codes uploaded to…
⚠️𝐒𝐜𝐚𝐦 𝐃𝐌𝐬⚠️
Over of the past 7 days I have received a total of 36 DMs on X. Of the 36 DMs, 31 of them were scam DMs...
Meaning an 86% rate of my DMs are scams, hackers social engineering, drainer links, fake P2E games installing malware, fake interview request, fake…
‼ A NEW SCAM GOING AROUND ‼
Have you been contacted about an interview and were told that you need to connect your wallet or sign a contract to get paid? Think twice!
I took a deep dive into this new scam going around and gave some tips to detect it!!
⚠️𝐅𝐑𝐎𝐍𝐓𝐄𝐍𝐃 𝐇𝐀𝐂𝐊 ⚠️
Seeing some reports of
@zapper_fi
,
@RevokeCash
, and confirming a few more's front-end website being hacked. PLEASE USE WITH CAUTION WITH ANY DAPPS RIGHT NOW!!!
5/ Now if we take a look at the original trait sniper discord its /trait-sniper (also shown on OpenSea and Substack) but when you join the verification doesn't work and it says "hey we have a new discord /traits, join here to verify"
⚠ BIG SCAM ALERT ⚠
🧵
1/ Everyone please be aware that the fake "Friday Beer" discord seems to be compromising many accounts that go through their verification system, lets take a look at how this is done ⤵
⛔️FAKE UPDATE SCAM⛔️
Everyone please be aware of this tweet circulating around, it is very convincing and mimics the website perfectly BUT notice the “t” in the MetaMask URL it’s a scam link with scam instructions, stay vigilant and always double check!!!
7/ Now onto this token. Traitsniper website has to of been compromised because the connect wallet in the top right allows you to connects but prompts you to switch to BNB network, odd right?
⚠️ 𝐅𝐚𝐤𝐞 𝐖𝐚𝐥𝐥𝐞𝐭 𝐃𝐫𝐚𝐢𝐧𝐢𝐧𝐠 𝐃𝐢𝐬𝐜𝐨𝐫𝐝 𝐁𝐨𝐭𝐬...... ⚠️
There has been a huge increase lately in copy scam discords taking over real projects discord vanity URLs and tricking you into using fake discord bots and getting all your information and/or draining…
10/ Now once you do all this you can import the "unknown token" as it shows up on BNB, when we look at the contract, shocker its an unverified contract. Now besides the discord, where's the draining scam?
⚠️Fake Apps on App Store Causing Wallets to get Drained... ⚠️
It is extremely important to be aware of the app you are downloading from the app store. It seems scammers are somehow able to get impersonating wallet apps onto the apple store available for download.....
For this…
So today I was drained by a fake wallet on
@Apple
appstore. It was a wallet that resembled
@Rabby_io
and imported my seed in there. after that, the person behind the scam managed to removed most of my assets
So be careful with wallets even on app store (I thought a wallet was a…
NFT NYC 🗽
Thank you!!! It was so awesome meeting so many great people in the space, speaking about security, and seeing my
@BoredApeYC
IP everywhere!
Until the next conference, stay safe 🫡
There are only 7 days left on
#GG19
, the grant round for Web3 Education and Community for
@gitcoin
!!!!
I am so thankful for the 18 contributors who have donated to support myself and the countless other contributors to everyone in the Web3 Security Space!! Every donation makes…