Two Simple Tricks To Avoid Losing 10 Billion for Being DeFi Phishing Target, and Two More Principles

In 2021, till Nov 19th, 10.5 billion loss was subject to thefts, frauds, and scams.

— CNBC

Photo by Clint Patterson on Unsplash

A few days ago, someone contacted EigenPhi and asked for our help collecting information regarding his fraud case. For the sake of clear description, let’s call him John.

John visited this website: www.ammuni.io, which seemed like a legit DeFi project. Later, the guys running the project coaxed him to authorize them to have unlimited access to John’s MetaMask wallet via the website:

[ALERT: DON’T, REPEAT, DON’T CONNECT YOUR WALLET TO THIS WEBSITE]

https://ammuni.shop/#/. Then they asked John to put into a massive amount of money in the name of staking. During the next few days, the token was gone.

After researching the scenario, while feeling sorry for John, we admit that our hands are tied. Essentially, it’s the situation that needs law enforcement intervention.

However, we still think two simple tricks can reduce the risk of being targeted by scamming gangs.

Trick 1: Open the Phishing Detection setting of MetaMask.

Here are the detailed steps.

Step1: open your MetaMask browser plugin and click your account avatar.

Step 2: Click the Settings in the opened window.

Step 3: Click “Security & Privacy” in the menu of Settings.

Step 4: Switch on the “Use Phishing Detection.”

That’s it. Now when you visit a phishing website that is unknown to you, like the one mentioned above, you will see the message like this:

Trick 2: Verify the team behind the project using a reverse image search.

Open www.ammuni.io, and it looks like everything is there. Of course, for an ordinary #degen, it’s hard to take time to read their whitepaper and financial jargon. But they put the team’s information on the webpage, which you can verify using your browser. Other browsers have similar features, plugins, or extensions.

Step 1: Scroll to the Our Team part of the page.

Step 2: Right-click the team member’s pictures and choose “Search Image with Google Lens.”

Step 3: See what we got from the new tab:

Obviously, this guy’s picture is from some stock photo website, which is enough to raise a red flag: have you met any data scientist who wants to sell his portrait as a stock photo?

Step 4: Let’s check another one. Right-click the photo of the CEO and check the results.

Free photo again.

OK, just forget about this one and move on to the next project.

In conclusion, under the current development, DeFi is the Dark Forest everyone should know. Some simple tricks like the ones in this article are easy to use to alleviate the risks of scamming and fraud.

Even if you don’t use these tricks, there are 2 principles to remember before doing any transaction:

Double-check transactions before sending.
Set smart contract spending limits.

Please feel free to leave your comments and recommendations that would be helpful in terms of risk-free activities in DeFi.

P.S.: if you want to find out more about Token Approval, which is essential for your asset’s safety, read these two links:

The Ethereum Token Approval tool is also an excellent tool to review and revoke your token approvals for any dApp.