The founder of DefiLlama has warned of a new type of crypto scam seeking to redirect potential victims to fraudulent websites. What is it and what are our tips for protecting yourself from this danger?
Founder of DefiLlama warns of new crypto scam
Founder of DefiLlama warns of new crypto scam
When it comes to stealing money, hackers of all stripes are getting more inventive as their various strategies come to light. On Wednesday, the founder of DefiLlama warned of a new scam, the aim of which is to get users to connect their crypto wallets to a fraudulent website:
A common scam involves using Google Ads to make a phishing attempt appear in first position for a specific keyword.
Until now, this could be spotted with a little care, given a different URL from the original: “metemask.io” instead of “metamask.io”, for example. But where this new scam is far more insidious is that this time it uses a good URL referring to a valid website, in order to redirect to a scam.
In the comments on the 0xngmi thread, for example, one user warns of a fake DefiLlama site, which invites users to connect a crypto wallet:
yeah exactly, its a scam
– 0xngmi (@0xngmi) August 23, 2023
The goal of hackers will often be to get their victims to sign a transaction that will allow them to empty their wallets.
How to protect yourself from these scams
Firstly, an ad blocker can be used to filter out these fraudulent ads when using search engines. Once on the aforementioned site, it will then be a matter of checking that the URL corresponds to the one expected.
For cryptocurrencies specifically, the use of a hardware wallet is highly recommended, to limit the risk of hacking, for example in the event of your machine being infected by a virus likely to steal your private keys.
Next, it is important to check the legitimacy of the smart contracts with which you are interacting. This can be done when signing a transaction, in the ‘Data’ tab of the MetaMask interface. In the example above, the transaction uses two smart contracts, belonging in this case to the Aave lending and borrowing protocol:
Figure 1 – Smart contracts to deposit ETH on Aave
Next, you can copy and paste these smart contracts into a blockchain explorer to check their legitimacy. Here, we need to go to Etherescan, given that our example takes place on Ethereum (ETH):
Figure 2 – Verification of a smart contract on Etherscan
In the screenshot above, the various boxes show that we are indeed dealing with a verified smart contract from the Aave protocol. To cross-check the information, you can also use the scanner on the De.Fi analysis site to complete your research if you have any doubts.
Of course, it’s impossible to be 100% sure that a transaction won’t result in a loss of funds, but these few precautions combined with vigilance can already be a particularly effective filter for avoiding scams.
