DeFi Fraud: How to Protect Yourself

Hacking Smart Contracts: Hackers find vulnerabilities in smart contracts, hack code, and take out liquidity from pools. Such attacks are not uncommon and DEX also faced similar problems.

Rug pull: The scheme is quite popular and simple: fraudsters issue a coin and actively promote it. They make a lot of promises to investors that the coin will "skyrocket" and soon appear on large decentralized exchanges. However, after users invest in the project, the organizers disappear along with the victims' money.

Flash loans: An instant, unsecured large-value transaction between a borrower and a lender. In this case, fraudsters make a profit through arbitrage transactions.

Affair: Attackers create fake projects. Most often, scammers actively promote promising and profitable concepts, invest in advertising campaigns and also influence public opinion in every possible way. All this is done in order to convince the user to invest in a fake.

Personal deception: A scammer builds a personal and trusting relationship with the victim over time. Subsequently, when the user is "on the hook", he is advising him to invest in the "right" project. Usually, the fraudster carefully studies the victim, collects data about him, pretending to be an employee of a well-known company.

Phishing: The victim is sent fake links to fake websites where he submits his personal data. Fraudsters often request private keys that cannot be disclosed, and get the necessary information about the user. Clicking on an unverified link can result in an automatic download of malicious script or software.

Social network fraud: There is a buzz created on social media to raise funds. An excellent example is when fraudsters hacked accounts of Joe Biden, Bill Gates, Kim Kardashian and other opinion leaders on Twitter. The attackers managed to get more than $100,000 from the users. When people sent money to page owners, they were actually transferring it to scammers' blockchain addresses. 

One of the main problems of DeFi fraud is the lack of a regulation that could protect the interests of victims. There is no "police" in DeFi. Very often it is not even possible to identify the founder or project’s development team. But if the victim manages to figure out who stole her assets, so anyway there is no legal basis to punish crypto-fraudsters.

Always check the project carefully. Study the data yourself. You should check the technical documentation, evaluate the design and profitability of the project. The project should be simple, have a working model, and not make promises of "get-rich-quick". 

It is worth checking the smart contract code. Since smart contracts can be updated, developers can change them at any time using admin keys. Although hackers can exploit other vulnerabilities in a smart contract. You should remember that it’s much more difficult to steal money when the ways are closed for them. 

You should never reveal your private security keys to anyone. It is better not to do this even if this is a trusted person or friend, especially via correspondence or on the phone. Attackers can monitor users' social networks. 

You should find info or social media accounts of the project creators, check their activity and profile pictures. There have been cases when scammers used fake videos with real directors of large companies. It is better not to invest in the project,  if you notice anything suspicious or strange.

 Yes, there are absolutely legitimate and high-quality projects whose creators prefer to remain in the shadows, but an extra check never hurts. 

You should check the token distribution plan (tokenomics). There is no need to invest in all new tokens, especially if projects make a lot of Airdrops. 

You should check every offer. You need to learn how the crypto market and blockchain work and do not believe the promises of instant earnings or bright headlines on social networks. Follow the news about exchanges, monitor new coins and projects. Also you need to carefully check any links before you click on them in order to protect yourself against phishing. 

You should communicate only on official social networks. Check the name of the group and if it differs, do not join it and don’t communicate with its members. Fraudsters often contact victims pretending to be a project bot or a member of the development team. That’s how they lure out money or private keys.