Module 4
Avoid Web3 Scams
Web3 transactions are typically irreversible, so prevention matters more than recovery. This lesson gives you a practical security operating model for daily use.
Learning Objectives
You will recognize common attack patterns, apply verification routines before signing transactions, and follow an incident response checklist if compromise occurs.
Top Scam Patterns
- Phishing: fake websites, fake support accounts, fake wallet update prompts
- Approval traps: malicious contracts requesting dangerous token permissions
- Airdrop bait: tokens or links that trigger harmful contract interactions
- Impersonation: fake project team members in chat or social platforms
- Rug pull and exit scam: teams abandon project after extracting liquidity
Red Flags Before You Click
- Urgent language pushing immediate action
- Domain names that look close but are not exact
- Promises of guaranteed returns or risk-free yield
- Requests for seed phrase or private key
- Unverified contract addresses copied from chat messages
Non-negotiable: legitimate teams never need your seed phrase for troubleshooting.
Daily Security Routine
- Use bookmarked official URLs only.
- Check chain, contract, and recipient before signing.
- Read wallet prompts and permission scopes line by line.
- Keep separate wallets for testing and long-term holdings.
- Review and revoke stale token approvals regularly.
If You Suspect Compromise
- Move remaining funds to a new secure wallet immediately.
- Revoke approvals from affected addresses.
- Rotate passwords for connected accounts and email.
- Document attack timeline and transaction hashes.
- Report malicious addresses and phishing domains to relevant platforms.
Response principle: speed matters. First contain risk, then investigate details.
Final Security Mindset
Treat every signature request as a security decision. If you do not understand what a transaction does, do not sign it yet.