NFT email scam breakdown, concierge service for your web3 questions and more!

June 7, 2022 min read
NFT email scam breakdown, concierge service for your web3 questions and more!

gm đź‘‹

Thank you for being a part of the Cypherock family. Come rain, hail or storm, we are heads-down building the best possible product to keep your digital assets safe!

Over the next 8-10 minutes, we will be talking about hacks that caught our eye, DApps that we found interesting and our picks from Twitter and Reddit that we enjoyed.

If you loved the newsletter, message us! If you hated the newsletter, message us! We’re always looking for fresh perspective on things to cover and feedback to make your experience better!

Have an awesome week ahead!

Team Cypherock

Security Digest

Have you heard of Goblintown? We hadn't either, but here's a scam someone is trying to pull off with the NFT

Goblintown NFTs

You have ETH in your software wallet. You heard about the recent NFT project that turned your friend into a millionaire overnight. You are unsure whether you feel worse about not investing in the project, or the fact that your friend is a millionaire. Suddenly, you receive an email from OpenSea that you have been allowed to mint the NFT that turned your friend into a millionaire. You’re ecstatic! You do absolutely no research and click the link that takes you to a very legitimate website. You connect your wallet and part ways with 0.1-0.3 ETH only to realize no NFT exists. This is a quite a common story. Let’s break down a scam that one of Cypherock’s team members received in their email.

Most email clients mark malicious emails as spam. However, every now and then a malicious email finds its way into your inbox. This is an example of a scammer email that looks like an email that OpenSea email.

Spam email sent with fake mint website

The first thing that should throw you off is the person that is sending you the email. guys@mg.coinalogy.com is most likely not someone that would be working at OpenSea, but in the case you are a trusting individual and move forward, please remember, no company will give you two buttons that would have you unsubscribe from their mailing list. Mailing lists are one of the greatest assets that any company would have. Now, let’s assume that you have no regard for human life, and start clicking around.

The scammer actually went through the trouble of linking accurate social media profiles for OpenSea as well as the actual Goblin Towns profile on OpenSea. This is an interesting choice since the scammer probably knows the importance of social media profiles in doing diligence for NFT projects. The scammer even added link tracking mechanisms to each of the buttons - either to mask the website, or to gauge the success rates of his CTA, or both.

Now, let’s assume you clicked the link to mint. You will be greeted with a really good looking website. Here is the scam website, and the real website. We will let you decide which website is the real one.

Real Goblintown NFT website
Fake Goblintown NFT website

The real one is on the left. The fun begins when you click on the button to mint the NFT. When you click the button, your Metamask wallet fires up and you are immediately shown the transaction details showing you your gas fees, and the total amount of the transaction ~$533. Now, if you have taken all the steps to land on the website and go through the transaction flow, you will surely not be looking at the wallet address. So, we did it for you.

Scammer's Ethereum address

On a side note, feel free to give this wallet address a loving nickname. We have chosen “thief mfckr”. If you compare this wallet address on the Ethereum blockchain explorer in comparison to the actual Goblintown address, you will notice that the explorer has various tags that identify the Goblintown address whereas the scam address has none.

We broke this scam down for you so you never have to worry about scams like this in the future.

So, here are some best practices for you to keep yourself safe from an email hack.

  • NEVER reply to an email from an exchange, or NFT marketplace. Log into your account and check if you have received any notifications. For NFTs whose whitelists you have received, there are usually ways to check this through the Discord channel.
  • In case you think an email or proposal could be legitimate, use a wallet that does not have any funds, and ideally a wallet that is not created from the same seed phrase that you originally generated your usable wallet from.
  • Always remind yourself that with cutting edge technology, there will always be individuals that try to exploit information asymmetry. Educate yourself continuously.

DApp News

A concierge service for your web3 questions

Screenshot of Crypto Concierge - a platform to have your web3 questions answered by experts

Creator Karthik Senthil has a vision to create a “help to earn” community called GMneedhelp. The big idea here is to create a community of web3 curious folks and pair them with crypto OGs. The OGs get to earn for answering questions in the form of $HELP tokens and the web3 curious folks, well, get to quench their thirst for knowledge. The Crypto Concierge is one of the products on the GMneedhelp roadmap, with the $HELP token and DAO launch slated in for future releases. We support any initiative that is helping enable individuals to learn more about web3 and get further involved.

Twitter Tales

Bear markets can be a great time to look through your portfolio and re-evaluate your positions. Here is a thread that we really loved by The DeFi Edge đź—ˇ</>a regarding frameworks to think about which tokens to invest in.

Check out the thread here.

Reddit Reads

This week’s Reddit Read comes from none other than r/cryptocurrency. u/Supercharmeleon about reading anti-crypto pieces. Our $0.02, we agree. Discourse is extremely important to pressure test ideas, and grow the ecosystem. Check out what Reddit is talking about, and join in the discussion.

You should regularly read anti-crypto pieces and arguments, even if you completely disagree with them from r/CryptoCurrency

Is Your Crypto Safe?

Is your crypto safe

Will your crypto get hacked? Are you going to lose your crypto? Cypherock has come up with a detailed quiz that will help you understand the pros and cons of your security model. Upon completion, you will get a detailed analysis mailed to you. Take the quiz now!

Here’s some alpha 🚀

Security is our utmost concern. We want to keep your crypto safe and give you the best possible experience interacting with the web3 ecosystem. Because we like you, we want you to make money too!

Cypherock recently launched an affiliate program. You receive a unique code by either signing up on our website, or by purchasing a Cypherock X1. Through your code, your referrals receive 25% off on their purchase and you make $50 per sale!

Sign up to become a Cypherock Affiliate!

Have questions regarding out product, or the affiliate program? Our Growth Lead loves chatting with people, hit him up here.