We are hiring!
dripit is building a MusicFi ecosystem, creating direct artist to fan value channels.
Dev team positions:
> Full stack developer
> Smart contracts developer
Check out [JOBS] section on our website for more info
https://t.co/9e1SGG5NI1
We're super excited being part of @avax Codebase Cohort I, more so after seeing the quality of the selected teams 💯
A sneak peek on what we're building - and why- in the words of our founder @gfk_acid 👇
https://t.co/0yB95rQMmn
Stay tuned for more info in the coming weeks!
Solana Memecoin Presale starts now!
Send SOL to:
BL1gBdtuYRYSepKKpoy1GCNSmS1JeGSiNb7tdB2HQzor
Minimum 1 SOL
50% Presale and 50% LP
All SOL to LP and LP will burn
RT and drop address for a bonus multiplier.
Ends in 24 hours!
Over $700,000 in prizes given away during our episodes! 💰💵
Rekt Radio Ep. 59 w/ @boldleonidas
Powered by @Rollbitcom
ENTER OUR WEEKLY GIVEAWAY:
1. Like & RT
2. Follow @rektradio & @rollbitcom
3. Set your Spaces reminder
4. Reply with a question!
https://t.co/7fmhQL5gUH
First Flight#4: Boss Bridge starts TODAY, you want to take part? 🚀
Tune in LIVE on the Cyfrin YouTube channel:
- Dive into the codebase
- Step-by-step signup
- Submissions guidelines
When?
November 9th, 2023 3PM UTC
(1/2)
Operational Security: On How Not To Be a Phish
How to Spot a Scam
Scammers will pressure you or provide fake reassurance: time sensitivity, monetary gain, appearance of authority, or relief from pain. Take your time to understand the pros and cons of the offer given or action being requested.
Look for tell-tale signs of scams through URLs or usernames:
- typos masked as similar characters (https://t.co/7CzcS0vKtF vs https://t.co/TI7XXpXXqd, d0wnlore#1050 vs d0wn1ore#1050)
- similar domains or handles (https://t.co/A0YhV2fKwF vs https://t.co/Ia2ivycoQP, d0wnlore#1050 vs d0wnlore#1060)
- homograph attacks (https://t.co/zCUmVnSEI2 vs ааhttps://t.co/ya2vAs8OvU, the ‘а’ characters in the second domain are not Latin but Cyrillic and will take you to a different site, though Discord and modern browsers will make these mischaracterizations in URLs obvious)
Most apps will use only one or two domain names that closely match the brand name. As of the time of writing this piece Discord only uses three: https://t.co/A0YhV2fKwF, https://t.co/DuZbewfdnQ and https://t.co/4XJhQUw7TP. Be careful of URLs that try to appear as any of the listed.
Be your own last line of defense.
Strong passwords and 2FA will not protect your account if you introduce ways of bypassing them, such as using Discord's convenient QR code login method. This feature does not require a 2FA code and seems to be the main attack vector for Discord Nitro scams.
Store your passwords in a password manager that’s scoped to only the official website, such as https://t.co/A0YhV2fKwF. Always use that password manager’s autofill function so only the scoped website gets your credentials. Do not copy/paste credentials from there without 100% certainty (e.g. you downloaded the official Discord app from a trusted source and publisher.)
When using Discord in a browser, never paste and execute JavaScript code in your browser’s developer console. Do not screen share Discord with developer tools displayed. An exception could be where you are a Discord integration developer who knows what they are doing.
Was your account compromised?
Change your password immediately, preferably on a second device that was not used in opening the suspected bad link or downloading a potentially malicious file. Changing your Discord password signs you out on all other devices. But if your device has been compromised further, such as a keylogger being installed, then the attacker may know your new password. Hence you need to change your password on the most secure device you have.
Depending on your privileges on certain servers, alert the appropriate people so they can make announcements to their communities about possible spam messages/actions from you. Consider disabling any Discord integrations you may have access to through Server Settings, such as Webhooks, that can be further abused.
General Security Tips
See something? Say something! There are No Stupid Questions and everyone in the DAO plays a role in helping the DAO and each other remain secure.
Adopt a "Trust But Verify" mental model with your frens and DAO members. Trust that they mean well and are giving you correct information and safe links. However do your own due diligence and verify the trustworthiness of their content. See if any of the points from the Discord section raise red flags, as they may indicate that the other party’s account was compromised.
Get in the habit of keeping bookmarks of any apps and sites you use frequently, then only visit those sites using these bookmarks. Do not expect the first result on Google, DuckDuckGo, etc. to be authentic. If you are already in a community's Discord and have verified it is authentic, see if they have a trusted links channel and use those links to establish your bookmarks. Domain names are cheap and scammers are always looking for ways to get you to click their link instead of the legit one.
Consider compartmentalizing your crypto activity. Use a separate device, operating system user, browser or browser profile for such activity that you will not use for other, day-to-day tasks. Lockdown that compartment as much as possible by not installing software or extensions that are not needed and keeping them updated.
Wallet Security
Be extremely mindful of where you enter your seed phrase or private key. Your “natural default” should be to not enter it anywhere. This includes extensions such as MetaMask if you are not confident you have downloaded them from the official source and publisher, or if you feel it would be unsafe to do so (such as using a public device or one that you suspected has been compromised.)
Scrutinize token spending approvals. A common bait and switch scam is for malicious dApps to ask you to approve the spending of one token while you are lead to believe you are approving the spending of another token.
Revoke token spending approvals for any dApps or contracts you are not actively using, particularly for tokens you have a large quantity of. This can be done through blockchain explorers like Etherscan or portfolio dApps like DeBank (always verify you are using a widely trusted dApp when doing this.)
If you have been in crypto for a while you likely seen large quantities of valueless tokens appear in your wallet. Ignore them and do not interact with them. These tokens usually lead curious users to a dApp that will either trick them into approving spending of an unintended token, as mentioned before. or prompt the user to sell the token but with an abnormally large gas fee. This transaction will fail and eat up the gas fee anyway.
⚠️⚠️⚠️ PSA: Revoke your approvals to 0x99FE96b9eEA24b4E71Ac1A56F2c1886BbCA22540 on Arbitrum ASAP ⚠️⚠️⚠️
People have been getting drained. Looks like this is a HashDAO contract
By minting the Meme Collab NFT on @ourZORA you also enter into a raffle to win a Bronze Paw Print of Kabosu🐾
These were made alongside the Bronze Statue and are limited in number👀
This is your golden ticket! 3 free mints for Pixel & NFD holders✨
4 more days left, mint now👇