Nikolas Sargeant
With new technology comes new risks, and with the rise of cryptocurrencies like Bitcoin and Ethereum, those with malicious intent have come up with all kinds of creative ways to separate people from their cash. As the decentralized Web3 ecosystem grows, scams have emerged as one of its major threats.
Research from the Web3 bug bounty platform Immunefi shows that more than $3.9 billion in cryptocurrency funds was lost to scammers across the ecosystem in 2022. In addition, the report identified Ethereum and BNB Chain, two of the most important platforms in Web3, as the most targeted blockchains.
On the other hand, Immunefi’s report shows that scams were less prevalent in 2022 than they were the year before, with the overall losses falling by 51% compared to the just over $8 billion that was stolen in 2021.
Claims persist that because Web3 is transparent and decentralized, built atop of public ledgers that anyone can see, it is secure by nature. However, transparency doesn’t hide the fact that humans can always be subject to manipulation, and that’s the ultimate cause of most Web3 scams. What’s more, the anonymous nature of blockchain makes it almost impossible to identify scammers, meaning that the funds they steal are rarely recovered.
Common Web3 Scams
As stated above, the majority of Web3 scams and hacks rely on manipulating users, and one of the most common ways of doing that is by winning people’s trust using fake social media accounts.
Scammers either hack the official accounts of social media influencers or set up fake ones that look like the real thing. Then, these accounts will be used to contact individual users, offering them some kind of opportunity to make money in what has become known as the “crypto giveaway” scam. For instance, one of the most popular methods is to hack the account of a crypto celeb and tell fans that if you send him or her 0.1 BTC, they’ll send double the amount back. Of course, that never actually happens, as the scammer simply pockets whatever was sent and disappears into the aether, never to be seen again.
Another popular trick is the so-called rug pull, which involves malicious individuals trying to raise funds for bogus projects. Some of these scams can look very sophisticated. For example, last year, some anonymous developers announced they were creating a “play-to-earn” Squid Game, based on the hit Netflix series, with players able to win Squid tokens by completing challenges and beating other players.
The Squid Game token’s value rose from $0.01 to over $90 at one point, only for the devs to abandon the project. The value of the SQUID token quickly collapsed, losing more than 99% of its value and leaving investors with bags of worthless tokens. It’s believed that the scammers made more than $3 million in profits.
Then there are phishing scams, such as the infamous Beeple hack. “Beeple” is a digital artist whose real name is Mike Winkelmann, and his official Twitter account was famously hacked last May. The cybercriminal who gained access to his account subsequently posted a string of links pointing to a Discord server that the hacker had previously compromised. From there, users were invited to click more links which led to a malicious server that immediately cleaned out the contents of users’ wallets if they attempted to perform verification.
“It appears our Discord URLs were hacked and now point to a fraudulent Discord. DO NOT go into that Discord and do not verify, it will drain your wallet!!” Beeple tweeted after regaining access to his Twitter account. Unfortunately, Beeple retook control of the account far too late, and more than $450,000 of the user’s funds was stolen.
No matter how big or small a project is, in the world of Web3, it is always susceptible to being hacked. The world’s most valuable NFT project, Bored Ape Yacht Club, was the target of numerous scams in 2022, and even some new projects that have only just been minted have fallen victim to scammers.
Decentralization As A Security Layer
The only good news is that most scams happen not because Web3 technology is inherently insecure. Rather, they result from users being tricked into giving up their wallet seed phrases. But Web3’s decentralized and transparent nature actually makes this new version of the web far more secure than the legacy internet, so long as users can avoid being tricked into giving up their credentials.
The concept of decentralization is quite simple, referring to the idea that no single entity controls a platform. Decentralized governance can apply to almost any application or service, and in theory, they will make it much more secure. That’s because decentralized systems have no single point of failure. Instead of a centralized server or database, information is scattered across multiple nodes. So a hacker would need to take control of the majority of those nodes to gain control. This is what makes Bitcoin so secure - because there are thousands of nodes that support its distributed ledger, a hacker would need to control 51% of them to make fraudulent transactions. Studies have shown that doing so is economically unfeasible, as the cost of doing so would be more than any reward that could be gained.
On the other hand, attacking a centralized server that controls everything is a far easier proposition for hackers, as there’s only one target that needs to be compromised in order to gain control. Decentralized networks are therefore much more robust, helping to minimize or even eliminate the damage done by data breaches.
In addition to decentralization of control, it also encompasses technologies such as decentralized identities, which enable services to operate with less personal information. The Decentralized Identity Foundation, for example, is working to implement open standards that will power an authentication system wherein users retain control of their identity data. With this, users will be able to keep their personal information secret, and only reveal details that they specifically choose to share with third-party applications and servers.
Transparency Brings Greater Accountability
One of the most interesting mechanisms for improving user trust and security is the idea of a “decentralized autonomous organization,” or DAO, which has been gaining lots of attention in Web3 circles lately. DAOs can be thought of as replacements for centralized organizations, providing the foundational requirements for organizations, such as community governance, transparency, accessibility, and security.
The idea with DAOs is that the application or service is collectively owned by its users, meaning that everyone has a stake in its well-being and is committed to ensuring it stays secure.
A number of projects have sprung up aiming to popularize the DAO concept. Unit Network’s token economy infrastructure provides developers with the tools they need to create and manage a DAO, complete with its own cryptocurrency, tokenomics structure, treasury, and a blueprint for ensuring full transparency. Using this infrastructure, it's possible for any kind of business, industry or city to create its own DAO and token and enable a more sustainable token economy that provides greater value to all participants.
DAO advantages include full accountability. Each new proposal submitted by a member of the community will be carefully considered by each stakeholder, with a vote being held to decide if it will be accepted or not. It’s in the interest of DAO members to reject bad ideas, as each one has to contribute financially towards it. Similarly, every transaction made by a DAO is fully documented on its public blockchain, making the misuse of DAO funds impossible. The transparency of DAO-based projects helps to all but eliminate the prospect of rug pulls because there is no individual or cadre of users in the background pulling the strings or calling the shots.
The Foundation Of A Safer Internet
When it comes to stamping out cyber scams, there is no silver bullet in blockchain’s armory. Although blockchain is high-assurance software, it is not 100% secure. That said, it lays a strong foundation for secure transactions that will become all but impenetrable as it scales and becomes more decentralized. Web3 enthusiasts can do their bit by promoting the idea of more equitable power structures based on decentralization and by recognizing that privacy and security are key elements of the system.
