How to Avoid Blockchain Blackhats on Discord

Discord and Telegram are the two most common means of communication in crypto, which means they’re the two most common means blackhats, fraudsters, and scammers use to attack DeFi users. We’ve already written about how to stay safe while using Telegram, so now it’s time for a guide on how to stay safe in Discord.

What is the biggest attack vector that you need to watch out for as a crypto user on Discord? The biggest attack vector is DM communications.

It’s a fact that if you use Discord for any amount of time in the crypto space, you’ll start getting manual and automated messages from blackhats, fraudsters, and scammers. Sometimes, these are legitimate (though somewhat spammy) messages. There are a lot of projects in crypto and more being founded every day. Unsurprisingly, these projects want to try and get the word out about their protocols. But more often than not, these messages fall into three categories:

They impersonate a crypto server or a specific individual. It may look like an invite to the SushiSwap server, but it isn’t. It may look like Vitalik Buterin himself is DMing you, but he probably isn’t. If you’re interested in joining the Discord of a project you like, make sure to join that server by finding the link on the project’s website or other authenticated social media channels. Don’t join the server of a project through a link in a DM.They offer fake giveaways. Scammers know that their DMs come off as spammy, so they want to grab your attention by offering free tokens. This one is trickier because projects airdrop tokens to users all the time, so it’s more difficult to tell what is legitimate and what isn’t. However, it’s always a good idea to ask the admins of that protocol directly whether they are airdropping and whether they are airdropping via Discord DMs. In almost every case, the answer is “No, that’s a scam.” If you click the link in the scammer’s DM and follow the instructions, you often end up ensnared by the scammer.They offer tips on the latest and greatest tokens to buy. These servers are often run by groups of coordinated whales and marketers dupe users with fake alpha and recommended token buys, in order to engineer pump and dumps. They make money; you lose money.

The above scenarios are the most common you’ll experience, and in light of that, it’s important to remember some general tips to keep you safe.

When you get suspected spam or scam messages, don’t just close the DM. Block the user, so you don’t get DMs from them again.

Be careful about clicking links, especially links that have been shortened to hide their final destination. Don’t download files, especially executable files, from other users. If you do need to exchange sensitive information with someone, consider using Keybase, which is much more secure and allows for greater independent authentication of a user’s account.

Those are the basics, which require a healthy dose of common sense in skepticism.

In terms of technical recommendations for using Discord, we have a few:

Use a randomly generated password. Grab a password generator like 1Password and use it to generate and store your passwords. It’s 2021. You can’t afford to use lame passwords stored in .txt files on your computer, especially when your crypto is at risk. Be smart and sleep better at night.Turn on two-factor authentication (2FA) in Discord. You can find this setting in User Settings on Discord. Discord allows you to use Google Authenticator, Authy, or other methods.Configure privacy settings, which you can find in Privacy & Safety under User Settings. Choose whether you want to allow direct messages from server members or not. It’s up to you. Note, however, that if you have DMs turned off, then if you join a server with a Captcha or Verification bot that authenticates you via DM, you may not be able to use it. Check the server information to see if open DMs are required for that server.In Privacy & Safety, select who can add you as a friend. If you’re extra paranoid, you can prevent anyone from adding you as a friend, or you can allow it just for members of the same server.If you don’t want Discord storing your IP information, use a VPN. However, some servers prohibit users with VPNs, in which case you’ll have to find a more obscure VPN, roll your own VPN server using open source software, or some other alternatives.

Crypto is still the Wild West. There are as many risks as there are opportunities. We hope this guide will help you to use Discord smartly and to stay safe.