Safety Notes

A run-down of best practices to stay safe while collecting on fxhash, and while navigating the Web3 eco-system in general.

While the fxhash team does their utmost to provide a platform and community that is both safe and enjoyable, there is no guarantee that there will not be malicious actors trying to scam you out of your funds or crypto assets - it is important that you stay vigilant and exert scrutiny when you collect projects on fxhash and interact w dapps and other platforms in Web3.

Not Financial Advice

It is important to note here that none of the information here is meant to recommend or dissuade you from collecting specific projects on fxhash or interacting with certain dapps/platforms/tokens in the Web3 eco-system. Those decisions are entirely yours.

All we aim to provide is an overview of how this subject area can be used by scammers to steal your funds.

Verify before Collecting: Artists and Tokens

Before purchasing an edition from a project on fxhash’s primary market, always make sure that the artist is actually the creator of the project. Likewise, always make sure that projects you collect are actually original works and not stolen code repackaged as a generative artwork.

While for some of the bigger artists, that are household names on fxhash, it is pretty straightforward to tell, it might sometimes be a bit more difficult for new and emerging artists. If you are not entirely certain about the originality or legitimacy of a project, this is why fxhash has put in place a verification system, that artists can apply to, to obtain a checkmark badge next to their profile picture on fxhash.

Verification System A checkmark badge next to an artist’s profile picture on fxhash indicates that they have been vetted by the mod team with a proven track record of works on and off fxhash. While it is a strong indicator that the artist is trustworthy, we still recommend exerting due diligence and verifying that the originality of their work.

Not all artists on fxhash are verified however, in that case some of the other methods to verify the legitimacy of a project are:

Track Record and previous projects: Checking out an artist's previous projects gives a strong indicator of their track record.
The artist’s Social Media Profiles: checking the artist’s social media and whether or not they have talked and mentioned the project in the past
Artist’s Portfolio/Website/Blog: The artist’s personal pages and blog can also be an indicator if you want to collect their project. These pages might also be indicators about the artist’s persona informing you if they share similar values as you.
Directly reaching out: Sometimes the best way to verify a work on fxhash is by reaching out to the artist directly and inquiring with them.
Inquiring with other collectors: If the previous proves to be difficult, then you can also reach out to other collectors and ask them for their opinion.

We recommend also applying these same principles when collecting on other platforms and not just fxhash.

Before purchasing mints from any artist (including any fxhash verified user) offered on the site or marketplace, you are advised to verify the artist verification independently.

Although we may choose in our sole discretion to intervene or attempt to resolve a dispute between you and other fxhash users or Third Party Sites, you agree that we have no obligation to do so and that all transactions are ultimately solely between you and the applicable fxhash users or Third-Party Tools. The verification badge provided shall help collectors but is no substitute for doing your diligence.

Separation of Concerns: Hot vs. Cold Wallet

Besides being careful on what you collect, you can even go a step further and set up two separate wallets: a hot wallet that is used on a daily basis for effectuating transactions and interacting with dapps, and a cold wallet that is used as a vault for storing your assets. Here’s more information about the difference between the two:

Hot Wallet: A hot wallet is a cryptocurrency wallet that is connected to the internet. These are ideal for daily transactions and interacting with NFT marketplaces because they offer ease of access and convenience. Browser extension and software wallets like MetaMask, Temple, and the Coinbase wallet are essentially hot wallets. However, hot wallets are more vulnerable to online threats due to their constant internet connection and their interaction with various platforms and tokens. Still haven’t set up your software wallet? Here’s how to get started.
Cold Wallet: A cold wallet, on the other hand, is an offline wallet that provides enhanced security by being disconnected from the internet. This makes it an ideal choice for long-term storage of valuable NFTs and other cryptocurrencies. With cold wallets we usually refer to hardware wallets like Ledger and Trezor which are popular options. By using a cold wallet, you significantly reduce the risk of your assets being compromised through online attacks.
A good guide on getting started with a hardware wallet can be found over in the metamask docs:

User Guide: How to use a Hardware Wallet | MetaMask Help Center 🦊♥️

The metamask docs are also generally a great resource for learning about all sorts of scams and how to protect yourself against them.

Wallet Safety Tips

We’ve already mentioned this when in the resource that tackles setting up your software wallets, however, we’d like to reiterate this information as it is highly important:

Never share your private keys and seed phrases with anyone: treat your private keys and seed phrases as highly confidential information. If anyone ever ask you for this information, assume that they are trying to steal your funds and assets.
Avoid storing your private keys and seed phrases digitally: Is it not advised to store this information in digital formats such as on your phone, computer, or online cloud services where they can be vulnerable to hacks or leaks. Also don’t store your private keys on compromisable devices, but rather, use physical backups for storing them - either on a notebook that is stored somewhere safe, or as some recommend, engraved on a metal plate (or other durable material).

If you ever lose access to your wallet, this information is the only way to restore access. Otherwise your funds and crypto assets are lost forever.

Interacting with dApps and miscellaneous Tokens

Whenever you effectuate a transaction via your wallet, it is important that you are careful while doing so. Depending on what kind of transaction different kinds of code (smart contract or other) is run in the background - some transactions can therefore be malicious.

In Web3 there’s many different decentralized applications, many of them will require you to connect your wallet for you to make use of the functionalities they provide, like the Objkt and OpenSea marketplaces that let you primarily trade your tokens, or other collection management and token curation tools like Deca for instance.

While it is safe to connect to some dApps, others might be malicious and connecting to them could potentially be very dangerous, as connecting to them will instantly execute some code that will drain your assets to another wallet. For this reason we urge that you:

Never connect your wallet to an unkown platform: don’t only judge platforms based on their looks, it is relatively simple to spin up a website that looks professional. Verify that the dApp is trustworthy, and that you are connecting to the correct domain (as indicated by the URL in your browser)
Never confirm unknown transactions that you have not manually instigated: Never confirm a transaction when your wallet randomly prompts you with one. In case of doubt always reject the transaction. Even when you effectuate a transaction manually, still make sure what the transaction is actually prompting you to confirm.

Furthermore, it can also be dangerous to interact with tokens that have been airdropped to you - selling them on a DEX (swapping them for another token) can be used to execute some malicious code. It is best to ignore unknown/unidentified airdrops. Same goes for airdropped NFTs as well as other assets.

Interacting with Others

There are many malicious actors, not just in Web3 where there’s many financial incentives for scamming others, but also on the internet in general. Scams might not necessarily be done via a decentralized platform or some elaborate token schemes, but can equivalently be done via phishing scams or malicious links sent to you. Here’s some thing to always keep in mind when interacting with others on the internet:

Avoid Links: Be cautious of links sent via email or social media; when someone sends you a link, never immediately click on it. Always access fxhash and other marketplaces through the official links/socials. Try to avoid clicking links in general and double-check URLs. Verify the domain first, and ensure it is a legitimate URL to avoid phishing scams.
Beware of “Too Good to Be True” Deals: If a deal seems too good to be true, it probably is. Exercise skepticism and do your own thorough research. When something seems suspicious or feels off, it is often better to be safe than sorry.
Staying informed and asking others: engaging with others and staying up to date with the space can help you identify potential scams early on.

In conclusion, navigating the Web3 landscape safely and successfully requires a good amount of personal vigilance. While fxhash is committed to fostering a secure environment, the ultimate responsibility for protecting your assets rests with you. By adopting the best practices outlined here – verifying artists and projects, employing a dual wallet strategy, staying alert online, and meticulously reviewing transactions and interactions – you empower yourself to fully enjoy fxhash and the Web3 eco-system in general, while minimizing the risks involved.

PreviousPrivacy Policy NextONCHFS

Last updated 2 months ago