At OpenSea, we’re continuously taking steps to enhance belief and security within the NFT area and guarantee customers really feel assured connecting with us in all of our group channels. However, security in web3 additionally requires customers to remain vigilant and shield themselves on Discord and different third-party group platforms.
How to remain secure on Discord
In OpenSea’s Discord server, you’ll discover a number of channels the place you possibly can hang around and talk about the most recent NFT tendencies together with your fellow group members – and we encourage you to have interaction! That mentioned, when searching for assist from OpenSea help reps, we advocate reaching us by means of our official OpenSea help channel, support.opensea.io.
When partaking and asking questions of the broader group on Discord, at all times be cautious. All OpenSea employees and official Discord moderators might be recognized by a inexperienced checkmark in entrance of their username (see beneath).
And once more, for official buyer help, please contact our 24/7 help staff at support.opensea.io.
As a common reminder, OpenSea employees will NEVER:
- Send DMs to you first.
- Ask on your crypto pockets seed phrase.
- Ask to see your crypto pockets QR code.
- Ask you to signal any message together with your pockets or ship you to a hyperlink that asks you to signal a message together with your pockets.
- Ask you to confirm your identification in any capability, eg. no hyperlinks to an exterior web site to login to.
- Invite you to a distinct Discord server.
- Ask you to switch cryptocurrencies or NFTs on their behalf.
- Ask you to click on on any hyperlinks in addition to support.opensea.io, twitter.com/opensea and twitter.com/opensea_support.
- Ask you to scan a QR code for assortment verification or for technical help.
If you will have obtained one of many requests listed above, it’s probably a suspicious request. Please report the sender to Discord.
Safety First: Best Practices
Below you’ll discover a sequence of operational safety (opsec) greatest practices that customers of all backgrounds ought to keep regularly. With unhealthy actors continuously on the transfer – even probably the most skilled web3 customers can fall sufferer to scams and phishing makes an attempt throughout the group ecosystem.
1) Avoid DMs
We advocate that you simply block DMs for Discord. To achieve this:
- Right-click on the server brand.
- Click on “Privacy Settings”
- Disable DMs.
- If you wish to take further precautions, you possibly can disable all direct messages by default in servers.
In common, most rip-off and phishing makes an attempt start by means of DMs. Be suspicious of any requests from strangers and at all times vet them. This applies to different chat apps incessantly used within the web3 group like Telegram and Signal.
2) Be cautious of good friend requests
Most fashionable Discord servers in web3 could have DM’s turned off by default. In this case, the one means DM’s can happen is that if customers are already linked by means of an current dialog, or if one other member (nefarious or not) points a good friend request.
If that you must join over DMs, it’s greatest to vet and ensure if the opposite get together is who they are saying they’re. You can screenshot their request and ensure its authenticity instantly with that get together over Twitter or e-mail.
3) Don’t click on on unfamiliar hyperlinks or obtain unknown recordsdata
This tip is as outdated because the web however simply as related in web3.
Whether in Discord or elsewhere, keep away from clicking on unfamiliar hyperlinks and downloading recordsdata as they might have malicious scripts which can compromise your account (or worse, your gadget). Be extremely suspicious of any request that requires you to put in or run any program. Even an motion so simple as putting in a bookmark could compromise your Discord account.
4) Use timestamp-based Two-Factor Authentication (2FA)
Discord affords SMS as a technique of 2FA. However, receiving 2FA through SMS is a attainable threat vector in case your cellphone’s SIM card has been compromised. It’s greatest to make use of a timestamp-based technique of 2FA with apps like Google Authenticator. You can toggle this in your Discord settings.
In common, it’s best to apply timestamp-based 2FA to your entire essential web3 apps, if attainable.
5) Use a number of accounts & units
Discord not too long ago launched a brand new function that allows you to handle a number of Discord accounts on one gadget. If you’re a member of various web3 communities, utilizing devoted accounts for particular servers is an efficient solution to cut back threat. One step additional is to make use of a devoted gadget for Discord. For instance, you possibly can set up Discord on an older smartphone and log in to your Discord account through your browser.
What ought to I do if I’ve been compromised?
If your Discord account has been affected, please contact Discord and create a brand new account.
If you suppose you’ll have clicked a hyperlink to a malicious web site or scanned a malicious QR code, we advocate putting in a brand new pockets, and shifting your objects to it ASAP.
Please contact OpenSea at support.opensea.io for official buyer help.
If you see one thing suspicious, please tell us.