Conversation

2) NOT FINANCIAL ADVICE

3) Usually, phishing looks like an email, and it has a bad attachment, or something. In crypto, the scams have gotten sophisticated. For instance--we have a team of people who work to make sure fake FTX clones don't gain prominence.

102

4) Why fake websites? Well, generally, a phishing scam will copy someone's website, but intercept the username/password/etc.--so now they control the login, and can try to drain the user's account.

5) We have a huge number of controls in place to attempt to prevent fake FTX sites from being able to drain users' accounts. And generally they work: it was a lot of work but it's mostly successful.

6) To be clear, phishing is almost always a case where the user voluntarily (but unknowingly) gives their account credentials to a scammer by going to a bad site or something like that--but despite that, we take our duty to protect customers seriously, even from themselves.

7) (This was actually one of the first lessons we learned--way back in 2019, a few users got phished, and our initial reaction was 'that sucks please use 2FA'. Upon reflection--and reaction from users--we *mandated* 2FA, which helped a lot.)

109

8) Anyway, recently a frustrating thing happened. We’ve mostly stamped out sites that try to phish users by masquerading as FTX. But we can’t fix fake sites impersonating *other* services. A few users accidentally registered at fake other sites, including 3 Commas.

115