Conversation

2) NOT FINANCIAL ADVICE

3) Usually, phishing looks like an email, and it has a bad attachment, or something. In crypto, the scams have gotten sophisticated. For instance--we have a team of people who work to make sure fake FTX clones don't gain prominence.

102

4) Why fake websites? Well, generally, a phishing scam will copy someone's website, but intercept the username/password/etc.--so now they control the login, and can try to drain the user's account.

5) We have a huge number of controls in place to attempt to prevent fake FTX sites from being able to drain users' accounts. And generally they work: it was a lot of work but it's mostly successful.

6) To be clear, phishing is almost always a case where the user voluntarily (but unknowingly) gives their account credentials to a scammer by going to a bad site or something like that--but despite that, we take our duty to protect customers seriously, even from themselves.

nateid.eth nathaniel.lens (

7) (This was actually one of the first lessons we learned--way back in 2019, a few users got phished, and our initial reaction was 'that sucks please use 2FA'. Upon reflection--and reaction from users--we *mandated* 2FA, which helped a lot.)

109

)

@nateideth

Replying to

MFA is great but it won’t stop phishers in many cases, particularly in defi. I realize this is more about cefi but always be weary of signing any message.