At OpenSea, we’re consistently taking steps to enhance belief and security within the NFT house and guarantee customers really feel assured connecting with us in all of our neighborhood channels. Nevertheless, security in web3 additionally requires customers to remain vigilant and shield themselves on Discord and different third-party neighborhood platforms.
How you can keep protected on Discord
In OpenSea’s Discord server, you’ll discover a number of channels the place you may hang around and talk about the newest NFT traits along with your fellow neighborhood members – and we encourage you to interact! That stated, when in search of assist from OpenSea assist reps, we advocate reaching us by way of our official OpenSea assist channel, support.opensea.io.
When partaking and asking questions of the broader neighborhood on Discord, at all times be cautious. All OpenSea employees and official Discord moderators might be recognized by a inexperienced checkmark in entrance of their username (see under).
And once more, for official buyer assist, please contact our 24/7 assist crew at support.opensea.io.
As a common reminder, OpenSea employees will NEVER:
- Ship DMs to you first.
- Ask in your crypto pockets seed phrase.
- Ask to see your crypto pockets QR code.
- Ask you to signal any message along with your pockets or ship you to a hyperlink that asks you to signal a message along with your pockets.
- Ask you to confirm your identification in any capability, eg. no hyperlinks to an exterior web site to login to.
- Invite you to a distinct Discord server.
- Ask you to switch cryptocurrencies or NFTs on their behalf.
- Ask you to click on on any hyperlinks in addition to support.opensea.io, twitter.com/opensea and twitter.com/opensea_support.
- Ask you to scan a QR code for assortment verification or for technical assist.
In case you have obtained one of many requests listed above, it’s seemingly a suspicious request. Please report the sender to Discord.
Security First: Greatest Practices
Beneath you’ll discover a collection of operational safety (opsec) finest practices that customers of all backgrounds ought to keep frequently. With unhealthy actors consistently on the transfer – even probably the most skilled web3 customers can fall sufferer to scams and phishing makes an attempt throughout the neighborhood ecosystem.
1) Keep away from DMs
We advocate that you simply block DMs for Discord. To take action:
- Proper-click on the server emblem.
- Click on on “Privateness Settings”
- Disable DMs.
- If you wish to take further precautions, you may disable all direct messages by default in servers.
Typically, most rip-off and phishing makes an attempt start by way of DMs. Be suspicious of any requests from strangers and at all times vet them. This is applicable to different chat apps ceaselessly used within the web3 neighborhood like Telegram and Sign.
2) Be cautious of good friend requests
Hottest Discord servers in web3 can have DM’s turned off by default. On this scenario, the one manner DM’s can happen is that if customers are already related by way of an present dialog, or if one other member (nefarious or not) points a good friend request.
If it is advisable to join over DMs, it’s finest to vet and make sure if the opposite celebration is who they are saying they’re. You may screenshot their request and make sure its authenticity straight with that celebration over Twitter or e mail.
3) Don’t click on on unfamiliar hyperlinks or obtain unknown recordsdata
This tip is as previous because the web however simply as related in web3.
Whether or not in Discord or elsewhere, keep away from clicking on unfamiliar hyperlinks and downloading recordsdata as they could have malicious scripts which is able to compromise your account (or worse, your system). Be extremely suspicious of any request that requires you to put in or run any program. Even an motion so simple as putting in a bookmark might compromise your Discord account.
4) Use timestamp-based Two-Issue Authentication (2FA)
Discord provides SMS as a technique of 2FA. Nevertheless, receiving 2FA through SMS is a attainable danger vector in case your telephone’s SIM card has been compromised. It’s finest to make use of a timestamp-based methodology of 2FA with apps like Google Authenticator. You may toggle this in your Discord settings.
Typically, you need to apply timestamp-based 2FA to your whole important web3 apps, if attainable.
5) Use a number of accounts & gadgets
Discord not too long ago launched a brand new function that allows you to handle a number of Discord accounts on one system. In case you are a member of various web3 communities, utilizing devoted accounts for particular servers is an efficient strategy to scale back danger. One step additional is to make use of a devoted system for Discord. For instance, you may set up Discord on an older smartphone and log in to your Discord account via your browser.
What ought to I do if I’ve been compromised?
In case your Discord account has been affected, please contact Discord and create a brand new account.
For those who assume you will have clicked a hyperlink to a malicious web site or scanned a malicious QR code, we advocate putting in a brand new pockets, and transferring your gadgets to it ASAP.
Please contact OpenSea at support.opensea.io for official buyer assist.
For those who see one thing suspicious, please tell us.