Skip to main content

Quiz: Scam Prevention

Test your understanding of common DeFi scams and how to avoid them.

1. What is “typosquatting,” and how can it lead to a phishing attack?

Answer: Typosquatting is registering a domain name very similar to a legitimate one (e.g., c0mpound.finance vs. compound.finance). Users who mistype the URL can be redirected to a phishing site that steals keys or prompts malicious transactions.

2. Name two signs that a smart contract interface you’re visiting might be fake.

Answer:

  1. The URL doesn’t exactly match the official domain or certificate details.
  2. The site asks for your seed phrase or private key to “fix” an issue or claim rewards.
3. How does an “ice phishing” scam work?

Answer: Ice phishing involves sending a malicious token to your wallet. When you try to swap or approve it, you unknowingly grant the scam contract unlimited allowance on your real tokens, allowing it to drain your balances.

4. If someone on Discord messages you claiming to be Compound support and asks for your private key, what should you do?

Answer: Immediately refuse and block the sender. Legitimate support never asks for your private key or seed phrase; always verify through official public channels.

5. What are two best practices for managing ERC-20 token approvals?

Answer:

  1. Approve only the exact amount needed, not unlimited.
  2. Regularly review and revoke unused allowances using tools like Revoke.cash or Etherscan’s Token Approval Checker.