Nowadays, there is a lot of scamming going on. I’ve noticed lots of fraudulent reports on YouTube and Telegram in the past few weeks. Most of them, in my opinion, happened due to communication with malicious/rascally links and bad users’ security knowledge.
Moreover, it worth mentioning that when unexperienced users got scammed trying to stake/buy/wrap their $TIME/$MEMO they think that there is something wrong with Wonderland itself and in such a case a lot of undesirable gossips and comments are appearing!
So, I suggest:
Making a small pop-up notifications similar to ones that other DAOs have (“check you’re on the right link…”). We can also add some new messages which will pop-up every time you visit the Wonderland webpage (for example: "we recommend using a hardware wallet", “don’t communicate with untrusted DEXes”, etc.)
Create some educational posts on Wonderland twitter account / telegram channel to make scamming schemes more clear to the ordinary low-experienced users
(Addition to #2) Create a special “security section” on Wonderland webpage. It can also be must-read page before starting work with the project (similar to “user agreement” when you sign up to a new app for example). In such a case it should have a lot of visual materials and be really easy-to-read to avoid users just skipping it.
That’s it. It ain’t much, but it’s honest work. A huge amount of Wonderland users are new to DeFi and for most of them this is their very first experience. These three easy steps could prevent them from losing money. They are also will be less scared to jump into the rabbit hole!
P.S. Small addition to the pop-up notifications varieties from #1 (not about security measures but it can also be very useful for newcomers). If you are an active Telegram/Discord member of Wonderland you might have been noticed that there are tons of folks asking question: “Why there is an error which says execution reverted when I’m trying to stake?”. And there are tons of same replies to them: “You need some $AVAX for fees”. So it is basically a good idea to show a pop-up notification with this answer when such error occurs on the website!
Good idea. I’d like to suggest taking it one step further though. I’d like to have a login system for the staking app. To be able to access the page to stake/unstake, I’d like to have an authentication system with multi-factor authentication. This way, even if a wallet is compromised, the thief would need to go through an MFA mechanism to unstake and sell memo/time.
Even though contents of the victim’s wallet would be cleaned out, at least they would be protected from their staked MEMO being stolen as well.
EDIT: the MFA idea will probably not be enough because it is possible to interact directly with the staking smart contract. A scammer that knows what they are doing would be able to bypass the app
That’s a really solid addition to my proposal. But I don’t understand one thing (correct me if I’m wrong): if wallet is compromised, a scammer can easily wrap MEMO and make anything he wants with $wMEMO (for example borrow $MIM against it on abracadabra and send it to another wallet) without unstaking. So there is basically no benefit in user login system in such a case.
That’s what I’m saying in #2. Since this project is so popular with new investors we need to make an effort to guide them. Recommendation to use hardware wallets could be posted on twitter or even in a special webpage “security section” with other important guidances.
Good idea with hardware wallets. But most of the newbies do not how to use them. Maybe somebody makes a tutorial on how to connect to the wonderland app. Just my 2 cents.
I think teaching people how to use the basic tools of crypto is beyond the scope of this project. We could certainly recommend good YouTube tutorials which already exist tho.
Love this! I understand Defi is definitely “DYOR”, but by providing more helpful information is providing the “research” that new users will learn up on instead of leaving it to random YouTube channels.
On the one hand - yes, of course. But on the other hand - just imagine, if huge amount of projects would have its own basic security information or things like #1/#3. It would drastically decrease numbers of scams. Someone has to start this trend, and it would be cool if Wonderland would be headliner in this sphere. More information - more new users, who was previously scared or uneducated in some way!
I don’t see how this would work. Even if there was a login page, if someone compromised your wallet you would still be able to send memo to another wallet, unstake, and sell. There is no way to prevent someone from stealing funds from a compromised wallet via a login page. Also, attempting to not only implement a login page, but also tie someones memo to a particular account so only that account can unstake would not only require significant developmental effort but would also cause issues for users. For example, people buying a hw wallet and transferring their funds to that wallet after having already staked
Authentication system would not tie memo to a particular wallet. But like I said in the edit to my post, the system would not work since the scammer can still bypass the staking app and interact directly with the contract to remove the memo
If a wallet is compromised they wouldn’t even need to interact directly with the staking contract, they could just transfer the memo to a new wallet, unstake, and sell
wasn’t aware that staked tokens could be removed directly without unstacking. learn something new every day I suppose. Wish these blockchains had more inherent security built in.
I cannot edit my topic, so I’ll add this information here. I’ve found this amazing summary of the security tips (Security and lack thereof), it can be a starting point in creating types of pop-up notifications (#1) and it can be a nice addition to #3.
Daniele built this so the average Joe could have a chance at financial freedom… therefor I think security is key to protect newbies and staking gurus alike.
Hope we as a community will be able to support thsi!
