We can never emphasize the importance of staying safe when using decentralized finance protocols and apps. Besides the always present smart contract risk, there are several additional factors that one should consider and pay attention to stay safe from scam attempts in the form of phishing, cloaking, fraudulent search adverts, and others.
Here are several things you should always keep in mind when using DeFi Saver:
- Always check the URL
One of the most frequent scams is tied to users using search engines to visit our website and application. Scammers love to abuse search engines to direct users to “copies” and fake versions of our website. Always make sure that the URL you are visiting to interact with our app is defisaver.com and app.defisaver.com.
The easiest way to mitigate the risk of opening a fraudulent, fake site is to bookmark the URL and always open DeFi Saver through the bookmark.
- Beware of search engine ads
While we may promote DeFi Saver using search engine ads in the future, this is currently not the case and search ads are unfortunately often the way that scammers will try to get users to a fake site where they will try to drive users into giving away their private key or secret words (seed phrase).
This is most often done using URLs that resemble defisaver.com. For example, there have recently been deflsaver.com and defsaver.com.
If you ever notice anyone impersonating our app, please report this to us via Twitter, Discord, or the in-app chat widget.
- Never share your private key or seed phrase
Always be aware that our app or team members will never ask you to provide or share your private key or secret words (seed phrase) for any reason.
Please note that your private key or secret words provide FULL ACCESS to your account and full control over any and all funds kept there. If you ever give those away, please consider that account compromised and move your funds to a new, freshly created account ASAP.
If a website, service, application, or a person asks for your private key or seed phrase - it’s a scam.
- Confirm the validity of the contracts you’re interacting with
Try to confirm the validity of the contract(s) your attempted transaction is interacting with before confirming the transaction.
When you’re interacting with DeFi Saver, almost all transactions you’re executing will go through your Smart Wallet (dsproxy) and the least you can do is verify that the transaction is being sent through it. MetaMask will show this at the top of the transaction confirmation window, for example.
You can find the list of current DeFi Saver smart contracts here or here and as always please feel free to reach out to us to check any additional noticed contracts whenever needed.
- Simulate transactions to verify their legitimacy before submitting
You can use Tenderly to simulate a transaction as it is created in the app and sent to your wallet for signing - before actually signing and broadcasting it to the mempool. This process is described here.
While the Simulation mode within DeFi Saver is a great way to verify how certain things work and if your intended plan would work out as expected, it’s a fully sandboxed mode, and confirming a transaction before confirming on the mainnet is a step above in verifying its legitimacy.
- Review token permissions
Overall, it’s a good practice to review token permissions periodically and remove them for any no longer used smart contracts. Due to their decentralized nature, to use DeFi apps, you are required to grant permission for each token to be used in smart contracts. However, once provided these remain active until you revoke them manually. To review and revoke permissions granted to various smart contracts you can use apps such as Approved.Zone or Revoke.Cash.
To wrap up, we will never ask for:
- Your private key
- Your seed phrase
- Your MetaMask or other web3 wallet passwords
However, your Ethereum Public Address is what you may share with anyone. Wallet addresses can be shared safely with anyone from whom you want to receive cryptocurrency of a certain type. No one can steal your digital assets by knowing only your wallet’s public address. We may ask you to provide it in case you require assistance from us regarding potential issues.