Decentralized applications (DApps, also dApps or dapps) offer a world of possibilities, combining the functionality of regular apps with the advantages of decentralization. Notable DApps such as OpenSea, UniSwap, and NBA Top Shot have emerged as a result of rapid innovation.
However, the increasing popularity of dApps has also attracted scammers who create fraudulent dApps to deceive users. To minimize the risk of falling victim to malicious dApps, we have some tips to stay safe.
Verify the legitimacy and reputation of the dApp
To ensure you're using a trustworthy DApp, consult reliable resources like DAppRadar.com information on popular DApps. Examine the DApp's on-chain graphs for any suspicious activity. Additionally, visit the DApp's social media pages to gauge its creators' activity and engagement with the community. Reputable DApps generally have active creators and a positive community reputation.
Furthermore, confirm that the DApp's smart contract has been audited by a qualified auditor, such as CertiK or similar. Auditing helps identify potential vulnerabilities in the code that could compromise your assets.
Always double-check the URL
Scammers often create fake dApps with URLs resembling those of legitimate dApps, intending to deceive users. For instance, they may substitute an "o" for a "0" or alter the website's spelling slightly. Once you access the fake website, you may be prompted to enter sensitive information such as seed phrases, private keys, or wallet connections, compromising your assets.
Scammers may also use Google Ads to appear at the top of search results, directing users to malicious websites. To avoid visiting fraudulent URLs, type the correct URL directly into the search bar or only use links provided by the DApp's official team. When you are sure you are at the correct URL, you can bookmark it to reduce the chance of visitng the wrong URL later.
Check phishing protection artwork
Legitimate BlockWallet extensions display a unique Phishing Protection artwork when requesting sensitive information like passwords. If you do not see your Phishing Protection artwork when connecting to a dApp, refrain from entering any sensitive data.