At least a dozen STEPN scam accounts have been banned on Twitter after the community rallied together to report the nefarious activities of various scammers.
STEPN is a Solana-powered M2E NFT game that pays players to walk. Players can also collect NFT sneakers in the game.
The move to suspend fake accounts started after Twitter user @Sunit_Stepn published a tweet exposing several STEPN users as scammers earlier this week.
The community rallied together to report and block the fake accounts, most of which have now been removed from the platform.
Earlier today, Sunit tweeted:
“All of these scammer accounts are banned. Well done #STEPN community…
“Next hunting is on the way.”
The tweet implied Sunit is on the hunt for new scammers to identify and suspend with the help of the STEPN community.
A search showed some of the fake accounts were, in fact, still active at the time of writing. However, all references to STEPN had been removed from their profiles.
All of these scammer accounts are banned 😱. Well done #STEPN community 🤝.
Thank you @CM_Gilgamesh @bnBeth_solvax @loveaitt @Firelauncher_ and all those retweeted for making it possible 💪
Next hunting is on the way… https://t.co/af8fWUf8pf
— Sunit (@Sunit_Stepn) July 28, 2022
Fake STEPN accounts appeared in the comment section
Shockingly, Twitter users reported attempts at being scammed by fake accounts commenting under Sunit’s tweet.
User Victor Hilitski tweeted to confirm he had reported the accounts. Then, a STEPN spam account pretending to be an official support channel, asked him to get in touch if he is experiencing any difficulties.
@VHilitiski used the tweet as a teachable moment and explained there is no way the STEPN team would reach out to users this way. Support is only available through limited and legitimate means, such as tickets submitted through the official STEPN Discord.
This is just too funny 😂
And a perfect example why we have to be extra cautious&explain to the majority of the new and not familiar with web3 users that there's NO Way team would reach out to you in such a way! Only through submitted tickets through discord or 📩 button in app! pic.twitter.com/sPor0Fi7SR
— Victor Hilitski (@VHilitski) July 25, 2022
But this experience shows that fake accounts are prevalent and scammers are unafraid to go after people, even in comment sections discussing the need to report fake accounts.
What were the fake STEPN scam accounts?
Of the 16 fake STEPN scam accounts, half were accounts posing as the official STEPN account. The official STEPN Twitter account is here. It has a blue tick as it is verified by Twitter and has more than 600,000 followers at the time of writing.
Any other account pretending to be STEPN is fake and should be blocked and reported.
There were also several accounts pretending to be the official STEPN support Twitter account. STEPN doesn’t have a separate support account on Twitter.
A couple of accounts promised an elusive STEPN activation code for anyone who DMs. Activation codes are hard to come by, but you would be better off trying to land one legitimately rather than falling prey to scammers. If you want an activation code, check out our article here digging into how you can land one safely.
What are some common STEPN scams?
There are many STEPN scams happening on and off Twitter alike. Most STEPN scams involve some form of phishing.
Fake accounts might pose as official channels and ask users to enter their seed phrase to receive further assistance. Users must never enter their seed phrase anywhere as that is the key to their crypto funds.
But unsuspecting users who are new to Web3 or desperate for help, could fall for these scams.
This is why it’s so important for the community to rally together on social media and elsewhere to combat fake profiles looking to extract personal information from unsuspecting victims.
Impersonator sites using fake Metamask extensions
PeckShieldAlert, a free Chrome extension that warns you if you’re viewing a phishing site, recently exposed a new STEPN phishing scam.
Several STEPN impersonator sites have started inserting fake Metamask browser extensions that encourage people to connect their wallets for a giveaway in order to steal their seed phrase.
#PeckShieldAlert #phishing PeckShield has detected a bath of @Stepnofficial phishing sites. They insert a false Metamask browser extension leading to stealing your seed phrase or prompt you to connect your wallets or “Claim” giveaway. @Metamask @Coinbase @WalletConnect @phantom pic.twitter.com/cmWUcprMAN
— PeckShieldAlert (@PeckShieldAlert) April 25, 2022
Staying safe in Web3 can be hard, as spammers are smart and create websites that look convincingly like the official website.
So how can you keep yourself safe in Web3?
How do you protect yourself from scams in Web3?
Staying vigilant is important! There is a constant flood of scammers hiding behind anonymous accounts. Suspending their account doesn’t mean they can’t come back with another fake account the very next day.
Many people are still new to Web3. They are not always aware of the ‘rules of the game’, as scams are innovative, sophisticated, and highly convincing.
So what are some ways to stay safe in Web3?
Always double-check social media accounts are legit
Most crypto projects have one official social media account on platforms like Twitter. The bigger projects will usually be verified by the platform with a blue tick and will have a sizeable following. This is a pretty good indication that this is the official account.
Another way to make sure that you’re accessing the official social media accounts is by following the links on the official website. These links will lead you to the actual social media account.
Stay vigilant even if the information comes from official channels
Earlier this year, the Bored Ape Yacht Club (BAYC) server was hacked after the project’s community manager Boris Vagner lost access to his Discord account. The hacker used Vagner’s account to post phishing links in various related Discord channels.
Believing the phishing links were legitimate, many Discord users fell for the scammer’s attack. An estimated 145ETH was stolen along with valuable NFTs.
Our Discord servers were briefly exploited today. The team caught and addressed it quickly. About 200 ETH worth of NFTs appear to have been impacted. We are still investigating, but if you were impacted, email us at [email protected]
— Bored Ape Yacht Club (@BoredApeYC) June 4, 2022
Even information coming from seemingly legitimate sources should be double and triple-checked in this space.
Even if it appears like a moderator has announced an impromptu giveaway, it would be wise to double-check this is actually happening via the official channels, and website, for example.
Acting rashly is never a good idea in the Web3 space.
Never share your seed phrase with anyone
This bears repeating as it can do the most damage. Never share your seed phrase with anyone. Your seed phrase is how you gain access to your crypto. If anyone else has your seed phrase, they can also access your crypto. It’s that simple.
If anyone asks for your seed phrase, it’s a scam 100% of the time. Always.
It doesn’t matter if the person is asking for your seed phrase so they can ‘help’ resolve a technical issue. They shouldn’t need it to do that.
The best thing you can do is keep your seed phrase as secure and private as possible. Write it down in a secure physical notebook, and delete it off any devices.
Staying safe on STEPN and elsewhere in Web3
It’s encouraging to see the community rallying together to tackle the serious risk that scammers pose. But, ultimately, staying safe on STEPN and Web3 is your responsibility.
There are several precautions you can take to protect yourself. And, as long as you exercise common sense, remain vigilant, and think before you act, you can enjoy the many opportunities presented by STEPN and the rest of Web3 alike.