| ID | Mitigation | Description |
|---|
| M01 | Audit | DAO projects should commission audits before the go live of their smart contracts.
|
| M02 | Check smart contract
| Investors with an affinity for technology should check the lines of code of the smart contract on their own before investing.
|
| M03 | Check token contract
| Investors should check the contract address of a token before buying it on a decentralized exchange to avoid buying a fake one.
|
| M04 | Collect information on new projects
| Investors should collect as much information about a project as possible before investing.
|
| M05 | Check links
| Users/investors should double check the links they press (e.g., have they changed since the last use?).
|
| M06 | Check (NFT) collections before buying them
| Investors should check the genuineness of a collection or token before buying, even if they were linked by a proven source.
|
| M07 | Check token in blockchain explorer | Investors should search for the token they want to buy in the corresponding blockchain explorer (e.g. https://etherscan.io/, https://explorer.solana.com/). |
| M08 | Check token blacklists
| Investors should check blacklists of tokens before buying a new and unknown token (e.g., DappRadar blacklist).
|
| M09 | Check token liquidity
| Investors should check the liquidity in the balance pool of a token before buying it (e.g., on Uniswap V2 or 1INCH).
|
| M10 | Check apps
| Users should check apps before downloading them. This can be accomplished by checking the download rate of the app in the app store as well as by analyzing available user ratings (beware fake ratings!).
|
| M11 | Never share private keys or seed phrases
| Cryptocurrency investors should never share their private keys or seed phrases with anyone. Legitimate persons will never ask for that information. They should also avoid using screen sharing to solve technical problems since some apps include QR codes of private keys or seed phrases which could show up during the session.
|
| M12 | Avoid / turn off direct messages / Ingore strangers
| Investors, who use messenger apps, should use restricting settings. Users should never trust anyone they do not know and who is contacting them in a private message. Legitimate admins of real projects will never send a direct message first.
|
| M13 | Check charities before donating
| Donors should get as much information as they can before contributing to a charity or project.
|
| M14 | Double check too good offers
| Investors should double check offers which seem to good to be true, even if posted by a celebrity or influencer.
|
| M15 | Read the transaction message before signing
| Before signing a transaction users should read the transaction message, which shows the kind of transaction they sign (e.g. send transaction, smart contract interaction).
|
| M16 | Use new wallet for NFT mints
| For random mints users should use a clean wallet to avoid huge losses in case the wallet gets drained.
|
| M17 | Use a hardware wallet | Hardware wallets protect users to lose their private keys to scammers. Additionally, hardware wallets ask for another assignment before users can send tokens out of it. This additional allowance might help to think twice and not to be scammed.
|
| M18 | Do not mint NFTs with risky conditions
| Mints with risky conditions, e.g. hold an expensive NFT within the wallet to be able to be eligible for the mint, should be avoided.
|
| M19 | Do not stake coins/tokens on random websites / exchanges | Users should not stake coins or tokens on random websites, since they may loose them.
|
| M20 | Do not send coins/tokens to unknown wallets
| Users should not send coins or tokens to wallets they do not know since they may lose them.
|
| M21 | Buy/swap tokens/coins on decentralized exchanges, which implement solutions to protect users | To not become a victim of a sandwich attack users should use decentralized exchanges, which implement solutions to protect them.
|
