Let's not get scammed

Hi everyone, I'm making this post because this mental model has helped me avoid getting scammed in the past and I figure if it helps one of you then it's worth it. This model relates crypto actions to classic banking to help identity actions that aren't safe.

1) Giving out your seed phrase. This is like giving someone your credit card number, expiry date and pin and telling them to go wild. NEVER give out your seed phrase to anyone, ever. Scams that say they need it are like someone telling you they need your card and pin to allow you to use Amazon or something - clear BS.

2) Connecting your wallet to a site. This doesn't have a clear equivalent in tradfi but it is a bit like putting your credit card down to pay in a restaurant. If we forget about contactless payments for a moment, the restaurant has your card and some details but can't make a payment because they don't have your pin.

Connecting your wallet should therefore be treated like this - would you trust that site to have your card details other than pin? If not, don't connect!

Connecting your wallet should NOT involve signing a transaction. If it does, that is a scam most likely.

3) Signing a transaction This is like putting your credit card into a terminal and entering your pin. So, this is ok for a legitimate site but absolutely not ok for an illegitimate one.

Something to be aware of is that in crypto when you sign a transaction, this comes with a separate thing called token approval and the amount approved is often infinite. In that case you trust the site to only take what they said they would. This is a bit like in tradfi entering your pin into a terminal that says infinite $ as the amount, and then trusting the terminal owner to only take an amount of $ that they said they would.

To avoid this, you can set a finite spending amount in your wallet. Most wallets now offer this as part of the transaction, you can usually press 'max' to set the approval amount to the transaction amount. In that case, you only allow the site to take whatever number of tokens you specified, not all of them.

Also consider getting a transaction previewing app like Pocket Universe or Fire. These are browser extensions that will preview what a transaction will do if you sign it, so you can avoid signing transactions that are going to drain your wallet.

Approvals of infinite amounts of tokens last forever. To end them, go to a contract approval checker like Unrekt and revoke the approvals.

4) Giving out your public (wallet) address This is like giving someone your bank account number and sort code so that they can pay you. It is safe to do this as there's no way someone can steal your tokens just from having your public address.

It is worth keeping in mind that in crypto, everyone can see your transactions. So if you give someone your public address, they get the ability to see everything you've done with that wallet and wallets related to it. For this reason, you may want to set up multiple wallets that never interact with one another to keep some of your activities pseudononomous.

That's it, hope this is useful for someone. Stay safe out there everyone!