Before any specific scam, you need the right mindset — because in DeFi your own caution is the main security system. Everything that follows rests on one hard truth: on-chain actions are irreversible.
There is no undo
When a transaction confirms, it's permanent. No bank to call, no chargeback, no "forgot password", no support agent who can reverse it. Send to the wrong address, sign a malicious approval, or fall for a fake site, and the funds are simply gone. This isn't a flaw to fix — it's the nature of a system with no central operator.
What that demands of you
- Slow down around money. Most losses happen in a rush — a hurried claim, a panic-FOMO buy, a half-read signature. Urgency is the scammer's best friend; a deliberate pace is your best defense.
- Verify, then trust. Check URLs, contract addresses and transaction details before signing, not after.
- Assume nothing is free. Unexpected "rewards", airdrops and giveaways are overwhelmingly bait.
DYOR — do your own research
"DYOR" gets thrown around as a disclaimer, but it's a genuine practice: before committing funds, understand what you're interacting with — the token, the protocol, the site. No one is accountable for your decisions on-chain, so the research has to be yours. The coming lessons give you concrete checklists for exactly this.
The healthy default: skepticism
Treat every new link, token and offer as guilty until proven innocent. It sounds harsh, but it's the posture that keeps experienced users safe. The good news: a handful of habits — bookmarks, test transactions, reading signatures, revoking approvals — neutralize the large majority of threats. The rest of this module turns that skepticism into a routine.
Self-custody hands you full control. The price of that control is that you, and only you, are the security team.
- Acting fast under pressure — the exact condition scams are engineered to create.
- Treating 'DYOR' as a slogan instead of a step you actually perform.
- Assuming someone can reverse a bad transaction. No one can.