Security Documentation (PLEASE REVIEW)

gm! The Gitcoin community is bustling at the moment and we thought… what a perfect time to remind everyone to stay wary of opportunists.

Let’s stay aware of cyber security and make sure to protect yourself and the accounts that you’ve got access to with the recommendations detailed below.

Cyber safety as a mindset: a few practices to keep in mind

Setup 2fa authentication — this is basic and effective. Here is an article with more info!
Install Malwarebytes on your devices — it is a decent tool that blocks known malware.
Be really careful about friend requests on Discord or new followers on Twitter. Don’t ever click on any links you do not know or trust (more on Discord safety below)
Last but by no means least: ALWAYS contemplate the links you receive. It can be tough to remember on the fly so we’ve put together some countermeasures to protect yourself:
- log in with guest accounts without admin access to your machine. The id token attacks are trickier to prevent though
- we are all contributing to the open web and are stewards in our own right. As a community, we need to protect one another. Overcommunication is not possible here — please contact us if something seems off.

General Safety Tips

Before you create your grant, revoke any approvals ahead of time to make sure that your wallet hasn’t been compromised.
- Grantees have lost payout funds in the past because their wallet was still sitting with a phishing token approval, and once payouts were done they lost all their funds.

During Gitcoin Grants, a lot of scams tend to pop up online. Remember the following to stay safe:

ALWAYS be careful of FOMO. Gitcoin will never create FOMO.
Slow down and double check what you’re connecting to/signing.
If you’re unsure about something, reach out and ask. Verify, verify, verify.
Remind your community of safety tips!
Be careful about people imitating gitcion team members or those running community rounds. - especially if you have not been approved for a round and you are trying to appeal. You can always double check with [email protected] and someone will help you identify the right accounts to interact with.
Use the list of safe accounts

Good articles to review and remind ourselves of what’s possible:

Don’t be the Reason Your Employer Got Hacked While Working From Home!

An interview with a DAO money grabber, how they are draining treasuries