Online Safety
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Whag and Web3 Academy Twitter Space Transcript

The transcripted Twitter Space where Web3 Academy and Whag talk online security, phishing, and announce collaboration.

Whag Team

November 10, 2023

Web3 Academy + Whag Twitter Space

Listen to the full recording

Jay: Speaking about going through hell and coming out on the other side, today we are getting into how we went through hell by losing our Lens handle. Our Lens handle was stolen, we got phished, we are going to tell you guys the story of what happened, so you can all learn how it doesn’t happen to you. It’s always important to share the stories of the bad things that happen to us that we tend not to talk about so much, but very important. And then we’re going to talk about what’s next, what are we doing to fix scams, what are we doing at Web3 Academy, and that’s why we’ve got Sebastian from Whag joining us. So, we’re going to tell you what we’re doing with verified links, and we’re also going to tell you what’s next with our Lens handle, which ties into Web3 Academy 2.0 and our current roadmap. We are in week 2, I hope you all minted our free mint last week but if you didn’t, don’t worry we got more happening this week. So yeah, we’re going to talk about what’s happening with Web3 Academy 2.0, next steps, so stick around to the end for that because we’ve got some exciting stuff, and if you guys complete each week, if you complete each step, in the road map of Web3 Academy 2.0 there might be some stuff for you at the end. So, exciting stuff.

Let’s get her started by talking about what happened to our Web3 Academy Lens handle, our Lens handle which had over 60,000 followers, was unfortunately phished. Raul, why don’t we start, I think you were the first to find out about the phish, so why don’t you start from the beginning, what happened, how did it all go down?

Raul: Yes, so our Lens handle basically switched hands a few times throughout our time on Lens. We’d been there since the beginning, since last summer, and we had gained over 60,000 followers on there. And, basically, what we did was, one, poor management of how we held the handle, the NFT, and, two, we got scammed by Web3, because we know that’s a big problem. So basically what happened is we held the NFT in a wallet that we interact with on a daily basis, so the person who held our Lens was interacting for personal stuff on the Web3 space, doing all of the things that we love to do every day, and unfortunately, they clicked on a wrong link that was not legit, and there was no way of them knowing that it was a phishing link or maybe they didn’t notice it from the start. And that was basically the end of the story because once that hacker gets access to the wallet you’re pretty much done. And yeah, that’s the story of how we got phished we just basically clicked on the wrong link without realizing in time to protect our assets on there and especially our Lens handle.

Now, what we’re doing to fix the situation is, so, thanks to Lens, they just implemented this feature where you can send the NFT outside of your wallet so you can hold it in, like a hardware wallet for example, and then share access to it through like four or five custodians that can interact on the Lens profile which is super great in terms of security. But that still doesn’t fix all of the spam and scam issues that Web3 has to deal with every day which is mostly phishing links. We’re using Whag to verify our links, and I’m not going to give away how we’re doing that just yet, I’m just going to give the word over to Sebastian to tell us how this works and how we’re using this.

Jay: We're getting ahead. So Raul woke up one morning, heard from another one of our team members he had gotten phished. I hope you all haven’t experienced this but if you have experienced it, when you wake up and you realize that, you look in your wallet, and you’ve been drained, what an awful, awful feeling that is and it’s such a big problem within our space. In the case of Web3 Academy, we lost our handle which had over 60,000 followers, so that’s a real loss for us. Obviously, we believe that we can build it back up, but that sucks. But also the individual on our team who was phished, he lost many other things from his wallet as well. So this was a tough day for us at Web3 Academy, certainly, I remember waking up, myself, I’m usually the last one of us to wake up because I’m in the Western part of Canada, so I remember waking up and the Discord going off and everyone was like, “What’s going on, where is it, how do we get it back?”. It affects your mental state and you really get emotional, and you get reactive, and there was a bit of yelling at each other because, you know, you’re looking to blame each other, “Who’s fault is this?”, and thankfully our fearless leader Kyle came in and said, “Everyone take a deep breath, it’s nobody’s fault, it happens, we’ll take it one step at a time and we’ll figure out how to fix it”. Kyle, I don’t know if you want to jump in and talk at all about that day and your feelings and what we experienced.

Kyle: Yeah, just to give some context in terms of phishing and how this works, what happens, for those that maybe haven’t had this happen or are unsure if it’s happened to them, is when you go to sign a transaction, and what hackers do or scammers will do, is they’ll get you to sign a transaction that allows them to basically take anything from the wallet. So you’re actually signing a transaction that’s sending everything out of the wallet. But you don’t know that because the way the wallet UX is, is you can’t really understand what that transaction is. A lot of time it’s a bunch of Xs and Os and you’re like, “Well what does this even mean?”, most of the time though you can, if you really read the details, the problem is most of the time people don’t. But if you read the details, you can see that you’re sending the XXX, all of the different things, so if you actually read the details before you click that sign you’ll see what’s happening. Most people just don’t do that, because we’re used to the Web2 world where we just click around, there’s no risk. There is risk when it’s the custody of your own assets, unfortunately. It’s a great thing to custody your own assets, but it also comes with the risks, and the downfalls of potentially sending them to the wrong spot. So really, really, you want to do two things, one is double-check your signatures. Every time you’re going to sign anything, read what the heck that thing says and read what you’re signing before you do it. Doesn’t matter if it’s a hardware wallet, if you sign that transaction and it’s a phishing attack it’s gone. Doesn’t matter what wallet you use. So that’s the first thing, and then second is, don’t hold your assets on wallets that you’re interacting with applications with. We talk about this one all the time if you’re going to interact with apps, Uniswap, Opensea, whatever, have a dummy wallet that you do that with, and as soon as an asset goes into that wallet, move it out to a different wallet that you don’t interact with. That’s what our social media person should have done, they should have not had the Lens in their normal wallet they go and use to mint things, you should always mint with a separate wallet and then hold your assets in a different wallet, so that was the big mistake. And then the other problem was just, they clicked on a link that they just didn’t realize was a phishing link. And that’s really where the big issue comes with Web3 is it’s really hard to tell what’s a bad link and what’s not, right? Oftentimes, let’s say it's lensprotocol.com or whatever, I think they’re lens.xyz, they’ll switch out a letter or something, and so oftentimes you’ll see, you’ll see it on Twitter too, the account might be Web3 Academy, but they’ll get rid of the “e” so it’s W-b instead of W-e-b and a lot of people just miss that and that’s when you end up getting phished. It happens all the time. So, just things to be aware of, you got to double-check when you’re clicking things because these are all assets. A couple things, I just want to get into what Lens has done just so we have that on lock and then we can go into further things if that’s alright, Jay, or are there things you want to get to first?

Jay: You want to talk about Lens Profile Guardian?

Kyle: Yeah and just touch on what Raul already mentioned. So two things that Lens has done to help with this, one is delegate access. So what Raul said, this happens with Lens V.2 which isn’t live yet but it will be in the coming weeks. You put your Lens profile in, I don’t know, a hardware wallet that you never use, you never interact with, and then you delegate access to other wallets to go and post and comment and do other things on, but they don’t actually have to hold the NFT which is great. You think of this compared to the Web2 world, right now for us to have multiple people use our own Twitter we have to have like five different people from different countries all log in to the same account with the same username and password. That’s actually not a good idea, but it’s the only way you can do it with things like Facebook, Instagram, and Twitter, and any other Web2 app. You can’t delegate access for another account to go and Tweet on your behalf or do things on your behalf, so it’s a risk. So Lens is actually ahead of other Web2 apps by doing that, which is super cool. The other thing they’ve done is something called Profile Guardian. This they did, after we were phished, there were actually a bunch of Lens accounts that got phished, some of them were quite big, not just us, we were the largest because we’re one of the largest accounts on Lens. But what Lens did is they said, “All hands on deck, we need to figure out a solution to this because a bunch of people are getting their Lens handles stolen or phished,” so what they did is they actually stopped working on anything else on Lens and they built in this functionality where now all Lens handles have a guardian attached to it. Where as soon as a handle is minted or shared to someone, so it’s transferred, it has this delay, where you can’t do anything with it for seven days. Well actually, you have to disable this guardian and after seven days of disabling, then you can send it. So even right now we’ve minted a new one, I can’t send it to someone else until seven days after I’ve disabled this guardian. So even if someone phished my wallet, they could take other things out of my wallet but they can’t take my Lens handle, it’s actually stuck there unless they go and disable it, and then they still have to wait seven days. Which, by then, maybe I can figure something out, what the solution is to that, I don’t know, but at least there’s something in place to have a bit of a break instead of waking up the next day and it’s gone, you wake up and you’re like, “Okay someone has hacked my account but they can’t take anything yet”. The other thing this Profile Guardian does really that’s cool that I think everyone needs to implement is when you go to sign that transaction, that phishing transaction that takes all of your stuff, a popup appears now in your wallet that says, “Are you sure you want to give away your Lens handle,” which is good because, the person that we had on our team, they went to sign a transaction that had nothing to do with Lens, they were signing something completely different, but randomly this would come up and say, “Are you sure you want to give away your Lens handle,” which would immediately tell you, “Oh, I’m signing something that’s incorrect,” and hopefully then, you don’t go and sign that transaction, ideally. So that’s the other thing they’ve just included in this Profile Guardian which I think is super key. So we need more things that, before you sign or before you click, which is what we’ll talk about with Whag and why we’ve brought them in, already warns you ahead of time, that’s the key. Once you’ve made the signature you’re kind of screwed, so we need things that are warning you ahead of time which is what Lens has done and more with what we’ll talk about with Whag as well.

Jay: Great, thanks so much Ky, so as Ky said, we get stuck in Web3 because the UX is so difficult in wallets that you end up signing a transaction that you don’t realize is a phishing attack, and you usually sign that transaction from a website that looks like an exact replica of the website you thought you were going to. I’ve seen a bunch this morning, some big announcements out of Worldcoin coming and there’s a whole bunch of phishing attacks already on Twitter. People will pay for ads on Twitter, they will create Twitter accounts that have tens of thousands of followers, so you think it’s legit, you think it’s Worldcoin, as Ky said usually it’s just a different spelling in the Twitter name, and then maybe a different spelling in the link and then you go to that link, it looks like Worldcoin’s website, you click connect wallet, you connect your wallet, you sign to do a transaction and boom you’ve been phished. The biggest thing is, always take a deep breath and read the names, look at the link, make sure it is the correct link. And then the other simple thing is, rather than you go direct from, let’s say you’re on Twitter and you want to go to Worldcoin, don’t just click the link and go to Worldcoin, go type in the Worldcoin URL in your browser and go that way because then you know you’re going to the correct homepage, the correct website, where you wanted to be.

Sebastian, I want to get you over here now to talk about Whag. Let’s start though with, what’s your view, as a founder in this space who is dedicating your and your teams time to really solving, being a part of solving the security and scam issue that we have. Take us back to sort of the beginning, did something happen to you that made you want to start this company, did something happen to a friend of yours? What’s the origin story of Whag?

Sebastian: I’m so glad you asked, last year we were working on another project and while we were working on that project we started to look around and see constant headlines of more or less the same thing. Massive NFT collection hacked. Community members' wallets drained. Massive Twitter personality hacked, sends out fake airdrop link, followers lose hundreds of thousands of dollars due to connecting wallets to a phishing link. It seemed like something that was popping up again and again and again, and no one was really doing anything to fix that. Now, as people that all believe in Web3 and believe in the opportunity that it presents and the potential that it represents, if you have an industry that’s so full of scams and phishing attacks and big losses that are all over news outlets, new people aren’t going to come in and they’re not going to join you. So we really thought, alright, is there a way that we can actually step in, build a product that makes a difference and make this into an ecosystem that is just generally more friendly? And if the answer is yes, we should do it. So we started thinking, "Okay, what are we going to build?" Let’s build trust. And that’s really what Whag was built around, is the concept of helping people build trust in Web3. So we did all of our research, we started talking to people that had been hacked before, people whose accounts had been cracked into, and whose followers started suffering. We went through what’s called the “mom test”, we asked all of these people about their experiences, and at the end of the day we realized, hey, we’ve got an idea here, these people are interested, let’s go ahead and do it. And that’s pretty much how Whag was born.

Jay: I love the mom test that’s a great start to any business.

Sebastian: Yeah, and it’s totally necessary too if we’re being honest.

Jay: What is Whag then? Tell us. You’ve been sort of teasing it, tell us what you’ve built, what you are building.

Sebastian: Absolutely. So, Whag is the verified link solution. You guys were kind of talking about this a little bit earlier with fake links. What hackers like to do is they replace Latin letters with visually identical cyrillic counterparts to create domain names. So they can actually create domain names that look exactly like the correct URL, and humans just can’t tell. It makes a pretty difficult situation for a lot of these people. The way that Whag works is we allow anybody to create a profile with either a Google account or their Web3 wallet, so Metamask, etcetera, as they go through the process of creating an account they’ve got to actually verify their identity by connecting at least three other socials so you’re just OAuth-ing in. And what this does is it makes it so that people can’t actually create Whag profiles unless they’re real people. And that’s a big deal here. So, when you create this account, you connect your socials, you get what’s called a WhagTag which is your verified digital identity in our system and your WhagTag can only actually derive from your legal name or the handles of one of the socials connected to verify your identity. Again, this is a really big deal here. It’s an important concept, people are who they say they are in our system. And Whag actually stands for “where humans are going”. After you’ve gone through this entire process and you’ve created your account you can start making what we call, verified links, ASAP. When you create a link with us, it’s just like creating a shortened link with bit.ly but there are two key differences. The first one, is when you use bit.ly to create a shortened link, you can create that link with anything. Bit.ly doesn’t check it against any sort of list to make sure that it’s good or not, and in fact 50% of links made with bit.ly are actually phishing links. There are a lot of problems with that, I mean if you’re using that from a marketing perspective and you send stuff out, like your email is probably going to get blacklisted, not great, deliverability goes down. With us when you actually drop a URL in, we run it against our block list. So if someone tries to create a malicious link with Whag, the system is going to flag it and it’s gonna say, “We’re sorry you cannot create that link,” you can only create good links with Whag. To complete that process you actually have to sign that link with your wallet, so there is a digital signature connected to every single Whag link. If you’ve signed up with your wallet, your personal wallet, that’s your signature, if it’s OAuth-ed in through Google, we actually give you guys a wallet on the back end that it signs to. So you can be a Web2 person and use Whag, you’ll never know that there’s blockchain in there but you’re still going to get the benefits. After that link is connected, or collected, created, when you share that link, anybody who clicks on that link is going to be taken to an interstitial called the Safe Stop. And that Safe Stop is going to tell you, “This link has been verified with Whag,” and it’s going to say, “Lens Academy made this link,” or “Web3 Academy made this link,” and then it’s going to redirect you to your destination URL. So literally every single time someone clicks on a Whag link they’re going to know who created that link, they’re going to be able to verify that person is a real person, and they’re going to know that the URL they they’re being redirected to at the end is something that they can trust to interact with.

Jay: That’s amazing. This is exactly what we need in the space. Which is why, at Web3 Academy, we partnered with Whag to ensure that our links are safe. Sebastian, I also didn’t know that Whag stands for “where humans are going”, that’s awesome to know the origin story of the name. Raul, I want to go over to you to share how we are using Whag in our links, to ensure that our followers and our listeners don’t get phished.

Raul: Yes, so I think that people have a hard time understanding when we’re explaining how this works, so what I’ve done is I’ve put a comment under this Space, it’s a link that’s made with Whag and it takes you to our Lens profile. So if everyone clicks that they will be redirected to the Safe Stop that Sebastian mentioned. And then they can verify that this link has been made by Web3 Academy and if they continue to the destination they will be redirected to Lensfrens where they can follow our profile. I think to properly visualize how this works and the benefits of this I think the people just need to use this. So expect more of our links to have this Safe Stop enabled so when you’re going to click to go to our newsletter, or to a podcast, or to Lens, or wherever we send you to, expect a popup that mentions that this link is verified and made by Web3 Academy and then you can safely go and interact with the content on the other side.

Jay: And for those listening on the podcast, we will have the link that Raul mentioned in the show notes so that you can experience this yourself. Ky, I want to go over to you, what are your views on how we get the entire space to have better security. Using link verification is obviously a step in the right direction, do you feel like we can get the space to adopt this at mass. Obviously, there are challenges in adopting new tools, Sebastian, I’ll get you involved in this conversation as well. Ky, what do you think are the next steps?

Kyle: Yeah, good question. I think there’s a lot we’ve got to do. The thing is this is not even necessarily a Web3 specific problem. I mean there’s been phishing in Web2 as well. So this is just a problem of the internet, we use links, this is how we get around on the internet, and we have no verification tool for them until Whag. So I think, absolutely this is something we need to adopt, both in Web3 but just traditionally as well, I think it would be amazing if every link we clicked on, I mean right now it’s kind of an intermediary link where you click it, a page shows up, says it’s verified and then it redirects you to the right thing which is amazing. If we can find ways to simplify that and make it even easier, maybe it’s like a browser that pops up a notification making sure that you know that it’s a verified link, and just making that kind of an easier UX will make it something that will become more popular, more widely used so I think absolutely we need to continue to push that. Which is why we decided to be one of the first ones with Whag to push this out. We hope that others in the space will continue to do this. Especially with Web3 links because obviously everything is a financial asset and we have self-custody. So if you click the wrong link, then you lose it, then you’re screwed. In Web2, at least, if it’s a bank or something they can, I don’t know, change the numbers in their database and get your money back, not possible in Web3, so I think we need to push that applications and companies in the space start to use verified links, I think it’s extremely, extremely important. So, one, kudos to Whag for building this, and doing it so quick, I know it was like last year where you guys came across that big issue and have built out something pretty amazing so we hope that we’ll be one of the first to lead this and we hope that others will continue to do it as well. I think other things like account abstraction is going to be a massive change to the space that’s going to get rid of a lot of these phishing links, because the signing aspect will be just very different, so we need kind of smart contract wallets and account abstraction to continue to build out, I think we’re still years from that and so I think that just means that right now it’s even more important that we continue to push these verified links because it’s really the only solution to this right now. I don’t think we’re going to get the mainstream to be like reading everything they’re clicking on and take these steps to reviewing the transcatipn is in your wallet and, like you said, going to Worldcoin.com instead of just clickling a link it’s going to be tough to get people to do that so we need verified links to be the thing that you know is telling people and notifying people if its a good or bad link. I don’t really see another solution, so I’m a big supporter of what Whag is doing and hopefully we can continue to push that.

Jay: So, Sebastian, over to you, I’m sure the thing that keeps you up at night, adoption. Growing Whag to more communities and more projects, not an easy task, to get people to use a new service a new link verification. How are you guys tackling that?

Sebastian: Yeah that’s a great question, if you have an answer let me know, I’d love to hear it. The cold start problem is hard for everyone, but we’re a little different from most other cybersecurity platforms, again we’re not just building a platform, we’re building trust, we are a trust-based system but we’re also a trust network. So something I didn’t touch on earlier that’s really awesome, Whag is not a static thing. It’s growing, it’s living, it’s constantly evolving. We’ve got a really cool feature that allows anybody who’s actually a community member to report a malicious link to the block list. So, anyone can report it, we’ll approve it, add it, it gets added to the block list so it’s another thing that’s checked when someone tries to actually create a URL. But more importantly we’re working on a Chrome Extension that, when released, if you have this thing installed it’s going to block you from accessing anything that’s on the bock list. When we talk about this, that’s kind of the unlock for general consumer adoption, and for communities if you want to do your part and help keep everyone else around you safe, all the people that you care about, the guys that you talk to every day, heck, your parents and your grandparents, you join Whag. You submit these links that you find that are bad, that are malicious, that are phishing, malware links, you install the Chrome Extension for them, and it protects them. We are also working on integrations right now to try and actually integrate directly into Discord and Slack, so if have a Whag account you’d be able to connect it to your Discord, go in, [slash] /Whag drop the URL and it would automatically create a Whagged link for you and then you could share it with the people in there immediately. These are all things to kind of increase the surface area, increase our ability to keep people safe, increase visibility and really try to make a concentrated push out there to protect everybody and to give people the power to protect each other.

Jay: I love it those are great. I think one of the biggest questions I have that I’d love to get everyone’s thoughts on, there’s always this balance of creating a secure ecosystem and a secure user experience with convenience. And quite frankly, users generally, the majority, they favor convenience, so they click fast, they don’t take the time to review and check, so how do we shift that user mentality to, you know, even in the case of Whag, when we use Whag, and you’ll see this everybody listening when you go through this experience as Raul said you click the link whether on the podcast in the show notes or Twitter you can click it in the comments and you’ll go to the intermediary page, you know, ther’s more clicks that people need to take. And that’s what enhanced security means. Enhances security means more time and more clicks which, generally, users do not favor. Now, Ky, you said you think that things like account abstraction will remove a lot of these things, which is great and I’m sure, Sebastian, you guys are working on that too, but I’m curious what you guys think in terms of, how would you approach years of behavior here talking to somebody new, what would you be telling them in terms of this balance of convenience and security.

Sebastian: Well my immediate response is that, we’ve been listening to every single thing that you guys, as users, have been telling us and we’re actually currently updating the safe stop to automatically redirect to the destination URL after three seconds so that the person who clicks on it doesn’t have to click again.

Jay: Favoring convenience, I like it

Sebastian: And also we’ve got that whole secure link dropdown section on our safe stop with additional information, if you do click that and you’re interested in the additional stuff clicking that and expanding will actually pause the countdown so that it doesn’t automatically redirect. So, yes, we’re adding convenience, but we’re also still allowing people who are interested in everything on that page to pause it and take as long as they want to to view all of the information before going to the final destination.

Jay: Amazing. Ky, Raul, what are your thoughts on this balance of convenience versus security?

Kyle: Yeah I mean it’s something people are going to have to learn. There’s a learning curve to this. We never had these issues previously to Web3, so we just run around clicking things and it doesn’t really matter, there was no consequences, and now there are. Now people have to take responsibility for their assets and the things that they’re doing, so I actually always say, every cycle everyone goes through this where they get phished or they put their assets on a centralized exchange and they lose them, everything blows up, a bunch of people get screwed over, and then they kinda learn. And then the next cycle they’re the ones yelling and screaming, “not your keys, not your coins”, and they’re the ones that are taking extreme caution. Part of me just thinks that we all have to just go through this, and then we’ll just kind of learn, but hopefully things like this will just prevent it and people don’t have to go through it but it’s a learning experience for sure because it’s a completely new way of using the internet.

Raul: I agree, I think it’s just a problem that we did not have before and now we do and people are not really realizing it yet. But I think when people see 2 billion lost in phishing attack its just a statistic for them, unless they’re like part of it, and as more people realize that like the problem will need to be solved.

Sebastian: Well it’s literally every 11 seconds a phishing attack occurs. There are 3.4 billion phishing emails sent out per day. Whether or not people think that this is an issue for them, it surfaces in their lives on a regular basis.

Jay: Actually, Sebastian, I was just going to ask you. What other numbers do you have in terms of the scale of this problem.

Sebastian: I’ve got all of the numbers in the world, I won’t bore you all with all of them though, I’ll just give you a select few. So if you want to talk about financial losses, big picture, right, so over the past 5 years the FBI has estimated that over $12 billion has been stolen due to phishing and between January 1st 2021 and March 31st 2022 $1.1 billion was reported to the FDC as lost to fraud originating on social media alone.

Jay: Yikes, and is phishing the primary… is there any other way that these attacks and scams happen or is it really mostly done through phishing.

Sebastian: A lot of it is phishing, there are other more sophisticated malware specific attacks but phishing is the most common because it’s the easiest to do. It doesn’t take much, again, you fake the link, you use bit.ly, you share it, people click on it and that’s kind of the end of it. The one that really gets people the most in our world though is if their Discord is infiltrated or if someone gets SIM swapped, and we’ve seen this with, like what, with 10 massive accounts recently. Just last week Uniswap’s founder got SIM swapped and then his Twitter got taken over and they started posting fake air drop links. Right, so if you trust that person, and they’ve done you no wrong previously, and these guys that have 2, 3, 4, 500,000 to a million followers on Twitter, you know at least 10% of those people are going to click on that link and then it’s kind of game over. And some other issues that have happened recently, I don’t know if you guys saw this news article, but this one was about NFT drainers like Inferno and Venom that are being used to gear up phishing attacks pretty often and they are compromising Discords. Those drainers actually circumvent transaction simulating Chrome Extensions, so they’re not helpful, and they were used to steal about $73 million from 32,000 wallets and they compromised over 900 Discord servers. And that’s purely Web3 focused.

Kyle: Yeah, Sebastian, you bring up a good point in that. A lot of people, you’ve seen over the last year people saying, “only click on links from the original account,” so the verified Uniswap account or whatever, and then the problem is that now that scammers have all gone and hacked those accounts and then said it. So for this really to work it needs to be at the link level, right, which is exactly what you guys have cerated. Because you can’t trust the account either, because I’ve actually seen this a bunch, I think it was… was it Zora? I think it was Zora, but they also got hacked a couple weeks ago and I actually clicked on it. I didn’t sign the transaction, because I was like “ah this doesn’t seem… this seems off” but it was their business account that’s verified on Twitter that had this phishing link. And like you said Hayden from Uniswap, it happened to him last week when he was at ECC, so it’s happening from the account level too, so you have to go to the root of the problem which is the link itself, so that’s why I like what you guys have built.

Sebastian: Thank you, and that’s what we thought too. These things all start off with one problem, a malicious link. If you can help people out at that basic, basic level, you reduce risk considerably. So, let’s say unfortunate situation, one of us gets SIM swapped and our Twitters get compromised, and we’ve got all of these followers and people are used to clicking on our stuff. If people know that our standard is to only share Whag links, and then suddenly there’s a link that’s shared that’s not a Whag link, at the very least that raises a red flag. Then people can go, “Okay, this is a little abnormal, they only share stuff with Whag links, why is this one not a Whag link? I don’t think I’m going to trust it”. And if we take this a step further once we have this Chrome Extension done and people have this thing installed, if this happens and that malicious link is identified, anyone can immediately, if they’re a Whag member, submit that malicious link to the block list and if they have the chrome extension installed everyone else, even if they click on that bad link they’re going to be safe.

Jay: So everyone here, become a Whag member, start submitting your bad links and join in making the community safer, because this is all of our responsibilities. We all need so solve this problem together, it’s not a problem that one company or one person can solve it needs to be a community led effort. And then also, we need to push, if you’re involved in any projects bring it up to your project founder, bring it up to those leading your project and be like, “Hey, I’ve heard about Whag, you guys should consider using them in order to verify our links, I think it’s a great way to make sure everyone in our community is safe”. Because this really needs to come from the bottom. It needs to come from all of us, who are users in the space, because if it comes from the top down… it needs to be top down and bottom up in order to achieve the adoption that we need to make this happen.

Kyle: Sebastian, can those that are in here get a link? Or how can they go and start reporting links now if they see any bad ones?

Sebastian: Yeah, absolutely, let me go ahead and drop our sign up link in here for you guys. And I’ll also just say, you guys are our early users if you’re using this platform and you love it because it’s awesome, and it is, but there are little things that you want to change, tell us! We want to make this the thing that everyone is using and that means taking in feedback, iterating accordingly, solving all of these problems and transforming this into something that is low friction, and solves the problem and everyone is happy and excited to use every day and incorporate into their regular workflow.

Jay: And I just want to add in here, so, Sebastian mentioned earlier the cold start problem, and right now, when you click the link that Sebastian is going to share in the comments and we’ll also put in the show notes, or the link that Raul shared earlier that takes you to our new Lens handle you are going to experience the Whag link verification process and that might seem weird to you because you’ve never experienced it before. So there’s going to be a page that comes up that says, “Hey this is verified by Whag,” and quite honestly, sometimes to a lot of people that can feel scammy because you’re, “Oh my gosh I’ve never experienced this before,” so we want you guys to know, those listening, this is part of the process and this is the intermediary step that we need in order to make link verification work, is we’re going to encourage all people in Web3, to take this step, when you click a link, there’s an intermediary step where it says, “Hey, this is verified by Whag we’re using Safe Stop, we are taking the time to make sure that you know that this link is safe”, so the first time you go through it, it can feel a little bit weird, don’t worry, totally normal, it’s a new experience. New experiences especially with links can be a little bis scary but that is part of the process, that is part of how Whag ensures that you are safe.

Awesome, I want to go to next steps in Web3 Academy 2.0, we are in week 2 of Web3 Academy 2.0 which is our new brand that we just launched last week. Over 100 people minted our free mint last week, shout out to all those who did, thanks so much for your support and this week is all about launching our new Lens handle and following us on Lens and doing so by experiencing what it’s like to go through Whag’s link verification. Raul, tell us, how can people take the step to be involved in Web3 Academy 2.0 this week.

Raul: Yeah, it’s simple, just use the link in the comments here, or if you’re listening on the podcast, in the show notes, to follow us on Lens, and that’s basically it and just stay tuned for phase three of Web3 Academy 2.0.

Jay: Easy peasy, follow us on Lens, be part of the next phase in the journey. Web3 Academy 2.0 is a multi-week new launch that we have as we are focused on really taking Web3 Academy from where we are now into the next phase which is bringing up more on-chain, with more security and more safety and creating more experiences for you, our listeners, and for our readers of our newsletter, and for ur community members on Discord, so that you can experience and be involved with our content in more of an on-chain manner with moving Web3 Academy from online to on-chain as we make this migration which we hope the whole world is making along with us, we want to be leaders in that. So, excited for all of you to participate in the second phase of Web3 Academy 2.0. Before we wrap today, Sebastian, I want to give it over to you, just one more chance to shill. How can people get involved in Whag, anything else that you want to tell people, or maybe just anything that you want to tell people in order to stay safe.

Sebastian: Start using Whag, we are free for the first thousand users for life. We’ve gotten new people to join every day, so that free tier is rapidly going away, that is partially thanks to you Kyle, having you guys. Sign up, join us, tell everybody you know about what we’re doing and get people to start using these links. Because the more people use Whag, the larget the network becomes, and the stronger it becomes. The stronger it becomes the safer everyone who’s in it becomes too. I mean it really is a snowballing effect. Yeah, follow us on Twitter, join us, let us know what you think, if you want anything updated, changed, if you love it, we want to hear it, if you don’t love it, tell us too, and we’re going to make you love it. That’s what this experience is all about.

Jay: I love your approach, Sebastian. Building it with the community, alongside the community, you’re a user in Web3, your objective is to just keep everybody safe and be part of making Web3 better, for not just us, but for our moms, and all of our friends and family who are not here yet but read all of these articles about all of these scams, and they’re scared of the space, we’re going to make it safe for every body.

Sebastian, I’ve got one question, before we wrap up here. You talked about how users, the general community, can participate in reporting scam links to your block list, which I think is amazing. Is there plans in the future to, perhaps, launch a token to incentivize users to be part of being reporters? I realize I’m way down your road map here, but obviously when we talk about building Web3 businesses tokens are a big part of that. Just curious if you guys have thought about that.

Sebastian: So, we’ve thought about it, and every single person in the space has asked us that same question. I’m going to say that there is no token coming, because I’m also a securities attorney who has been in the space for several years and I know how this game goes. We will come up with ways to incentivize people to participate, but to be completely frank, the idea of issuing a token, just right now… I’m based in the U.S., my whole team is based in the U.S. and the regulatory environment is just not particularly friendly. If things change and if the XRP decision becomes final, and we get some guidelines or Congress Acts and we get some guidelines that tells us how we can do things in a way that we’re not going to get in trouble, then maybe we can come back and talk about that, but for the time being that’s not going to be the primary focus.

Jay: So if you didn’t already trust Sebastian, now you should really trust him, because he’s a securities lawyer who is doing things by the letter of the law and is not leaning into how to do this the scammy or the fast way, which we all have seen many projects do before. Sebastian, once again, leading by example for the way that we should build companies in this space. Love to see it, love to see it. And Sebastian mentioned that the first 1,000 users on Whag get Whag free for life. The link for that is also in the show notes, Raul, I don’t know if you can throw that link in comments here in Twitter as well so people can get that. We’re going to wrap up the podcast now, but then we’re going to open up to Twitter Space, we’ve got 10 minutes left, we’re going to open up for any questions. Every body listening on the podcast thanks so much for listening in, and if any body here on the Twitter Space has any questions feel free to raise your hand we can bring you up on stage, or if you want to just type your questions in the comments then we’ll take your questions now. Do we have any questions? Doesn’t look like we’ve got any questions today, alright, well, in that case, thanks so much every body for joining in. I really really want to just hammer home this point, please, please use Whag. It is just such an important step to us ensuring that safety comes into the space and security, so use it personally, use it for your projects, if you know other projects please pass along the link to other projects, tell everybody about Whag and using link verification, it’s just so simple it takes seconds to set up, there’s no reason why we wouldn’t all do it and its going to make such a difference for everybody when we can just stop talking about scams and phishing and more-so talk about building and all of the cool stuff that’s happening. Alright, that’s a wrap, thanks so much for listening in everybody, have yourself a great day!