Marked Safe?

(artworks by Tinyrainboot and Soju)

Welcome to a new edition of Touch Grass. Last week, we took a rain check—which, by now, you know is synonymous with “we’re heads down cooking.” We’re excited to bring you news from our tech team, Lens builders, the wider crypto community, and of course, the creators we love to follow.

On the Lens front, we successfully migrated your profiles and content from Lens v2 on Polygon to Lens v3 on Lens Chain. When mainnet launches, you’ll simply need to log in to Orb or Hey, and you’ll already be on the new chain. This week, we also announced Grove, the storage solution we developed to ensure you own your content, with the ability to edit and delete it.

As exciting as the Lens updates are, something else has been even more pressing: security and hacks. Safe, one of the pillars of the ecosystem—long known for weathering security crises unscathed—was at the center of the Bybit hack, which had just begun when the last edition of this newsletter came out. This has been a major wake-up call for everyone. It’s clear that attackers are getting more sophisticated and closely watching our every move. Security needs to be top of mind for all of us.

In recent months, I’ve seen very savvy people targeted, and I’ve noticed the shame and trauma that often come with these attacks. Our devices hold friendships, memories, and assets—essentially, our digital lives. Right now, the internet is filled with threats to that existence. Our inboxes are flooded with scammers. Fake Coinbase and Ledger calls and texts have been a daily nuisance for me and many others over the past two weeks. We need to protect ourselves as best we can.

Thankfully, there’s a community of security experts working tirelessly to help us safeguard our digital footprints. You’ve probably seen them on X—ZachXBT, Taylor, and Pablito, to name a few. Security Alliance has a Telegram channel for emergencies and has been instrumental in handling countless incidents.

For those wondering how to stay safer, here are some essential security tips:

Get a hardware wallet! But buy it directly from the vendor. (I like Trezor, though many people prefer Ledger.) If possible, avoid sharing personal information when purchasing one—use a P.O. box, a fake phone number, and an anonymous email. I say this from experience: I was part of a Shopify hack that leaked my data, and dealing with endless spam calls wasn’t fun. (Luckily, I had used a coworking space address, so my home address stayed private.)
Never click on random links. If you want to interact with a crypto project, go to their verified socials and get the link from there—never from Google.
Be wary of interview requests on social media. Many are scams. If you receive one, do not click any links or join any calls. Instead, offer written responses via email and verify the sender’s domain. Check out this tweet from Pablito that exposes these scams (it’s in Spanish, but auto-translate works).
Do not trust DMs offering you a job. Ask them to verify their identity via work email. Cross-check with the company they claim to represent. If they send a suspicious call link, don’t join—send them your own instead. Yes, attackers are using fake job offers to target people.
Download and run Task Explorer from Objective-See. They offer excellent open-source security tools.
Don’t trust emails from exchanges. Don’t trust random Telegram messages, and don’t respond to calls or texts claiming to be from exchanges or social media platforms warning that someone is trying to access your account. Another thread from Pablito on this matter and the latest telegram scam (this time in English)
Most importantly: You are not alone. If something feels off, check with friends, share your concerns, and tag security experts. If you think your accounts are at risk, reach out to your community. Write to us—we’ll help too! Everyone is in this together.