croissant@CroissantEth I have seen people fall victim to impersonators. I have seen people fall victim to phishing attacks. I myself have been a victim of many rug pulls. So… I thought it’d be nice if I listed out the many tips + things I’ve learned to help maximize security while in crypto.

croissant@CroissantEth The entire security of the blockchain is inherited from a list of just 2048 words. These 2048 words are randomly generated into strings of 12 words in the list, to create what we call a seed phrase. This is very important. They are the lifeline to your funds. Scary, right?

Image
Image

croissant@CroissantEth It shouldn’t be. Even if there were 4B people with 4B Googles running 4B hashes a second, with 4B copies of earth in the galaxy, & 4B copies of that galaxy in the universe, it would still take 37x the age of the universe for anyone to have a 1 in 4B chance to guess a valid seed.

croissant@CroissantEth It is astronomically secure. So why do we see so many hacks and scams in this ecosystem if the tech is so secure? User error, and often lack of prior knowledge or research. The blockchain is something you will either treat with respect, or be forced to.

Image

croissant@CroissantEth While crypto attracts some of the greatest minds in the world, it also attracts some of the worst. If you are new to crypto, you are likely a target. There are people who will steal your life savings, leave you with nothing, & then disappear if they get the opportunity.

Image

croissant@CroissantEth Worse yet, sometimes their tactics are quite deceiving, especially for newcomers. The bigger crypto becomes, the worse this gets (just look at the replies of this tweet because I said “Metamask”) There are impersonators, spam dms, scam airdrops, malicious sites, and much more.

croissant@CroissantEth The best way to avoid all of this is at the root of the cause. The seed phrase. I can’t stress enough how important it is that you never share your seed phrase unless you’re wanting to lose access to all your funds. A hardware wallet will make it so you never type this online.

Image

Next, it’s about storage. Where do you store this holy string of words? I use a titanium plate built for seed phrases. Titanium is pressure resistant, corrosion resistant, bulletproof, & withstands heat up to 3032 degrees Fahrenheit. With it, nothing is happening to your goods.

Image

croissant@CroissantEth But this just covers other external factors and adds an extra security layer, you still have to be cautious when navigating. The next biggest threat is likely a phishing scam. Phishing attacks may be an email, a malicious link, or file. For this, bookmarks are fantastic tools.

Image

croissant@CroissantEth On your favorite browser, head to sites you’ll commonly use in DeFi, and make sure the link is “https” not “http,” then select bookmark and/or favorite. From then on you can access these sites with one click, ensuring you don’t mistype the url. HTTPS = more secure.

Image
Image

croissant@CroissantEth I once read of a user who typed in his seed phrase to what appeared to be the yearn finance site (they would never ask for this), and lost all of his funds. How? The scammer created a copy site called yeam finance, with an “m,” not “rn.” His funds were gone forever.

croissant@CroissantEth Anyways… you should be seasoned with the basics of blockchain security. Are you now ready for complex farming and flipping NFTs? Probably not… Get familiar with etherscan. You can check all things happening on the chain here & even see what has approvals to spend your tokens.

Image

croissant@CroissantEth It’s also very important to practice not putting all of your eggs into one basket. If, even after taking all of the necessary precautions, something goes wrong this way you still have funds distributed across many wallets. I find it beneficial to have “cold” & “trading” wallets.

croissant@CroissantEth & I hate to break it to you, but no the founder of a top project or team of Metamask & OpenSea are absolutely not reaching out to you via dm. No project is asking for your seed phrase, either. These are scammers and impersonators who capitalize on your innocence.

Quote Tweet: vitalik.eth@VitalikButerin · Mar 4, 2018

"No, I'm not giving away ETH."

croissant@CroissantEth Another popular tactic that has begun to be used by scammers is the act of airdropping worthless tokens to many wallets. The tokens may appear to have value, but in reality have been coded so that they can’t be traded. The tx will fail linking to their sites with malicious code.

Image

croissant@CroissantEth Next we’ll have to talk a bit about anonymity. You won’t know how important this is until it’s too late if you don’t act now. Do you enjoy peace of mind? Then join the growing network of anons in this financial revolution.

Image

croissant@CroissantEth It is also helpful to regularly rotate wallets after they have been used awhile. There are tools such as Tornado Cash, which allow you to hide the trail of your funds. Using this dapp you can fund a fresh wallet to stay obscure, and untracked.

Quote Tweet: croissant@CroissantEth · Oct 9, 2021

“Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say.” - Edward Snowden

Image

croissant@CroissantEth If you’re still keeping your tokens on centralized exchanges, you’re not doing it right. Those are not your keys, and not your coins. Even the best of CEX’s tend to have downtimes, bad customer support, withdrawal limits, and KYC requirements.

croissant@CroissantEth Two-factor authentication is a major plus for security, if it is used right. Set up 2fa on all important devices, but do not use SMS for it. If possible, use a trusted friend’s or partner's email. This way a SIM swap attacker still won’t be able to hack in things with your phone.

croissant@CroissantEth Lastly, even after taking all of the precautions mentioned above, there is still one attack we have yet to account for. The $5 wrench attack. All of the preparation in the world can’t prevent the possibility of an attacker attempting to coerce you of your seed phrase.

croissant@CroissantEth However there are ways to prepare for this. Surround yourself with good people, start to invest in some of your own self-protection, and don’t start boasting about all your crypto earnings on social media. “Decoy wallets” can also be of great use here.

If you made it to the end of this thread, you should at least now have a basic understanding of how to not get hacked while working with DeFi.

There are many cases of entire fortunes being lost over dumb decisions, don’t become one of these stories.

I hope you all enjoyed!

Thread originally posted by croissant@CroissantETH

😃
We publish a daily dose of decentralization here every day (UTC+8), for additional daily updates follow us on Mastodon, Twitter, Telegram or Element (Matrix). Please like & share all our output. We rely on User-Generated Content so why not write for us and since we try to avoid ads and sponsorship, why not donate to help us continue our work - all major cryptos accepted. You can contact us at decentralize.today and at blog@decentralize.today

Share this post