Best Practices for Web3 Security

Since the release of Mavia land, people have been wondering where the best place is to store it and how to ensure that it is safe there. With such a huge demand for this Mavia land, hackers and scammers are all over are desperately wanting a piece of the pie. Here’s a few tips on how to say no to those people who are trying to take your precious land out your hands.

The first step is to pick the right wallet that’s right for your circumstance, whether this being hot wallets( which acts as an online vault that’s used for transferring, selling and buying crypto or NFTS) such as meta mask, trust wallet, Coinbase. Or you can use cold wallets( which are wallets not connected to the internet) like usb’s, paper wallets or an offline computer to store your crypto you have bought.

Hot wallets do save time and expense, however there are risks incurred with their use. Due to it being connected to the internet it can be comprised by unauthorised parties, such as scammers and hackers. Who can then use look alike official website to reel you in and make you enter your wallet address . Another form of attack can come from bogus NFT’s, which are seen in the “Free NFT giveaway” on services such as reddit. Once a bogus NFT makes its way into your wallet, the hacker can then learn enough about your wallet to clear it out. Furthermore if you’re not knowledgeable and aware of these issues then you will be very susceptible to attacks, this happened to me. I was trying to stake some crypto and join a discord. I then got a dm for an individual saying if I was interested in staking, and of course I was so I replied yes I am. He then proceeded to send me a link to a website where I would enter my secret phrase so I could transfer the funds. Disaster.

Cold wallets on the other hand offer much more security, at a marginal expense. One such cold wallet is the ledger. It contains both a 24 word seed phrase (which would take 1000 years for the most advanced ASIC to brute force), and the ability to physically disconnect it from the internet. Having the wallet disconnected removes the ability for anyone to make a transaction on that wallet. This buys you two layers of security, A even if they infiltrate your system (by trojan for example with a key logger that saw the seed phrase), would have to time their attack to the exact moment you have the Ledger plugged in. Then B, 24 words as a seed phrase is for all intents and purposes hack proof. Keeping a cold-wallet via Ledger, Trezo, or offline computer may cost a bit more up front, however it is 100% worth it if you begin investing sizeable sums of money.

We can learn a lot from this experience. You will never get a private message from an official person, so ideally turn off dm’s from the server that way you’ll never even be tempted to respond. Secondly never click on unauthorised websites, only ones that are in the discord server, and even then if your still unsure ask a member of the team to double check. Thirdly, you should very rarely need to enter your private phrase anywhere, so I hope this helps you become more aware what to look out for.

Here’s another few tips and tricks to making sure your crypto is going to be safe and sound. If you wallet allows you, make sure to activate two factor authentication, this will provide another layer of security to your wallet/exchange. If you hold a lot of crypto or nfts, my best advice to you is to store them in a cold wallet as this will give you more piece of mind that your crypto is safe from scammers and hackers. For each different discord server, ideally use a different wallet address, so that your single wallet address is floating around several different servers, that is automatically increasing your risk of being scammed, and secondly don’t put all your token in one wallet. Make sure you check the wallet approvals regularly, and disconnect your wallet from every site you are not actively using daily. Make sure you can recall all the transactions on the account, whether this being writing them down in a piece of paper or on your phone.

Finally never ever share your seed phrase, I made the mistake of trusting a scholar who had worked for a friend for over a year. He seemed like a great, fun guy, hung out with me and my fledgeling Fancy Birds guild. Three months into the game, I decided that I needed this individual to have more control and made the mistake of giving them my seed phrase. I was making allot of money by allowing this individual to use my seed phrase, however it was nothing compared to the 8000$ that I lost while I was at work and noticed my Mavia Land was gone. Not only was my mavia gone, but thousands in raw crypto, and all my NFT game tokens. Please dont learn the hard way, the Mavia community just lost another land to hackers today 4/23/2022, and it’s heartbreaking to watch happen everytime. For me, I almost lost the desire to pursue Play to Earn, protect your stoke, protect the community by passing this on.