How to keep your crypto assets safe
Advice from a rekt Fren
You have probably heard of different scenarios where digital asset holders have lost their assets irrecoverably. Forbes reported that since 2021, crypto scammers had stolen $1 billion from 46,000 people. Recently, Crypto-based crime hit a new high; according to the 2022 crypto crime report, illegal crypto wallets stole $14 billion - an increase of 80% from 2020, a cost that cannot be ignored by crypto and social media companies. The FTC said crypto-related crimes account for one in four dollars lost to fraud, more than any other payment method, with individual losses averaging over $2,500
For you not to fall victim, here are some tips for you to play safe in the web3 ecosystem.
Beware of phishing attempts:
If you are hearing phishing for the first time, let me take you through a quick explanation of what phishing is.
Phishing is an attempt by a hacker to access your sensitive information, which he might use to harm you. Phishing comes in different forms, but the most common types are email, software/app installation, and website cloning.
Email phishing is done by receiving an email containing an external link from an unknown sender; when you click on the link, you will be directed to a page where you will be requested to submit sensitive information that might be harmful to you.
The other type is software installation; before we dive in deeper, let me share my personal experience with you.
Some time ago, I noticed my phone was sending messages automatically from the traditional message application. Every time I topped up my airtime, it started shipping the news until the airtime got exhausted. I got frustrated and decided to check what was wrong. I checked the application list settings and found an application with no title but with application information. Instantly, it caught my attention, and I uninstalled it. That was how I got rid of the problem. And this is typically how the second type of phishing works, but how does the application get into the phone? I analyzed. I realized it either through uncensored links I clicked while surfing the internet, or it got installed via another application, or downloading files and software from unsecured sources. Website cloning is done by building a similar authority website with a little tweak in the website address to defraud unsuspecting visitors of their hard-earned money.
How to get rid of phishing problems;
- Be cautious about opening unsolicited emails from an unknown sender.
- Always visited secured and trusted websites.
- Always double-check when you are being redirected to another site.
- When you are skeptical about anything, stay away from it.
Secure your wallets' private keys and seed phrase:
Your seed phrase is your key to retrieving your presence in the web3. At the same time, your private key is there for you to authenticate any transaction you are initiating. Both are meant for you and you only, and they should be kept jealously from any other person. You might lose your assets if anything malicious happens to your seed phrase. If you mistakenly expose your private key, the wallet having the key might get compromised, and you might lose what the wallet contains.
Tips to safeguard your seed phrase:
- Keep a physical copy —write it on a piece of paper (medium security)
- Split the seed expression into two different parts, and keep each component separately (strong level security)
- Write down your seed phrase except for the last word, which you have to memorize (the best security level)
Caveat regarding your seed phrase and private keys:
- For no reason should you enter your seed phrase on any websites
- Don’t screenshot your seed phrase and save it on your laptop or backup in the cloud.
- Don’t save your seed phrase as a text file on your computer.
Set your wallets in layers:
Do you know you can have sub-wallets in your original wallet? To ensure maximum security, you can create multiple accounts within your wallets. Each account has a specific purpose it will be used for. For example; You can create a wallet account that will be used for minting NFTs, another for selling and buying NFTs, and another one that will never interact with any contracts, which will serve as a vault to save your precious assets; you can call the first one VERY HOT WALLET, the second wallet as MAIN WALLET and the third one as VAULT.
This saves you from losing all your funds because when you interact with a malicious contract, it’s the only wallet that interacts with the arrangements that get affected while others are safe.
Don't go beyond ordinary on NFT marketplaces:
When you are in NFT marketplaces, like Open sea, rarible, etc., don't go beyond the basic, i.e., you shouldn't go beyond your regular buying and selling of NFTs; this makes your wallet secure.
Activate 2 factor authentication
If you use trading websites/applications like binance, coinbase etc, do activate the two factor authentication or better still use Google Auth if the option is available. Never make SMS as a second factor authentication if you possess high value assets. Likewise, activate the login everytime option on the application. This will be helpful when you lose access to your device.
Do not repeat passwords
Do not reuse a password, and do not save your passwords on your phone, or choose to review if it is hard to keep track of all your passwords, get a password manager. You can never go wrong with that.
This is not an exhaustive security tip to save you from potential fraud, but this will save you a lot from being a victim of all these kinds of scams.
This is just a part; I will be sharing tips on how to stay safe on the common web3 social platforms, including Twitter, Discord, and Telegram. Stay glued to this page.