A Beginner’s Guide to Securing Your Crypto Investments
Getting involved in the realm of cryptocurrencies, blockchain and NFTs can be quite the overwhelming experience. Far away from classic investment and technology activities, many are joining the web3 adventure for its exciting innovations, while others are looking for huge financial gains.
These are all legitimate reasons, yet it is necessary to remember that there are many risks involved : hackers and scammers are legion, and new web3 investors have to be extra careful not to fall into their traps. Moreover, the decentralized nature of web3 requires every user to take responsibility for their actions and decisions. There is no bank or financial institution to call for help or compensation in case of being the victim of a scam.
In this regard, we decided to put together a checklist of the best practices for any new web3 investor looking to safely enter the world of crypto and NFTs.
1. Prepare accordingly
Many users compare web3 to the Far West era for a good reason: opportunities and dangers are everywhere. And no one but yourself can protect you from scammers.
Massive amounts of money are circulating in this space. There are many ways to buy crypto at fair prices and get a considerable return on investment. Sadly, there is just as much potential for falling into scams designed to make this money disappear into the pockets of someone else, if basic security rules are not respected.
Hence why it is very important to raise awareness on that topic. Security is necessary for this ecosystem of exciting innovations, because malicious people are eager to take advantage of new users trying to make profitable investments.
2. Know what to look for
You are now aware that many scams are taking place in the web3 space. But what do they look like? Here is a nonexhaustive list of what you may encounter:
- Emails scams: Half of the planet uses emails, and scammers know their outreach potential. They are using impersonation and deception techniques to convince their victim that they can provide them an effective service or product. Your best bet to avoid them is always double-check for any suspicious behavior. And never act on any call-to-action before making sure the address and content are legitimate.
- Fake websites: Websites are easily reproducible. Some scammers have mastered this craft, and can sometimes create the exact copy of a website in seconds. Are you considering buying cryptos & NFTs from a trusted source? Please double-check, triple-check, quadruple-check that you are on the official website.
- Social media scams: Social media appearance, content and follower count can be falsified as well in order to scam unsuspecting users. Don’t trust DMs if they don’t come from an official and trustworthy source.
- Giveaway scams: You won some cryptocurrencies, yay! But from which source? Did you participate in any official contest in the first place? How are they contacting you? Does this match the way they said they will? If yes, is this the same account that organized the giveaway that contacts you? By the way, is the organizer legit? So many questions that are worth answering. Free stuff is great, but it attracts many influenceable people that scammers love to test for profit.
- Technical support implementation scams: Another way scammers will capitalize on is when you are vulnerable. You need urgent help because your NFT doesn’t appear in your wallet. And they are here to answer your questions. But at what cost? Always make sure you are reaching out to an official customer service office, or you could be falling for a well-thought trap.
- Investment scams: Rug pulls are a common way many crypto and NFT users have been scammed since the technologies came out. These are organized by crypto and NFT sellers that market a very promising offer, and disappear once enough customers bought into their projects. Some projects’ owners went missing with millions in cryptos after rug-pulling their communities. The key here is to bet on transparency and accountability : know who you are investing in, and make sure they will deliver to trust them with your money.
- Another common scamming method in web3 is discord scams. On discord, scammers can DM you very easily if you don’t deactivate private messages when joining a new server. They can also hack discord servers and publish links from trusted accounts in official channels, which can have devastating effects on servers with large communities.
3. Be extra careful about “unmissable” opportunities
Ever heard of FOMO?
Fear Of Missing Out is a popular concept in the web3 world. In this ecosystem, you’ll encounter many opportunities to invest at “retail” prices. Whether through crypto ICOs or NFT collections launch, windows of initial investments will often be short. This gives place to hype sessions destined to provoke an emotional spike and get as many people to fear missing out on the next big profit they could be making.
If not necessarily malicious, these FOMO triggers mislead many novices but also veteran investors to buy in a rush into over-hyped web3 projects, without doing the appropriate research beforehand.
Moreover, many new web3 investors discover the market through their friends, family or colleagues. These people will most likely want good things for you, but be careful when they come to you with the latest, hot, unmissable crypto or NFT investment opportunities.
The truth is that even though they are probably genuinely believing what they tell you, there is a high chance that they have no idea what they are betting on, and the volatility of the market is placing massive odds against them.
Therefore it is wise to always take any friendly advice or hype sessions with a grain of salt, make it a diligent habit to always do your own research, and invest only in crypto projects and NFTs that you really believe are worth the investment you’re putting in. This will save you lots of money, as well as the quality of your close relationships.
4. Invest in a cold wallet
You can never be too safe with who and what you trust online, but sometimes being careful is not enough. Doing everything correctly will not protect you from every danger, as hacks are another way scammers will try to steal your assets. Having your cryptos and NFTs stored in a hot wallet (for example through the Metamask application) is a great way to transfer it and use it as you please. But when you want to HODL it or not do anything with it for a while, you should be storing them in the security of a cold wallet, away from the reach of online hackers. A classic and great example of a cold wallet to have is a Ledger wallet.
5. Store your crypto in multiple wallets
Now you have a cold wallet to safely store your unused crypto assets. There is another strategy to put in place for maximum security: create multiple hot wallets. This will allow you to store your digital assets in different places, and if one day you fall into the trap of a malicious scammer, you will only lose a part of your possessions.
This strategy saved many crypto veterans that accumulated a wealth of cryptos, and still fell into the trap of a creative scammer that, thankfully, only took a part of their assets because they made sure to use a wallet with just the needed transaction amount inside.
Using wallets specific to a situation is an essential habit to have, especially when your conditions to trust the project’s seller are not fully respected.
6. Use extremely strong passwords
This is an easy one, but still, so many new web3 investors make that mistake. Let us give you specific bullet points to respect for the creation of your passwords :
- NEVER use the same password twice
- Make sure it is over at least 10 characters
- Always have more than 4 types of characters (small letters, capital letters, numbers, signs…)
- It is preferable that your passwords are abstract and don’t represent any element of your life (forget about putting your birth date or pet name)
- Preferably store it on paper, not on your computer, unless you use a password manager app such as LastPass
- If you can remember it, your password is probably not strong enough
- NEVER share it with ANYONE for ANY REASON
Bad password examples: Jack123 ; 15101991 ; ilovechocolate
Good password example: paT%HR092$vu8K41njC
If your account gets hacked, there is a very high chance that at least one of these points were disrespected. Hence why we believe that this is worth taking into consideration for optimal security measures.
7. Rely on 2FA Authentication Methods
Two Factor Authentication methods, or 2FA, is a tool used to verify your identity. It is done through an app or a key plugged into your computer, and provides an extra security measure that can’t be outlooked. This is often used in cryptos and NFTs when doing a financial transaction, and more commonly when connecting to your various accounts.
Apps like Authy or Google Authenticator will do the trick perfectly. On the other hand, we don’t recommend SMS as a 2FA method, as sim cards tend to be more vulnerable to hacks.
8. Always connect on a secure Wi-Fi network
Have you ever wondered if you should really access your personal banking account when being connected to the Starbucks or McDonald’s Wi-Fi network? So did we! And for a reason: it is very dangerous to proceed to private actions under a public network, that scammers would be more able to hack than any private network.
Stay home, stay safe, for any transactions or personal account management related to cryptos and NFTs.
Using a VPN will provide extra security to your internet connection, as this will change your IP address and device location at each use.
9. Never share your private key
A no-brainer that, sadly, many have been the victim of the private key rule. This rule is simple. NEVER, EVER, SHARE IT WITH ANYONE.
When creating your crypto wallets, you receive a private key. This key grants access to every section related to the account it is linked with. Therefore, scammers will sometimes impersonate a technician or customer service to extract it from you, or hack your computer to find it in the notes section of your computer.
Therefore, always follow rule number 1: get away from any conversation asking you to share your private key. And keep it on paper, we’re never too safe in the web3 Far West.
10. Research, check, verify
Sometimes every signal will be green to invest in a crypto or NFT project. The team is revealed and transparent, the roadmap promising, and the project has started its launch. But even in that case, things can grow wrong.
We talked about rug pulls in the second point, as a common investment scam. These are brutal: once all the money has been transferred from every investor to the owner, this one disappears and everyone knows they have just been scammed, on the spot.
Another way scammers can act is through “soft rugs” or “slow rugs”: hiding behind very well thought and marketed projects, and making it seem like it’s going somewhere, even after the initial sale has been done. These are very hard to spot, very similar to an originally ambitious project that gave its best to deliver and failed, but this time with an original intention to not go through with the roadmap.
Your best bet here is to get better at understanding what are the components of a successful crypto and NFT project, what boxes to cross, and of course repeat that over time to become a better investor. Easier said than done, but that’s the name of the game: Research, check, verify, invest, succeed or fail, learn, repeat. That’s how you’ll avoid most scams and get the best investment returns over time.
11. Get help from trusted experts
The world of blockchain technology is relatively new. Yet information on what are the best practices to keep safe are spreading fast, and agencies such as Nefture have decided to focus their efforts on providing professional cybersecurity services for NFT projects launching their collections through smart contracts.
In every sector of web3 cybersecurity is becoming the center of discussion, after scams and rug pulls have been so effective in draining millions of dollars in cryptos from the hands of users.
To get more information, don’t hesitate to follow our twitter account, and join a community that shares daily about cybersecurity and how to navigate safely in the world of web3 !
About us
Nefture is a Web3 real-time security and risk prevention platform that detects on-chain vulnerabilities and protects digital assets, protocols and asset managers from significant losses or threats.
Nefture core services includes Real-Time Transaction Security and a Threat Monitoring Platform that provides accurate exploits detections and fully customized alerts covering hundreds of risk types with a clear expertise in DeFi.
Today, Nefture proudly collaborates with leading projects and asset managers, providing them with unparalleled security solutions.
