How To Keep Cryptocurrency & NFTs Safe: Avoid Being Phished
Exploring Web3 is a one-of-a-kind feeling. The evolution of dApps has come a long way, and today, there are a multitude of ways to interact with the blockchain, with everything from DeFi, NFTs, social media, gaming, and more.
However, any veteran in Web3 will tell you that connecting your wallet and signing a transaction on a protocol you’ve never used before can be quite scary. With stories of users’ funds being drained all too common in Web3, the irreversible nature of the blockchain can easily be used against you if you aren’t careful. Below, we will cover important topics like best practices for safety, how to store crypto and NFT’s, how to avoid being phished, and the most popular attack vectors.
Some general tips and best practices for safely navigating Web3 are:
- The number one rule of the blockchain — Never expose your seed phrase! There are exactly 0 legitimate protocols and businesses that will ever ask for your seed phrase, full stop.
- Protect your identity — Never expose your personal or sensitive information. Unless you are using a Centralized Exchange (CEX) like Coinbase or Binance, you never need to expose information such as your name, phone number, or social security number. These can later be used against you in an identity theft attack using text messages or phishing emails.
- How to store cryptocurrency safely — Using a combination of hot and cold wallets. Hot wallets are where you do things like connecting to DApps, trading, or sending funds. Cold wallets are where you store a majority of your valuable assets. Limit connecting your cold wallet as much as possible to any protocol. Many people choose to use a hardware wallet for their cold wallet from reputable companies, such as Ledger or Trezor.
- Don’t rush — Web3 can be a market of quick action — claiming an airdrop, minting an NFT, or even joining a closed discord. This is how most mistakes are made. Take your time to do additional research and check the safety of anything you click.
How do I secure Crypto and NFT’s?
Your first line of defense when browsing Web3 is your crypto wallet. Not too long ago, it seemed like you were locked in to using only a few wallets like Metamask if you wanted to do anything in Web3. While Metamask remains a popular choice for many users, there are now a ton of wallets out there that have additional security features designed to help keep your Web3 browsing experience safe. So what is the most secure wallet for NFT’s and cryptocurrency?
A good example of a secure wallet is Rabby. Rabby comes with a bunch of security measures that can mitigate some of the risk when interacting with the blockchain.
Rabby will alert you if you’ve never connected to a particular protocol before or if you’re connecting to a protocol that not many people use. Rabby also alerts you of vulnerable smart contracts that you have previously given approval to, as well as the power to revoke any connections that are still active that you may have forgotten about.
Many wallets also provide a simulation of a transaction before you actually sign it, showing balance changes of your cryptocurrency so that you can fully understand what you are signing when doing things like adding liquidity or harvesting rewards from a pool.
It is not uncommon for some blockchains to be only compatible with certain wallets, and not all of them will be robust in security features. It is important to use a wallet you are comfortable with, with an easy UI/UX so that you don’t accidentally sign something you didn’t mean to.
As mentioned earlier in the article, using a cold wallet is still the best solution to the dilemma of how to store your cryptocurrency safely.
How to Avoid Being Phished
Perhaps the most popular attack vector that malicious Web3 actors use are phishing attacks. These mainly manifest as clones of popular websites such as PancakeSwap. While the frontend may look exactly the same as the real website, there are malicious smart contracts on the backend that if you connect to, can end up draining all of your balances with just a click of a button.
These clones mimic high-traffic websites and often look exactly the same as the real website. This makes double checking the URL of the website you are visiting before connecting your wallet very important.
Pancake Swap is a frequent target for phishing attacks. Sensibly, they have an anti-phishing warning at the top of their website.
Bookmarking websites you frequently use for trading or other Web3 activity can mitigate this risk so you know you are visiting the correct website and to avoid phishing attacks.
Many times, these fake websites will pay for ads on social media or even search engines, so that they appear at the top of your search results or in the middle of your feed. Take extra caution if you notice the following:
- The link comes in the form of a sponsored ad on Google, Twitter, or other social media sites
- The account the Tweet comes from has recently joined Twitter and/or has a large following but low engagement.
- Links from big personal accounts. If Vitalik Buterin drops a link to an NFT mint, the account may be compromised.
- Comments and replies are limited or disabled. The attackers do this so accounts cannot warn others about fraudulent links or projects.
- The language overly expresses urgency or limited availability, designed to prey on user’s FOMO.
It is important to remember that attacks can come from anywhere. Someone you trust can be compromised and send malicious links as well. Make sure you are talking to who you think you are talking to before you click any links.
Web3 is an incredible ecosystem filled with innovation. New projects, NFTs, airdrops, or protocols seem to drop everyday; but with that come new attacks. In an unregulated space worth over $1 trillion, bad actors will always exist and target those without the knowledge or patience to protect themselves. Altura Guard II is designed to help with this exact issue, abstracting away the complicated portion of smart contracts and Web3 while allowing users to verify their ownership in a familiar, secure manner.
The Altura team is constantly at work to protect its products and users from compromise, and stay committed to being leaders in the Web3 gaming industry from a security perspective.
Are you ready to explore the Altura suite of products? Please schedule a meeting today with Altura’s sales team. We can’t wait to hear about your specific objectives and how our expertise can help you achieve them.