Personal Safety and Security

Users are responsible for their own safety in the crypto world, which at times may feel complicated and intimidating. However, there are some common-sense best practices to protect yourself and your funds from bad actors.

Let's go over the most common attacks and how to avoid them.

Exploits​

Phishing​

Phishing (sometimes referred to as Spoofing) is a form of fraud in which a scammer will impersonate a legitimate company in order to steal information from a victim. This is by far the most common form of crypto wallet theft. Phishing may come in many forms, including fake emails, fake websites, or fake "representatives" from a project reaching out to users directly. Here are some ways to avoid becoming victim to this scam:

  1. Never provide your seed phrase to anyone. Nobody should ever ask you for this. Do not give it to anyone (or any website) under any conditions.

  2. Never respond to any emails or direct message that you must "verify", "validate", or "KYC" your wallet, even if that person claims they are trying to help you resolve a problem.

  3. Do not respond to any airdrop offer unless you are 100% sure that it is from a legitimate source. In any event, a legitimate airdrop will never require users to input their seed phrases or "validate" their wallet.

  4. Never respond to any emails or direct messages from users claiming to be support staff. The vast majority of support staff will have you contact them in order to avoid imitators.

  5. Always double check the URL of a website to make sure it is the legitimate site. A common phishing tactic is to redirect people to a malicious website disguised as the legitimate site (e.g. shiba-swap.com instead of shibaswap.com). This also applies when clicking on any links from search engine results. Sometimes the first links listed will be malicious imposter sites.

Always seek out official support from the company website directly. Social media and email servers are full of bots who try to trick users into giving up their information or clicking malicious links which can infect a victim's computer with malware.

Always remain vigilant! It's better to be safe than sorry.

Giveaway/Airdrop Scams​

Similar to the phishing scheme above, scammers will promote giveaways to attract users. In addition to phishing attempts, they will sometimes ask a user to send an amount of tokens to an address in order to receive the airdropped tokens in return.

Never send tokens to any user, website, or address claiming to send you tokens. These are always scams and you are sure to permanently lose any funds sent.

Clipboard Hacking​

A less-common but still dangerous exploit, clipboard hacking is when malware infects the copy/paste functionality of a computer or mobile device, replacing pasted text with the hacker's own wallet. Always verify that a pasted address matches the intended wallet before sending funds.

Always double check the destination address before submitting a transaction, not just to avoid the above exploit, but to prevent user error as well. It's always worth the small bit of time it takes to make sure you are sending your funds to the right place!

When sending large amounts, it is also recommended to send a test amount first. Do not send the remainder of the funds until the test amount is successfully received.

How to Stay Safe​

Hardware Wallets​

A great way to stay safe in crypto is by using a hardware wallet, commonly called cold storage. These are physical devices that store the private keys offline to better protect them from malware and exploits. While they are not foolproof, they securely store your seed phrase separately from the computer or mobile device. This way if the computer or mobile device is compromised, the hacker does not have access to the private keys to the wallet.

In practice, a hardware wallet functions similar to 2FA (two-factor authorization) for a wallet. For example, the software wallet such as Metamask will ask the user to verify on the hardware wallet that the transaction is intended and that the information is correct.

The most popular hardware wallet manufacturers include Ledger and Trezor.

Always buy the wallet directly from the official website itself. There have been reports of counterfeit wallets sold on websites such as Amazon.

Seed Phrase Security​

Your 12/24 word recovery phrase acts as your passcode to the blockchain, meaning anyone who has access to this recovery phrase can freely move your funds.

Never provide your seed phrase to anyone! Ever! Never enter your seed phrase into a website!

To protect your seed phrase, follow these steps:

  1. Never store your seed phrase digitally (text document, picture, PDF, etc.) If your device becomes infected with malware, it is possible for your digital backup to be stolen.

  2. Never store your seed phrase in a cloud backup. Some wallets have cloud backup features but you should avoid using them. Cloud applications can be vulnerable to hacks, and the intruder will quickly be able to search for any seed phrases stored.

  3. Always store your seed phrase somewhere safe and durable. In the event of a house fire, flood, or other disaster, it is best to keep your recovery phrase in a secure lockbox and/or on a specially designed crypo steel backup device.

  4. Consider storing multiple copies of your seed phrase. In case of the loss or destruction of one copy, having additional copies stored in other secure locations can be the difference between total loss and full recovery.

If the seed phrase is ever lost or destroyed, don't panic. As long as you still have access to the wallet, simply transfer your tokens to a new wallet with a fresh seed phrase that can be secured.

Staying Updated​

Wallet manufacturers regularly patch bugs and potential vulnerabilities in an effort to maximize security. We recommend using auto-update to make ensure you are using the latest version and security patches. Additionally, always remember to follow official news sources for the wallets and assets you own for any announcements of security patches or exploits.

Last updated