Forwarded Title:It cannot be emphasized enough (1): 10 Steps to Keep Your Crypto Assets Safe
Today, we will introduce how to strengthen the ability to defend against phishing scams and other fraudulent activities. Let’s delve into 10 simple steps that you can use to ensure the security of your assets and ensure a smooth journey in the world of cryptocurrencies.
Successful phishing attacks depend on three elements:
A seemingly legitimate fake opportunity (often a so-called airdrop claiming website or NFT minting page).
Victims mistakenly believe the fake opportunity and sign off on malicious transactions.
Tokens of value in the victim’s infected wallet have been approved for transactions (Approve), allowing attackers to exploit these tokens for malicious transactions.
Before the glossy promotions and websites, any one of us could fall victim to phishing schemes.
Fortunately, we can combine a series of practices and resources to eliminate opportunities for malicious transaction signatures or effectively minimize their impact.
Below are 10 important steps to enhance the defense of crypto assets in 2023.
Strategy: Create a multi-signature wallet for long-term holding of cryptocurrencies!
Recommended Tool: Safe{Wallet}
Multi-signature wallets are often referred to as “vaults,” similar to a cryptocurrency version of a bank safe deposit box. It requires multiple private keys (i.e., wallets) to authorize any transaction, thus providing higher security for your cryptocurrency. Multi-signature is like a digital fortress, protecting your long-term assets even if one of your private keys is compromised.
One of the easiest ways to create a multi-signature now is by setting up a Safe account. You can add any addresses you desire as signers, but starting with a 2-of-3 multi-signature strategy will be straightforward. Additionally, consider using hardware wallets like Ledger as some of your signers, which can enhance the security level!
Strategy: Create a risk wallet specifically for everyday activities!
Recommended Tool: Delegate
Do not use your vault for routine cryptocurrency activities such as claiming airdrops or minting NFTs. For such tasks, set up a separate dedicated wallet where you only deposit cryptocurrency as needed.
Wallets used frequently should not be loaded with all your on-chain assets. You can consider services like Delegate, which allow you to delegate permissions from your vault wallet to your risk wallet without moving or jeopardizing any assets. For example, if you have NFTs in your vault that grant you whitelist minting privileges, you can use Delegate to perform minting. This way, even if you accidentally sign a malicious transaction with your risk wallet, your long-term savings remain unaffected.
Strategy: Download transaction preview tools to alert yourself to potential malicious transaction attempts!
Recommended Tools: Fire, Pocket Universe, Stelo
Wait a minute??? Am I trying to transfer 60,000 USDC and all my NFTs to this random address?!?! Transaction preview tools help you visualize information before you approve any content.
These tools are free browser extensions that pop up windows explaining all proposed transactions. These extensions are magical barriers against phishing attacks, so be sure to run one of them for all transactions!
Strategy: Revoke your unlimited token allowances!
Recommended Tool: Revoke.cash
Many Ethereum-based applications, such as DeFi, require you to approve “unlimited” token allowances so you don’t have to constantly re-approve and spend funds. The problem arises if your wallet is compromised and you have a bunch of unlimited token approvals, as attackers can drain all the assets.
Therefore, you want to regularly monitor your outstanding allowances and revoke or minimize unlimited approvals whenever possible. The revoke.cash platform makes it easy to modify your token allowances, so there’s no need to worry.
Strategy: Research a project before getting involved!
Recommended Websites: DeFiLlama (for current resources), CryptoWiki (for historical information)
Never navigate the cryptocurrency space blindly; always do your homework!
For example, recently, I’ve been exploring the Ajna protocol, which is a relatively new governance-free DeFi lending protocol. I directly looked into its documentation, FAQs, whitepaper, etc., so I can start to delve into it, assessing its details and risk factors.
Deep research is essential: Spend time understanding the fundamentals before diving deep into anything. Avoid reckless imitation, as it can put you in a risky situation. If you can’t find good documentation and similar educational resources for a project, that itself is a significant red flag.
Strategy: Use portfolio trackers to monitor your cryptocurrency positions!
Recommended Tools: DeBank, MetaMask Portfolio, Zapper, Zerion
In the cryptocurrency space, closely monitoring your assets is crucial, and portfolio trackers are your best friends in this regard. They provide you with an overview of the assets you hold across various wallets and platforms, allowing you to easily monitor your cryptocurrencies in real-time.
Remember, staying informed about your positions is not just about tracking profits; it’s also an essential part of risk management. By regularly monitoring your assets, you can identify any abnormal activities that may indicate security vulnerabilities and have the opportunity to take action to protect your remaining assets.
Strategy: Stay updated on cryptocurrency news, such as recent hacking attacks!
Recommended Resources: Bankless, DeFiLlama Roundup
Sometimes, attacks on DeFi protocols or other projects may indirectly or directly affect your cryptocurrency positions. To stay ahead of potential impacts, it’s crucial to stay informed promptly.
However, you don’t need to do all the work yourself. For instance, Bankless provided analysis of Curve’s reentrancy attack on Twitter threads within hours of the attack starting. Bankless always strives to keep you informed promptly. There are also many other great resources available to help you, such as DeFiLlama’s news aggregation chat on Telegram.
Strategy: Rely on good OpSec (Operational Security) practices to protect your web2 activities!
Recommended Resource: Officer’s Blog
Even outside of web3, leave no room for attackers. Malicious actors may infiltrate your email or social accounts, attempting to lure people you trust into clicking on phishing websites. Don’t let them get to that point! According to security researcher ficialcia.eth, strong operational security basics include:
Using a secure email provider, such as ProtonMail.
Using different strong passwords and avoiding reuse across multiple locations.
Avoid linking your phone number with cryptocurrency platforms.
Using 2FA to back up your accounts, but avoiding SMS-based 2FA.
Requesting your phone carrier to lock your SIM card.
Using the latest antivirus software.
Strategy: Develop an exit plan for your assets in case of the worst-case scenario!
Recommended Tools: Webacy, Spotter
Even with all the tools and practices mentioned above, it’s still essential to prepare for the worst-case scenario. Webacy is a web3 security provider that allows you to create a custom backup wallet + panic button system. If you experience an attack or feel a security threat, you can use the platform’s “Panic” feature to transfer all or any remaining assets to a pre-specified backup wallet.
For more advanced users, there are other monitoring and protection services available, such as Spotter, designed to help you detect and evade on-chain attacks within milliseconds.
Strategy: Sound the alarm immediately upon encountering phishing scams!
Recommended Resource: CryptoScamDB
If you see something, say something!
If you do come across a cryptocurrency phishing scam, sound the alarm to keep others away. You can send messages in group chats, make posts on social media, or submit reports to databases like CryptoScamDB. Just taking 30 seconds to do this can help others protect their crypto assets!
This article is reprinted from [panews], the original title “It cannot be emphasized enough (1): 10 steps to ensure the security of crypto assets”, Copyright belongs to the original author[William M. Peaster], if you have any objection to the reprint, please contact Gate Learn Team , the team will handle it as soon as possible according to relevant procedures.
Disclaimer: The views and opinions expressed in this article represent only the author’s personal views and do not constitute any investment advice.
Other language versions of the article are translated by the Gate Learn team, not mentioned in Gate.io), the translated article may not be reproduced, distributed or plagiarized.
Forwarded Title:It cannot be emphasized enough (1): 10 Steps to Keep Your Crypto Assets Safe
Today, we will introduce how to strengthen the ability to defend against phishing scams and other fraudulent activities. Let’s delve into 10 simple steps that you can use to ensure the security of your assets and ensure a smooth journey in the world of cryptocurrencies.
Successful phishing attacks depend on three elements:
A seemingly legitimate fake opportunity (often a so-called airdrop claiming website or NFT minting page).
Victims mistakenly believe the fake opportunity and sign off on malicious transactions.
Tokens of value in the victim’s infected wallet have been approved for transactions (Approve), allowing attackers to exploit these tokens for malicious transactions.
Before the glossy promotions and websites, any one of us could fall victim to phishing schemes.
Fortunately, we can combine a series of practices and resources to eliminate opportunities for malicious transaction signatures or effectively minimize their impact.
Below are 10 important steps to enhance the defense of crypto assets in 2023.
Strategy: Create a multi-signature wallet for long-term holding of cryptocurrencies!
Recommended Tool: Safe{Wallet}
Multi-signature wallets are often referred to as “vaults,” similar to a cryptocurrency version of a bank safe deposit box. It requires multiple private keys (i.e., wallets) to authorize any transaction, thus providing higher security for your cryptocurrency. Multi-signature is like a digital fortress, protecting your long-term assets even if one of your private keys is compromised.
One of the easiest ways to create a multi-signature now is by setting up a Safe account. You can add any addresses you desire as signers, but starting with a 2-of-3 multi-signature strategy will be straightforward. Additionally, consider using hardware wallets like Ledger as some of your signers, which can enhance the security level!
Strategy: Create a risk wallet specifically for everyday activities!
Recommended Tool: Delegate
Do not use your vault for routine cryptocurrency activities such as claiming airdrops or minting NFTs. For such tasks, set up a separate dedicated wallet where you only deposit cryptocurrency as needed.
Wallets used frequently should not be loaded with all your on-chain assets. You can consider services like Delegate, which allow you to delegate permissions from your vault wallet to your risk wallet without moving or jeopardizing any assets. For example, if you have NFTs in your vault that grant you whitelist minting privileges, you can use Delegate to perform minting. This way, even if you accidentally sign a malicious transaction with your risk wallet, your long-term savings remain unaffected.
Strategy: Download transaction preview tools to alert yourself to potential malicious transaction attempts!
Recommended Tools: Fire, Pocket Universe, Stelo
Wait a minute??? Am I trying to transfer 60,000 USDC and all my NFTs to this random address?!?! Transaction preview tools help you visualize information before you approve any content.
These tools are free browser extensions that pop up windows explaining all proposed transactions. These extensions are magical barriers against phishing attacks, so be sure to run one of them for all transactions!
Strategy: Revoke your unlimited token allowances!
Recommended Tool: Revoke.cash
Many Ethereum-based applications, such as DeFi, require you to approve “unlimited” token allowances so you don’t have to constantly re-approve and spend funds. The problem arises if your wallet is compromised and you have a bunch of unlimited token approvals, as attackers can drain all the assets.
Therefore, you want to regularly monitor your outstanding allowances and revoke or minimize unlimited approvals whenever possible. The revoke.cash platform makes it easy to modify your token allowances, so there’s no need to worry.
Strategy: Research a project before getting involved!
Recommended Websites: DeFiLlama (for current resources), CryptoWiki (for historical information)
Never navigate the cryptocurrency space blindly; always do your homework!
For example, recently, I’ve been exploring the Ajna protocol, which is a relatively new governance-free DeFi lending protocol. I directly looked into its documentation, FAQs, whitepaper, etc., so I can start to delve into it, assessing its details and risk factors.
Deep research is essential: Spend time understanding the fundamentals before diving deep into anything. Avoid reckless imitation, as it can put you in a risky situation. If you can’t find good documentation and similar educational resources for a project, that itself is a significant red flag.
Strategy: Use portfolio trackers to monitor your cryptocurrency positions!
Recommended Tools: DeBank, MetaMask Portfolio, Zapper, Zerion
In the cryptocurrency space, closely monitoring your assets is crucial, and portfolio trackers are your best friends in this regard. They provide you with an overview of the assets you hold across various wallets and platforms, allowing you to easily monitor your cryptocurrencies in real-time.
Remember, staying informed about your positions is not just about tracking profits; it’s also an essential part of risk management. By regularly monitoring your assets, you can identify any abnormal activities that may indicate security vulnerabilities and have the opportunity to take action to protect your remaining assets.
Strategy: Stay updated on cryptocurrency news, such as recent hacking attacks!
Recommended Resources: Bankless, DeFiLlama Roundup
Sometimes, attacks on DeFi protocols or other projects may indirectly or directly affect your cryptocurrency positions. To stay ahead of potential impacts, it’s crucial to stay informed promptly.
However, you don’t need to do all the work yourself. For instance, Bankless provided analysis of Curve’s reentrancy attack on Twitter threads within hours of the attack starting. Bankless always strives to keep you informed promptly. There are also many other great resources available to help you, such as DeFiLlama’s news aggregation chat on Telegram.
Strategy: Rely on good OpSec (Operational Security) practices to protect your web2 activities!
Recommended Resource: Officer’s Blog
Even outside of web3, leave no room for attackers. Malicious actors may infiltrate your email or social accounts, attempting to lure people you trust into clicking on phishing websites. Don’t let them get to that point! According to security researcher ficialcia.eth, strong operational security basics include:
Using a secure email provider, such as ProtonMail.
Using different strong passwords and avoiding reuse across multiple locations.
Avoid linking your phone number with cryptocurrency platforms.
Using 2FA to back up your accounts, but avoiding SMS-based 2FA.
Requesting your phone carrier to lock your SIM card.
Using the latest antivirus software.
Strategy: Develop an exit plan for your assets in case of the worst-case scenario!
Recommended Tools: Webacy, Spotter
Even with all the tools and practices mentioned above, it’s still essential to prepare for the worst-case scenario. Webacy is a web3 security provider that allows you to create a custom backup wallet + panic button system. If you experience an attack or feel a security threat, you can use the platform’s “Panic” feature to transfer all or any remaining assets to a pre-specified backup wallet.
For more advanced users, there are other monitoring and protection services available, such as Spotter, designed to help you detect and evade on-chain attacks within milliseconds.
Strategy: Sound the alarm immediately upon encountering phishing scams!
Recommended Resource: CryptoScamDB
If you see something, say something!
If you do come across a cryptocurrency phishing scam, sound the alarm to keep others away. You can send messages in group chats, make posts on social media, or submit reports to databases like CryptoScamDB. Just taking 30 seconds to do this can help others protect their crypto assets!
This article is reprinted from [panews], the original title “It cannot be emphasized enough (1): 10 steps to ensure the security of crypto assets”, Copyright belongs to the original author[William M. Peaster], if you have any objection to the reprint, please contact Gate Learn Team , the team will handle it as soon as possible according to relevant procedures.
Disclaimer: The views and opinions expressed in this article represent only the author’s personal views and do not constitute any investment advice.
Other language versions of the article are translated by the Gate Learn team, not mentioned in Gate.io), the translated article may not be reproduced, distributed or plagiarized.