We’ll be honest, staying safe in crypto is a challenge. There are scams, bugs, exploits, hacks, not to mention web3 corks, and on top of that you have responsibility to keep your keys safe.
In this guide we talk about:
Mover security session
We did a security session where we explored specific scams and various attacks, and ways to mitigate the risks. Watch it on:
General safety rules
Keep your seed phrase/private keys securely stored. Do not store them on Google Drive, Apple iCloud, don’t store them on your computer in a document. You can’t reset or recover your keys.
- Use multiple wallets: Don’t keep all your crypto assets in one place. The best way to handle it is by using one or several cold storages for long-term holdings, and at least one “hot” wallet for trading and transactions. This will help you spread the risk.
- Double check before sending crypto: Some malicious programs can edit and paste a wrong transaction address whenever you send a transaction. Typically, the new address belongs to an attacker. It’s better to be safe than sorry.
- Activate two-factor authentication (2FA) whenever possible: You should always enable two-factor authentication (2FA), it adds a second layer of security to your account. Ideally, use an app like Google Authenticator instead of SMS codes, as SIM card swapping is a common attack vector.
- Always use a VPN when using public WIFI: If you have to use public WIFI to access your crypto, always use a VPN to keep your traffic encrypted. Ideally, only access your crypto assets when using a private or secured network.
- Keep your holdings private: Try not to be too vocal about your holdings in public. The less people know about your digital assets, the better it is for your security. You never know who is watching or reading your public content and they may target you because they know there is something to be stolen.
- Have a backup of your private keys/seed phrase: Losing access to all your holdings can be soul-crushing. So it's important to back them up and keep them in different locations, in case of a fire or similar damage.
Types of attack
Unfortunately, there are numerous websites that have been set up to resemble original, valid startup companies, which are used to scam and lure you in. If there isn't a small lock icon indicating security near the URL bar and no "https" in the site address think twice.
Even if the site looks identical to the one you think you're visiting, you may find yourself directed to another platform where you’ll be asked to connect your wallet. For example, you click on a link that looks like a legitimate site, but attackers have created a fake URL with a zero in it instead of a letter ‘o’. That platform, of course, isn't taking you to the cryptocurrency investment that you've already researched. To avoid this, carefully type the exact URL into your browser. Double check it, too.
Fake Mobile Apps
Another common way scammers trick cryptocurrency investors is through fake mobile wallets. Most commonly, available for download through Google Play Store. Although stakeholders can often quickly find these fake apps and get them removed, that doesn't mean the apps aren't impacting many bottom lines.
While this is a greater risk for Android users, every investor should be aware of the possibility. Are there obvious misspellings in the copy or even the name of the app? Does the branding look inauthentic with strange coloring or an incorrect logo? It is also a good routine to check the developer’s info at the bottom of the description page.
Scam social media accounts
If you're following celebrities and executives on social media, you can't be sure that you're not following impostor accounts. The same applies to cryptocurrencies, where malicious, impersonating bots are rampant. Don't trust offers that come from Twitter or Facebook, especially if there seems to be an impossible result. Fake accounts are everywhere.
If someone on these platforms asks for even a small amount of your cryptocurrency, it's likely you can never get it back. Just because others are replying to the offer, don't assume they aren't bots, either. You have to be extra careful.
Even if it looks exactly like an email you received from a legitimate cryptocurrency company, take care before investing your digital currency. Is the email the exact same, and are the logo and branding identical? Can you verify that the email address is legitimately connected to the company? The ability to check on this is one reason why it's important to choose a company that has real people working for it. If you have doubts about an email, ask someone who works there. And never click on a link in a message to get to a site.
Scammers often announce fake ICOs, or initial coin offerings, as a way to steal substantial funds. Don't fall for these fake email and website offers. Take your time to look over all the details.