shibarmy-psa--blockchain-security-—-how-to-stay-safe

Mar 21st 2022 19:35

SHIBARMY PSA - Blockchain Security — How to stay safe

This article might be a little bit longer but it is worth it especially if you are new to crypto. I have been able to counter and fight these scams with easy rules. This article contains the most common knowledge every single investor should know by heart. Share it with your friends and colleagues and help them never get scammed and have a great time with cryptocurrencies

Topics

Securing your physical devices, seed phrase, and keys
Smart Contract Vulnerabilities
Most common and used Scam
Mindset to navigate the Blockchain

Securing your physical devices, seed phrase, and keys

Public and private keys are an integral part of cryptocurrencies. They allow you to send and receive cryptocurrency without requiring a third party to verify the transactions. These keys are a part of the public-key cryptography (PKC) framework.

You can use these keys to send your cryptocurrency to anyone, anywhere, at any time. The public and private keys fit together as a key pair. Your private keys must be kept secret. If anyone has access to the private keys, they will also have access to any cryptocurrency associated with those keys.

It proves you own the wallet and allows you to confirm transactions and move your funds.

Never ever share it!

Seed phrases

A seed phrase is a series of words generated by your cryptocurrency wallet that give you access to the crypto associated with that wallet. Think of a wallet as being similar to a password manager for crypto, and the seed phrase as being like the master password. As long as you have your seed phrase, you’ll have access to all of the crypto associated with the wallet that generated the phrase — even if you delete or lose the wallet.

If someone gains access to your seed phrases, you lose your cryptos

Let me repeat, never ever share your seed phrase with anyone!

Hardware Wallets

To become more secure while navigating the blockchain buy a Hardware Wallet, these are physical devices that hold your private keys.

No transactions can happen unless you physically confirm the transaction with your hardware wallet even if your wallet gets compromised

Hackers are not able to do much because they can’t confirm the transactions. This does mean our coins are NOT stored on the hardware device, they are stored on the public ledger or wallet.

Your wallet and Hardware device are the keys to getting you access to your funds, if your Ledger gets lost, you still have access to your coins as long as you have the seed phrases stored safely, this means doubled security.

Where to hide your seed phrases?

Don’t store them in a safe — too obvious and don’t let your seed phrases exist in the digital world, any login could get compromised.

• Don’t store them on dropbox
• Don’t store them on a USB stick
• Don’t store them on your password manager.

Get creative on where you hide them. Even consider learning them by heart, these are the 16 most valuable words you will ever own

You should break your seed phrases into parts. Distributing them to different people/places, make it impossible to get access for anyone but you. Think of Lord Voldemort breaking his soul into different pieces and putting them in the Horcruxes to live forever.

Store Seed Phrases on metal

Writing down your seed phrase on paper is a legit but not optimal solution because paper can burn, get destroyed by water and other natural causes.

Keep your seed phrases on steel is one of the most secure and durable methods to keep it safe from the most dangerous of destruction

Which Hardware Wallet Should You Buy?

The best and most common hardware wallet is built by Ledger, don’t take the risk of using lesser-known or unproven ones.

Don’t buy from Amazon or resellers and third-party markets, they can compromise the device before selling it to you, always get the device directly from the manufacturer over at https://twitter.com/Ledger

Most common and used Scam

Fake Customer Support

Scammers are looking for people who need help on Discord, Telegram, Twitter, Reddit, etc, and will create fake accounts using familiar names and schemes pretending to help. This can range from pretending to be supported, over an admin or doing fake giveaways

They direct people to scam websites, asking for your seed phrase or making you connect to a fraudulent service. They can also ask for donations or other forms of payment, a common one is impersonating another member of your crypto team and asking for a quick transfer of funds to pay something important.

Fake Airdrop Channels

On Telegram, you can be added to a malicious group pretending to do an Airdrop of free coins or NFTs for a project. These are 100% a scam, even if a project would be doing it this way they would act irresponsibly, to say the least. Only use known sites and resources to attend Airdrops. And always check back with the team of a coin if you are not sure, don’t do and ask later

Don’t blindly connect your wallet to websites

You don’t know what these protocols can do once they have access to your wallet. Always confirm you are on the right website, scammers can create real-looking websites and navigate you there with a malicious link for example.

Smart Contract Vulnerabilities

Dust Attacks

Have you ever received unknown tokens out of nowhere into your wallet? Can’t find any information or listing like CoinMarketCap or CoinGecko?

It probably is a dust attack and you need to be careful this is a trick to make you interact with it, there could be malicious code in the smart contracts which drains your funds

Don’t move it!

Don’t approve it!

Don’t think of it as a real value, it is dangerous!

The mindset to navigate the Blockchain

Do the addresses match?

Whenever you’re sending a transaction, make sure it’s to the right address, don’t be lazy, and verify just the last 4 digits of the address, even if the probability is low, losing your funds to such a mistake is awful. Read and verify the whole thing and send a test transaction first, the founder of ETH always does it!

Revoke Contracts

A protocol gets exploited. You might become vulnerable, at that point, you should end the contract's ability to interact with your wallet.

You can use apps like https://app.unrekt.net/ which supports ETH, BSC, HECO, and Polygon on the web and mobile.

Or https://allowance.beefy.finance/ which only supports BSC but can revoke multiple contracts at once.

Step 1. Connecting your wallet

Step 2. Check Permission

Step 3. Revoke Permissions

Keep your funds off Central Exchanges

CEX’s get hacked and can also freeze your account and KYC you to death, you are not the owner of the coins, you only gain access to them by a third party.

You can buy coins from CEX’s to make it easy to onboard Fiat money, but send them to your wallet as soon as possible to become the rightful owner.

A wise man once said — “Not your keys not your coins”