SHIBARMY PSA - Blockchain Security — How to stay safe
This article might be a little bit longer but it is worth it especially if you are new to crypto. I have been able to counter and fight these scams with easy rules. This article contains the most common knowledge every single investor should know by heart. Share it with your friends and colleagues and help them never get scammed and have a great time with cryptocurrencies
liSecuring your physical devices, seed phrase, and keysli
liSmart Contract Vulnerabilitiesli
liMost common and used Scamli
liMindset to navigate the Blockchainli
h1Securing your physical devices, seed phrase, and keysh1
Public and private keys are an integral part of cryptocurrencies. They allow you to send and receive cryptocurrency without requiring a third party to verify the transactions. These keys are a part of the public-key cryptography (PKC) framework.
You can use these keys to send your cryptocurrency to anyone, anywhere, at any time. The public and private keys fit together as a key pair. Your private keys must be kept secret. If anyone has access to the private keys, they will also have access to any cryptocurrency associated with those keys.
It proves you own the wallet and allows you to confirm transactions and move your funds.
strongemNever ever share it!emstrong
A seed phrase is a series of words generated by your cryptocurrency wallet that give you access to the crypto associated with that wallet. Think of a wallet as being similar to a password manager for crypto, and the seed phrase as being like the master password. As long as you have your seed phrase, you’ll have access to all of the crypto associated with the wallet that generated the phrase — even if you delete or lose the wallet.
If someone gains access to your seed phrases, you lose your cryptos
strongemLet me repeat, never ever share your seed phrase with anyone!emstrong
To become more secure while navigating the blockchain buy a Hardware Wallet, these are physical devices that hold your private keys.
No transactions can happen unless you physically confirm the transaction with your hardware wallet even if your wallet gets compromised
Hackers are not able to do much because they can’t confirm the transactions. This does mean our coins are NOT stored on the hardware device, they are stored on the public ledger or wallet.
Your wallet and Hardware device are the keys to getting you access to your funds, if your Ledger gets lost, you still have access to your coins as long as you have the seed phrases stored safely, this means doubled security.
h2strongWhere to hide your seed phrases?strongh2
Don’t store them in a safe — too obvious and don’t let your seed phrases exist in the digital world, any login could get compromised.
• Don’t store them on dropboxbr
• Don’t store them on a USB stickbr
• Don’t store them on your password manager.
Get creative on where you hide them. Even consider learning them by heart, these are the 16 most valuable words you will ever own
You should break your seed phrases into parts. Distributing them to different peopleplaces, make it impossible to get access for anyone but you. Think of Lord Voldemort breaking his soul into different pieces and putting them in the Horcruxes to live forever.
h2strongStore Seed Phrases on metalstrongh2
Writing down your seed phrase on paper is a legit but not optimal solution because paper can burn, get destroyed by water and other natural causes.
Keep your seed phrases on steel is one of the most secure and durable methods to keep it safe from the most dangerous of destruction
h2strongWhich Hardware Wallet Should You Buy?strongh2
The best and most common hardware wallet is built by Ledger, don’t take the risk of using lesser-known or unproven ones.
Don’t buy from Amazon or resellers and third-party markets, they can compromise the device before selling it to you, always get the device directly from the manufacturer over at a href="https:twitter.comLedger" target="_blank"https:twitter.comLedgera
h1Most common and used Scamh1
h2strongFake Customer Supportstrongh2
Scammers are looking for people who need help on Discord, Telegram, Twitter, Reddit, etc, and will create fake accounts using familiar names and schemes pretending to help. This can range from pretending to be supported, over an admin or doing fake giveaways
They direct people to scam websites, asking for your seed phrase or making you connect to a fraudulent service. They can also ask for donations or other forms of payment, a common one is impersonating another member of your crypto team and asking for a quick transfer of funds to pay something important.
h2strongFake Airdrop Channelsstrongh2
On Telegram, you can be added to a malicious group pretending to do an Airdrop of free coins or NFTs for a project. These are 100% a scam, even if a project would be doing it this way they would act irresponsibly, to say the least. Only use known sites and resources to attend Airdrops. And always check back with the team of a coin if you are not sure, don’t do and ask later
h2strongDon’t blindly connect your wallet to websitesstrongh2
You don’t know what these protocols can do once they have access to your wallet. Always confirm you are on the right website, scammers can create real-looking websites and navigate you there with a malicious link for example.
h1strongSmart Contract Vulnerabilitiesstrongh1
Have you ever received unknown tokens out of nowhere into your wallet? Can’t find any information or listing like CoinMarketCap or CoinGecko?
It probably is a dust attack and you need to be careful this is a trick to make you interact with it, there could be malicious code in the smart contracts which drains your funds
strongemDon’t move it!emstrong
strongemDon’t approve it!emstrong
strongemDon’t think of it as a real value, it is dangerous!emstrong
h1strongThe mindset to navigate the Blockchainstrongh1
h2strongDo the addresses match?strongh2
Whenever you’re sending a transaction, make sure it’s to the right address, don’t be lazy, and verify just the last 4 digits of the address, even if the probability is low, losing your funds to such a mistake is awful. Read and verify the whole thing and send a test transaction first, the founder of ETH always does it!
A protocol gets exploited. You might become vulnerable, at that point, you should end the contract's ability to interact with your wallet.
You can use apps like a href="https:app.unrekt.net" target="_blank"https:app.unrekt.neta which supports ETH, BSC, HECO, and Polygon on the web and mobile.
Or a href="https:allowance.beefy.finance" target="_blank"https:allowance.beefy.financea which only supports BSC but can revoke multiple contracts at once.
Step 1. Connecting your wallet
Step 2. Check Permission
Step 3. Revoke Permissions
h2strongKeep your funds off Central Exchangesstrongh2
CEX’s get hacked and can also freeze your account and KYC you to death, you are not the owner of the coins, you only gain access to them by a third party.
You can buy coins from CEX’s to make it easy to onboard Fiat money, but send them to your wallet as soon as possible to become the rightful owner.
A wise man once said — “emNot your keys not your coinems”
h2strongWatch out for “fake” sitesstrongh2
Once you find the right site, BOOKMARK it in your browser.
Use the official website to find the links to the official discords, telegrams, etc.
Common fake sites include:
Fake wallet sitesemstrong
💥- 8% #Shib Rewardsbr
💥- 1% for Liquiditybr
💥- 1% for Marketing.
📌 Token Information:br
🔸Contract address: 0x940230b6b7ef1979a28f32196a8e3439c645ba49br
💥Set slippage to 11%-15%...
Mar 21st 2022 19:35