In the midst of numerous digital hackers roaming the crypto world, it’s crucial to remain vigilant against potential threats. Ultimately, the success of phishing attacks relies on three main elements:
- False opportunities (usually in the form of a claimed airdrop site or NFT minting page) that appear convincingly real.
- Victims feeling confident enough to engage in risky transactions.
- Victims having valuable token approvals enforced in their compromised wallets, allowing attackers to exploit them through dangerous transactions.
With enticing offers and convincing websites, any of us can initially fall victim to scammers. Fortunately, there’s a set of practices and resources that we can combine to eliminate the possibility of engaging in malicious transactions or effectively minimize their impact if they occur.
Let’s explore 10 simple steps that can be used to ensure your assets stay secure and your journey through the crypto world runs smoothly.
1. Create a Safe
Strategy: Set up a multi-signature wallet for your long-term crypto holdings!
Recommended Tool: Safe Wallet
A multi-signature wallet, often referred to as a “safe,” is akin to a secure bank storage for crypto. This wallet provides higher security for your crypto by requiring multiple private keys, or signatures, to authorize each transaction. Therefore, a multi-signature wallet acts as a digital fortress, ensuring that even if one of your keys is compromised, your long-term holdings remain protected.
Currently, one of the simplest ways to create a multi-signature wallet is by setting up a Safe Account. You can add any address you desire as a signature, but we suggest starting with a 2-of-3 multi-signature, which is relatively straightforward. Also, consider using a hardware wallet like a Ledger device as one of your signatures for an additional layer of security!
2. Create a Public Wallet
Strategy: Establish a public wallet for your day-to-day crypto activities!
Recommended Tool: Delegate
Never use your safe for regular crypto activities such as claiming airdrops or minting NFTs. For these purposes, create a separate wallet that you only fill with ETH and the like as needed. The wallet you actively use should not be loaded with all your savings on the blockchain. You can also consider services like Delegate to authorize your safe wallet to a public wallet without moving or jeopardizing any assets, for example, if you want to participate in the minting allowed by one of the NFTs in your safe.
This way, even if you accidentally sign a bad transaction with your public wallet, none of your long-term savings will be affected.
3. Use Tools to Preview Transactions
Strategy: Download transaction preview tools to receive alerts about potentially harmful transaction attempts!
Recommended Tools: Fire, Pocket Universe
"Wait a minute??? I'm not trying to transfer 60,000 USDC and all my NFTs to this random address?!?!"
Pretty sure that’s not a sentence we ever want to say in our lives.
This is precisely the kind of information that will help you visualize with a preview before you approve any transaction. These tools are free browser extensions that you can download, providing you with pop-ups explaining all submitted transactions. These extensions are an excellent shield against phishing incidents, so make sure to use one of these for all your transactions!
4. Audit Your Token Permissions
Strategy: Revoke unlimited token spending permissions!
Recommended Tool: Revoke.cash
Many Ethereum-based applications, especially in DeFi, will ask you to approve “unlimited” token spending so you don’t have to constantly approve your fund spending in that app. The problem arises if your wallet gets hacked and you have several ongoing unlimited token spending permissions; the attacker can take everything in there. Therefore, you want to regularly monitor still-valid permissions and revoke or minimize unlimited permissions whenever possible.
5. Research Before Diving In
Strategy: Study the projects you’re interested in before trying them!
Recommended Sites: DeFiLlama (for current resources), CryptoWiki (for historical information)
Never plunge into the crypto world without sufficient knowledge; always do your research! For example, we’ve recently explored Ajna, a new governance-free DeFi lending protocol. I immediately turned to its documentation, FAQs, whitepaper, etc., so I could start understanding its concepts and assess its nuances and risk profile. Conduct thorough analysis: take the time to grasp the fundamentals before getting involved in a project. Don’t recklessly put yourself in a risky position by acting impulsively. And if you can’t find good documentation and educational resources for a project, that can be a significant red flag.
6. Monitor Your Position
Strategy: Use portfolio trackers to keep an eye on your crypto positions!
Recommended Tools: DeBank, MetaMask Portfolio, Zapper, Zerion
In the crypto world, it’s crucial to carefully monitor your assets, and portfolio trackers are your best buddies for this. They give you an overview of your holdings across various wallets and platforms, making it easy for you to keep an eye on your crypto in real-time. Remember, staying informed about your positions isn’t just about checking profits; it’s also a vital part of risk management. By regularly monitoring your assets, you can spot unusual activities that might indicate a security threat, allowing you to take quick action to protect the remaining assets.
7. Stay Informed with Ecosystem News
Strategy: Keep up with crypto news, especially related to recent attacks!
Recommended Resources: Republik Rupiah, DeFiLlama Roundup
Sometimes attacks on projects like DeFi protocols can indirectly or directly impact your crypto positions. To stay ahead and be ready for potential impacts, staying informed is key. However, you don’t have to do all the work yourself. We at Republik Rupiah always strive to keep you informed, but there are many additional great resources to stay connected, such as the DeFiLlama news roundup chat on Telegram.
8. Protect Your Web2 Accounts
Strategy: Rely on good Operational Security practices to secure your Web2 activities! Recommended Resource: Officer’s Blog
Don’t give attackers a chance, even outside the web3 scope. Bad actors can hack your email or social media accounts to try to lure others who trust you into clicking on scam websites. Don’t let them get that far! According to security researcher officercia.eth, strong operational security basics include:
- Using a secure email provider, such as Protonmail
- Using strong and unique passwords, and never using the same password in multiple places
- Never linking your phone number to crypto platforms
- Using 2FA to protect your accounts, but not using SMS-based 2FA
- Asking your phone carrier to secure your mobile SIM card
- Using up-to-date antivirus software
9. Create an Emergency Exit
Strategy: Develop an evacuation plan for your assets in case of worst-case scenarios! Recommended Resources: Webacy, Spotter
Even if you’ve used all the tools and practices mentioned above, consider staying prepared for the worst-case scenario. For this purpose, Webacy is one of the web3 security providers that allows you to create a custom backup wallet + Panic Button system; if you ever get attacked or just feel surprised, you can use the “Panic” function of this platform to redirect all remaining assets to a pre-established backup wallet. For more advanced users, there are other monitoring and protection services like Spotter aiming to help you detect and avoid on-chain attacks in milliseconds.
10. Sound the Alarm!
Strategy: Immediately sound the alarm if you come across a phishing platform!
Recommended Resources: CryptoScamDB
If you see something, report it! If you come across a crypto phishing scam attempt, sound the alarm so others know. This could be a quick PSA message in your favorite group chat, a social media post, or a report made to a scam database like CryptoScamDB. The 30 seconds it takes for you to do this could help save someone else’s entire crypto assets!