Welcome to issue 13 of Impact with Web3. Staying safe online is a crucial skill for everyone to learn, even more so as you enter the world of web3 as much of web3 is focused on the financialization of culture and unlocking liquidity.
The crypto space is rapidly developing, with new ground being broken daily. This is why there are often references to crypto being like the Wild West of America. The new frontiers are being explored, and huge opportunities are available for the intrepid explorer but just like in the Wild West, there are great threats!
Someone convinces you to give them your private key or seed phrase (Don't ever do this! No one but you needs to have this)
You enter your private key on a website or app... Don't if someone asks for this they are scamming you!!
Someone airdrops you an NFT or coins into your wallet and waits for you to use it, opening the door to gaining access to your wallet.
you agree to a smart contract on a site to make a small proof transaction as you think is legit (It isn't, it's a lookalike site), but you have just given the owner full access to your wallet!
Someone gains access to a wallet through hacking your computer in a traditional phishing scam.
This week's article on security will be focused on some of the rules you can use to stay safe in web3, many of these rules are equally important at all times when you are online.
Web3 Rules to Stay Safe
First and foremost you have to understand that the new world of crypto gives you great control with the removal of intermediaries such as banks, and great opportunities to be part of the pioneers forging a new path as rules of ownership get re-written. But with this great power comes great responsibility!
Crypto needs a high level of security – you are your bank. Think about that. It’s a huge responsibility, and there is nobody to fall back on if your funds get hacked.
So you have to treat your time in the new world with respect and take responsibility for your safety. Below are 7 rules to follow online with web3.
The Rules
Rule 0. Never, ever, ever give anyone your private key or your seed phrase.
Rule 1. DYOR - Do Your Own Research. Just like Walter Donavon in Indian Jones, The Last Crusade says "Dont trust anyone...". Even if the link comes from a trusted social media account or email, double check any links/minting links on other channels... Discord, website other members of the community as the person's account could have been hacked. This happened to a high-profile account in web3 belonging to Zeneca.
Rule 2. Don't fall victim to FOMO. See Rule 1! Never skip rule 1 in a rush to get what appears to be a deal of a lifetime, always better to DYOR than lose the full content of your wallet!
Rule 3. Have a minimum of 3 wallets.
A high-risk play wallet
A medium-risk specific activity wallet
A vault
High-Risk Play Wallet - This wallet is what you use to do free mints, connect to unknown sites, and do small transactions. This would be a hot wallet or a browser wallet. It is always connected to the internet. You would keep the minimum amount of crypto and NFTS in this. You could potentially get rid of this wallet after doing certain amounts of mints if there could be a possibility of it being compromised.
Medium risk-specific activity wallet - This is again is a hot wallet, in other wallets a browser or app-based wallet (Metamask, Coinbase Wallet etc.) that you only use for specific activities where there are a lot of transactions, such as a gaming wallet, certain communities, or web3 social media. You only use this wallet for this one set of activity
A vault - this is a cold wallet such as Ledger. This is usually something that looks like a USB stick, it is not connected to the internet. It usually needs a physical action and a pin code to approve transactions.
Rule 4. Store seed phrases offline. Do not store your seed phrase on your computer. Write it down on paper and store it somewhere safe, do not trust password managers as these can be compromised by phishing or other techniques.
Rule 5. Use 2FA on Everything. This is not just for web3 this is just good cyber security, you should use 2FA with all online accounts.
Rule 6. The enemy is smarter than you. Scammers are incredibly intelligent and creative in the ways they get access to your accounts, never thinking you are smarter then they are. Use strong passwords on all accounts connected to the internet, not just web3. One weak compromised account could be the chink in your overall defences online.
Rule 6. DYOR!!! Never click on links, attachments, sites anything where you will be connecting your wallet. Don't connect anything to your computer if you have not done your research!
I hope these 7 rules will help you stay safe in your time exploring and forging new paths in web3, I will continue to share advances and updates on what is happening in web3 cyber security on my social so please keep an eye on #CryptoSecurityTips on both Twitter and LinkedIn.
Stories, articles and threads to support community-orientated businesses in web3.
How to make Blockchain Suck Less! Great thread from Nadar
Learn to Earn, a new opportunity thanks to Web3. This is also part of the on-chain proof of accomplishment that is possible due to the trustless nature of web3. Great thread fromIgnas | DeFi Research
Tool of the Week
Dune Analytics is a community-created tool that allows you to aggregate various amounts of on-chain data into dashboards for ease of understanding. You can either create your own dashboard or you can search the 1000's of dashboards freely available.
Examples of dashboards are market data for Open Sea, specific NFT collections on-chain activity, whale wallet address activity and much more! I will leave Pothu to give the full thread
Are you a creator or small business owner, would you like to have a free strategy session on how you could incorporate web3 into your business model? Get in touch!
So happy you enjoyed it mate!