Hacking and social engineering have become increasingly prevalent in the world of Crypto, NFTs, and Web3 more broadly. While malicious strategies and tactics continue to become more innovative, human error remains the leading cause of compromised wallets. These errors usually stem from inexperience, but even the most seasoned investor can lose everything if not careful.
As you can see on this Twitter thread, hackers can be very deceptive and target tapping into your personal needs. Let’s talk about some best practices to help protect your digital assets.
First, do routine research on what types of hacks and compromises are transpiring in the space. It is essential to stay updated on common exploits to avoid falling victim to any sneaky tactics. Tactics are being deployed and tested by hackers on a daily basis, and being out of the loop could end up being a costly mistake.
Second, ensure you are using a hardware wallet or multi-signature wallet if you are in possession of valuable assets.
Each transaction requires multiple signatures, which may slow down the transaction process, but this provides a layer of security that hot wallets cannot offer. If you decide to use a multi-signature wallet, always keep in mind the number of signatures required to execute a transaction. In the event that multiple keys become compromised or lost, you will need the minimum number of required signatures to process a transaction and access your funds. An example of an entity that should employ a multi-signature wallet could be a DAO with a large treasury they’re trying to secure or even a collector with a valuable personal gallery. Still, everyone should at least have a hardware wallet if invested in Web 3 to ensure an enhanced level of security.
Third, frequently disconnect your wallet and remove signing approvals from websites you have connected to. An excellent tool for this is Revoke.Cash, see this article to learn more about Revoke.Cash and its benefits.
Finally, ensure that any seed phrase you have is written on paper and not kept online. When saved as a photograph, in your notes, or stored digitally anywhere, your private keys are vulnerable. This includes ICloud storage; if your private keys for Coinbase Wallet or Metamask are stored on iCloud, an iCloud exploit could make your wallet vulnerable.
Have your seed phrase stored in your camera roll? Think of how many apps have requested access to your photos, then ask yourself if you trust them to protect your information.
We recommend segregating your seed phrase’s storage, keeping half of the phrase in one secure location, and half in another. We recommend hyper-secure storage locations like bank safety deposit boxes as an example. Just remember that if you lose even one piece of your seed phrase and need to back up your wallet, you will not be able to recover it. This is why we also recommend memorizing your Seed Phrase, if possible, as the ultimate way to protect your assets.
It’s important to consider that this digital world is just emerging, and certain assets will be worth substantially more in the future. Furthermore, as this space is already filled with scammers trying to steal your precious assets, it would be wise to expect that they will only become more prevalent as blockchain adoption increases. All this to say, now is the time to focus on protecting digital goods, as being proactive could save you time and money down the road.
Some key takeaways are: upgrading your wallet to a hardware wallet or multi-sig, being 100% sure every signature you sign is the right one, revoking approvals frequently, storing your seed phrase offline, and never sharing your screen or seed with anyone.
Solidity.io will continue to inform you of notable events and valuable information in the wild world of Web 3. Continue to use us as a resource as you navigate this new digital world, and feel free to reach out at Solidity.io for any Blockchain development or security needs.