Keeping your NFTs and Crypto assets SAFE can seem impossible.
Let's change that.
WEB3 SECURITY 101:
1. Basic Terms & Concepts
2. Choosing Your Wallets
3. The DO's
4. The DON'Ts
5. Protecting Your Seed Phrase
6. Avoiding NFT Scams
7. Phishing Attacks
8. Scams on Discord
9. The Blind Signing Problem
10. OpenSea Hack Lessons
11. The New Web3 Mindset
12. In the Head of the Scammer
1. Basic Terms & Concepts
ADDRESS - a string of characters that represents a wallet that can send and receive cryptocurrency
It's like a real-life address or email.
Each address is unique and marks the location of a wallet on the blockchain.
PUBLIC KEY - a string of characters that allows you to receive cryptocurrency transactions
It’s paired with a private key.
Anyone can send transactions to your public key.
You need the private key to unlock them.
Your ADDRESS is a shortened form of your public key.
PRIVATE KEY - gives you the ability to prove ownership and unlock assets linked to your public address
While your Public Key encrypts the transaction.
Your Private Key decrypts the transaction.
Ethereum Private Keys are 64 random hex characters or 32 random bytes. {{ img:fd58e9 }}
SEED PHRASE - a series of words that links to your private key
Your seed phrase is like your bank account number, your social security number, date of birth, home address, and ATM pin—all in one.
If someone gets it, they can take all your Crypto assets.
May look like 👇 {{ img:520592 }}
HOT WALLET - or software wallet
A form of digital storage for your private keys that you can access on your computer or mobile and is connected to the internet.
Because of the internet connection, hot wallets are not as secure from hackers as their counterparts—cold wallets.
COLD WALLET - or hardware wallet
A physical device that stores your private keys offline.
Cryptocurrencies are never stored within the hardware wallet itself. They always live on the blockchain.
The hardware wallet stores your private key.
There is no back up to this form of storage.
If you misplace your cold wallet, you lose access to your investments.
Cold wallets can cost between $60 and $200.
They look like a USB drive.
{{ img:dee946 }}
2. Choosing Your Wallet
You will need both a hot/online wallet and cold/offline wallet.
For ETHEREUM transactions:
Use Metamask for the online transaction.
Then store the key offline with Ledger.
How to use Metamask with Ledger. 👇
ledger.com/academy/security/the-safest-way-to-use-metamask
3. The DO's
DO start with small transactions and only increase the size when you get the hang of it.
DO your own research before any transaction.
DO segregate your accounts by use - long term storage of coins, free airdrops, minting NFTs etc.
DO store your seed phrase offline on paper, or on a secure steel plate or capsule (more on this below).
DO use the mobile app versions of your wallet/s. Mobiles are more secure environments than laptops.
4. The DON'Ts
DON'T send assets to a wallet that does not support your crypto. You will lose it. For example: DON'T send Solana assets to a Coinbase wallet.
DON'T keep the keys to your valuable assets in a hot (online) wallet, instead transfer them to a cold (offline) wallet.
DON'T back up your seed phrase on your Google drive or iCloud. It's hackable. Store your seed phrase OFFLINE.
DON'T take a picture of your seed phrase.
DON'T click on links sent to you via DMs or email. Ever!
5. Protecting Your Seed Phrase
NEVER SHARE YOUR SEED PHRASE WITH ANYONE!
That gives them full control of your assets.
Store your SEED PHRASE offline on paper, or preferably in a Cryptosteel Capsule. 👇
shop.ledger.com/products/cryptosteel-capsule-solo
A scammer's main goal is to steal your seed phrase or the private key to your crypto wallet.
With it they can log into your wallet from their own device and move all your funds and NFTs to their own wallet.
Once that happens, there is absolutely no way to get it back.
It’s vital that you keep your seed phrase safe and not share it with anyone, or on any site.
You will NEVER, EVER need your seed phrase or private key for any transaction.
If any site or person asks you for either, leave immediately!
ledger.com/blog/how-to-protect-your-seed-phrase
6. Avoiding NFT Scams
Do your due diligence before buying into a collection.
During NFT minting make sure you are connected to the correct website.
Scammers frequently clone websites by making a slight change to the original domain name.
Double check the name of the project.
Always look for the verified badge.
Check the number of items, volume and floor price.
Use reverse image search on Google or Fingible for counterfeit detection.
More from @CuriousAddys CEO Maï Akiyoshï👇
medium.com/@maimai816/how-not-to-be-scammed-in-nfts-e8c8bb5dffc5
7. Phishing Attacks
One of the most common ways scammers target NFT collectors is via phishing attacks.
They may lure you with fake airdrops to trick you into claiming or interacting with tokens.
When you proceed with the claim, you interact with a malicious smart contract that secretly seeks permission to take your assets.
If you inadvertently grant permission to the contract, it can drain the assets in your wallet.
Don't trust—verify everything!
8. Scams on Discord
Discord is important for info and community, but it can also be risky.
Look out for:
Servers with FAKE NFT projects.
DMs with links.
ANYONE who says they need your seed phrase.
Free Discord Nitro subscriptions.
Go in-depth👇
bit.ly/3hkzf7C
9. The Blind Signing Problem
When you sign a smart contract without key contract details being fully extracted and displayed that is blind signing.
This is a vulnerability that can be exploited.
Learn more here👇
ledger.com/academy/cryptos-greatest-weakness-blind-signing-explained
12. In the Head of the Scammer from School of Block by @Ledger
Understanding the scammer
Never give out your recovery phrase!
What are scammers looking for?
The main traps to look out for
Phishing
Device scam
Bad links
SIM swaps
And more.
youtu.be/iGQpgYVfbt0
Knowing how to secure your assets is key to thriving in web3.
If you found this valuable, please share by retweeting the first tweet.
I write regularly about web3, the future, and living your best life.
For more, follow me @MishadaVinci.