10 Steps to Stay Safe in Web3

Cryptocurrencies and the broader realm of Web3, have increasingly been the subject of interest and controversial discussion. But it comes with its share of dangers. At ReDeFi, we suggest understanding the fundamentals first. One of the main barriers for newcomers is a need for foundational knowledge of security.

If you are among the excited but sceptical, read on to get familiarised with the essentials of protecting your digital assets and personal information.

Step 1: Understand the Basics

To get started with crypto, you need to understand some core concepts:

• Public Key: Similar to your bank account number. You can use it to send and receive crypto.
• Private Key: Similar to an ATM pin. It demonstrates ownership and facilitates transactions. Guard it.
• Seed Phrases: Provided when creating your wallet. Essential for recovery; never disclose it. Losing control over it means losing your digital assets.

Step 2: Research is Your Best Friend

Before diving further, remember that knowledge is your most powerful asset. We cannot stress enough the importance of the crypto acronym: “DYOR” (Do Your Own Research). Before you invest or engage with a new project, do thorough background checks to make informed decisions.

Step 3: Invest in Hardware Wallets

Physical devices play a crucial role in ensuring your digital assets are secure:

• Acquire cold (hardware) wallets from reputable sources, such as an official website. Avoid third-party resellers.
• Understand that coins are not stored on your hardware device but on the blockchain. The hardware and seed phrases are access keys to your assets.
• You can also connect hardware and software wallets for DeFi (e.g. Ledger + Metamask), thus having an extra layer of security.

Step 4: Advanced Features

Going beyond the basics means enhancing your security mechanisms:

• Opt for a 24-word seed phrase, but be cautious.
• Physically write downwritedown seed phrases. 
• Avoid digital storage mediums like Dropbox, USB sticks, or password managers.

Step 5: Storing Seed Phrases

How and where you store your seed phrases can mean the difference between keepingor losing your assets:

• Opt for durable materials, like steel, over paper. It’s more resilient to damage.
• Get creative with hiding spots. Think beyond safe deposits, as they are not as safe as someone might think.

Step 6: Implement Two-Factor Authentication 

Add an additional layer of security to your accounts with 2FA:

• Use apps like Google’s or Microsoft’s Authenticator. 
• Avoid using SMS authentication due to sim-swap risks. A hacker can potentially get the same number as yours from a mobile company.

Step 7: Device Precautions

Your devices and their settings are your frontline defence against potential breaches:

• Use a dedicated device for transactions, separating it from regular usage.
• Use a VPN, especially on public Wi-Fi. Also, it is important to use encrypted, secure connections like Https instead of Http.
• Install and regularly update your firewall software.

Step 8: Smart Contract Safety

Interacting with smart contracts and dApps comes with its own set of vulnerabilities:

• Revoke contract access when you have no intention of using that protocol often. You can do that from the chain explorer (e.g. etherscan.io) if you are on Ethereum.
• Be wary of imposter websites—bookmark legitimate sites to prevent accidents.
• Keep most assets off CEXs (centralised exchanges), as they are a bigger target to hackers and suspective to new regulations and policies.

Step 9: Official Channels and Transactions

Even when everything seems legitimate, a second glance can prevent a costly mistake:

• Understand that even official accounts can be compromised. Be wary of unexpected promotions or major announcements. Being first is not always good.
• Email discipline. Use dedicated email addresses for crypto, like Proton Mail.
• Send test transactions first before transferring the whole amount.
• Thoroughly verify transaction addresses. Watch out for clipboard hijacks.
• Beware of unexpected wallet tokens. They might be part of a dust attack. Do not engage.

Step 10: Social Vigilance

Last but not least, it is crucial to remain cautious of the human elements that could compromise your security.

• Be cautious about social engineering scams. Recognise tactics like fake YouTube streams, imposter customer support, or deceitful influencers.
• Understand that credibility can be manipulated, e.g., through photoshopped proofs or deep fakes.
• Exercise discretion in real life. Discussing crypto in public can make you a target.
• Trust in the crypto space is valuable. Avoid unsolicited DMs and offers that seem too tempting.

In web3 and crypto, scams change as fast as legitimate innovations. Yet, equipped with knowledge and vigilance, you can navigate Web3 more safely. 

Remember: 

Learn from others’ mistakes. 

Your assets’ security, rests in your hands.