Cannot Overemphasize Part 1: 10 Steps To Keeping Your Crypto Assets Safe

By William M. Peaster

Compile: H+H@InfoFlow

Typesetting: ZaynR@InfoFlow

Today, we explain how to strengthen your defenses against phishing scams and other scams. Let’s dive into 10 simple steps you can take to ensure your assets stay safe and your journey to the crypto front is smooth.

A successful phishing attack depends on three elements:

1. A fake opportunity that looks real enough (often a so-called airdrop claim site or NFT minting page)

2. Victims mistakenly believe in false opportunities and sign malicious transactions

3. The value tokens in the infected wallet of the victim have been approved (Approve), and the attacker can use these token approvals through malicious transactions

In the face of fancy pitches and websites, any of us can be duped by phishers.

Fortunately, we can put together a series of practices and resources that eliminate the chance of signing a malicious transaction or effectively minimize the impact of doing so.

Here are 10 important steps to improve crypto asset defense in 2023

Create Vault

STRATEGY: Create a multi-sig wallet for long-term cryptocurrency holdings!

**Recommended tool:**Safe{Wallet}

Multi-sig wallets are often referred to as "vaults" and are similar to a cryptocurrency version of a bank safe. It requires multiple private keys (i.e. wallets) to authorize any transaction, thus providing greater security for your cryptocurrencies. Multisig is like a digital fortress, protecting your long-held assets even if one of your private keys is compromised.

One of the easiest ways to create a multisig right now is to create a Safe account. You can add any address you want as a signer, but starting with a 2-of-3 multisig strategy is easy. Also, consider using a hardware wallet such as Ledger as some of your signers, which adds an extra layer of security!

Create risk wallet

STRATEGY: Create a venture wallet dedicated to everyday activities!

**Recommended tool:**Delegate

Never use your vault for regular cryptocurrency activities such as airdrop claims or NFT minting. For this sort of thing, set up a separate dedicated wallet where you just top up with cryptocurrencies like ETH as needed.

Frequently used wallets should not be filled with all on-chain assets. You could consider a service like Delegate, which delegates the authority of your vault wallet to a risk wallet, which does not move or compromise any assets. For example, the NFT in your vault makes you eligible for whitelist minting, and you can use the Delegate service to help you mint. That way, even if you accidentally sign a malicious transaction with your risky wallet, your long-term savings won't be affected.

Using the transaction preview tool

**Strategy:**Download the trade preview tool and alert yourself to malicious trade attempts!

**Recommended tools:**Fire, Pocket Universe, Stelo

Wait a moment? ? ? Didn't I want to transfer 60,000 USDC and all my NFTs to this random address? ! ? ! Preview tools help you visualize information before you approve anything.

These tools are free browser extensions that pop up windows explaining all suggested deals. These extensions are a magic shield against phishing incidents, so make sure to run one of them on all your transactions!

Review token spending permission (allowance)

Strategy: Cancel your unlimited token spend approvals (approve)!

**Recommended Tool:**Revoke.cash

Many Ethereum-based applications (such as DeFi) will require you to approve "unlimited" token spending so that you don't have to constantly reapprove to spend funds. The problem is that if your wallet is stolen, and you have a bunch of unlimited tokens approved, the attacker can take all of it.

Therefore, you want to regularly monitor your outstanding quota and revoke or minimize unlimited approvals where possible. The revoke.cash platform makes revoking your token quota a breeze, so no worries.

Research before use

STRATEGY: Research an item you're interested in before using it!

**Recommended websites: **DeFiLlama (current resources), CryptoWiki (historical information)

Never fly blind in the cryptocurrency space, do your homework!

For example, recently I was exploring the Ajna protocol, a newer governanceless DeFi lending protocol. I went straight to its documentation, FAQs, white papers, etc. so I could start to dig into it and gauge its specifics and risk profile.

Digging in is essential: Take the time to understand the basics before delving into anything. Don't imitate recklessly so you don't put yourself in a dangerous situation. If you can't find good documentation and similar teaching resources for a project, that in itself is a big red flag.

Monitor your positions

STRATEGY: Use Portfolio Tracker to keep an eye on your cryptocurrency positions!

Recommended tools: DeBank, MetaMask Portfolio, Zapper, Zerion

In the world of cryptocurrencies, keeping tabs on your holdings is crucial, and a portfolio tracker is your best friend in this regard. They provide an overview of your holdings across various wallets and platforms, allowing you to easily monitor your cryptocurrencies in real-time.

Remember, keeping abreast of your positions is not just about watching returns, it is an important part of risk management. By regularly monitoring your assets, you can spot unusual activity that may present a security breach and give you the opportunity to take action to protect your remaining assets.

Stay up to date with ecosystem news

STRATEGY: Stay up-to-date with cryptocurrency news, such as recent hacks!

**Recommended resources:**Bankless, DeFiLlama Roundup

Sometimes, attacks on projects like DeFi protocols can indirectly or directly affect your cryptocurrency positions. In order to stay ahead of potential impacts, it is critical to stay informed.

However, you don't need to do all the work yourself. For example, Bankless resolved Curve's reentrancy attack in a Twitter thread within hours of the attack starting. Bankless always strives to keep you informed. There are also many other great resources here to help you, such as DeFiLlama's news aggregation chat on Telegram.

Block your web2 personal information

STRATEGY: Rely on good OpSec (Operational Security) practices to protect your web2 activity!

**Recommended resource:**Officer's Blog

Even outside of web3, there is no room for attackers. Criminals might hack into your email or social accounts in an attempt to trick someone who trusts you into clicking on a scam website. Don't let them get to that point! According to security researcher ficialcia.eth, a strong operational security foundation includes:

1. Use a secure email provider such as Protonmail
2. Use different strong passwords and never reuse them in multiple places
3. Never associate your phone number with a crypto platform
4. Use 2FA to backup your accounts, but not SMS-based 2FA
5. Ask your phone carrier to lock your phone's SIM card
6. Use up-to-date antivirus software

Create escape strategy

STRATEGY: Develop an escape strategy for your assets in case the worst happens!

Recommended tools: Webacy, Spotter

Even with all the tools and practices above, it's still important to consider preparing for the worst. Webacy is a web3 security provider that allows you to create a custom backup wallet + Panic Button (Panic Button) system; if you are attacked or feel a security threat, you can use the platform's "Panic" function to put all or any remaining Assets are transferred to a pre-designated backup wallet.

For more advanced users, there are other monitoring and protection services, such as Spotter, designed to help you detect and evade on-chain attacks within milliseconds.

Sound the alarm

Strategy: Once you encounter a phishing scam, please sound the alarm quickly!

**Recommended resource:**CryptoScamDB

If you see something, please speak up!

If you do come across cryptocurrency phishing, sound the alarm so others stay away. You can post messages in group chats, post on social media, or upload reports on databases such as CryptoScamDB. You can help others secure their crypto assets in just 30 seconds!