How much do you have in crypto or NFTs? 🤔 Answer this question internally and imagine that you could lose all of that in just a few seconds. While it would hurt to irreversibly lose 200 dollars due to bad security, it must be an unimaginable pain to lose all of your savings. 😰
We’re living in such a digital world that it’s impossible to ignore it. While it serves us greatly most of the time, it can also betray us if we stop educating ourselves with the newest technology. Today, we’re talking about the safety of your digital assets.
These are some of our safety tips 🔐
Imagine being a millionaire 🥰
Or in other words, always treat your security as if you were talking about assets worth millions of dollars. 💡 The best rule of thumb is to never underestimate the risk and behave like you have a ridiculous amount of money in your wallet. It might not be true now, but it can change within a few seconds quickly. 😱
👉 Imagine that you have a few Ethers, maybe around 1000 USD. If the scammers get to your account, they might not even rug you. 🤔 They can wait till it’s worth it. But since they have the access already, they might pull the trigger in the future when the value of Ethereum goes up several times. 📈
Have several wallets 👛
Having several wallets is a very healthy approach to safety. It’s not about playing hide-and-seek with your assets, it’s about utilizing your wallets for different uses. 🤗 You can have a hot wallet for daily payments, a cold wallet for offline storage, or a vault wallet. We also recommend using a hardware wallet for high-worth assets. 🔑
Attackers sometimes don’t take everything, sometimes they target just blue-chip (well-known) NFTs, highly liquid tokens or they even take just a few tokens. Why don’t take all, you might ask? Sometimes they bet you wouldn’t even notice and keep using the compromised wallet as the attacker hopes for better assets to come in later. 😳
How are assets from crypto wallets lost? 😥
Seed Phrase 🌱
Whoever has the seed, controls the wallet. The attacker doesn’t need to have your phone or computer, they can access the wallet just with your seed words and can create a (let’s say) secondary access device to your assets. 🦹🏼♂️ Never screenshot your seed or write it inside the notes on your phone. Be extremely careful about how you decide to store it. Is it offline? Are the materials fire and water-resistant? Are you splitting it into multiple locations?
👉 You can imagine your seed as keys to your home. If someone takes your keys, they can go inside and eat everything in your fridge. Can you blame them? You never share your keys, you hide them, and don’t allow anyone to use them. 🙅♂️ With your seed words, it’s completely the same.
⚠️ One of the most obvious scams is people on social networks pretending to be from support or pretending to forward you to support from projects that you mention in your social media messages. Let’s say you mention OpenSea in your message. We bet you’d immediately get several replies with: “Hey, just contact the OpenSea support here and they will help you.” Attached you can find a scam link leading to a form that will ask you for your problem, but also your seed. 😱 Never share your seed with anyone. 🙅♂️
Phishing 🎣
Phishing has been here for ages and it’s not specific for just crypto or NFTs. You don’t need to search for long until you find an example: internet banking scams. Someone sends you a link that looks just like from your bank, Metamask wallet, or other software you might be using. 😬
⚠️ This is extremely dangerous — if you fall for it and don’t recognize that it’s a fake website or app, the attacker(s) usually ask for your seed or private key at some stage. Once they got it, you usually have just seconds to do something. There is nearly no chance to do anything 😩 apart from crying and screaming.
Professional attackers usually have all of this completely automated, so once they get access to your wallet, they scan it and either transfer everything, or transfer highly liquid high worth assets, or they might even take nothing at all if the wallet value is too small and not interesting for them.
“Signing” Approval of Assets ✍🏼
Apart from phishing attacks that target the wallet as a whole, some attackers choose to target only owners of a certain asset — let’s say the famous apes from Bored Apes Yacht Club. And they can manipulate you to steal it even without getting your seed phrase and compromising your whole wallet. 🤯How do they do that?
👉 Imagine a web that promises each Bored Ape owner to animate their ape for free, create a 3D model, T-Shirt, or something similar. 🎁 Actually, no need to imagine that. This exists and successfully scams thousands: all you have to do to lose your valuable assets is just connect your wallet.
You come to a website, and as usual, click on the “connect wallet” button. Since this is something you have done often, you don’t expect any scams. So you pay less attention. 😣 Your Metamask (or other wallet) shows you a message to sign — which you’d assume to be the connection request, so you accept it. 😥 Aaand your Bored Apes are gone. By signing the request, you have approved the transfer of your assets to another wallet. You should have read what you were about to sign. 🤕
DM = Direct Messages = Disastrous Manipulation 💬
Scams like the last one are very typical for Discord direct messages (“DMs”) — which is why we always recommend turning off all DMs 📵 in our Spendee Discord.
👉 How does it work? The scammer is usually someone named with something catchy and “totally reliable” like Support or Admin or Help. 🙄
He will send you a message that you have won, or that he wants to help you with something. Eventually, he tells you to verify the ownership of the wallet. You don’t think much of it, seems like quite a normal thing to do… except… you are not approving the ownership, you are approving the transfer of funds or NFTs. ❌
Never click on links in your DMs. — Socrates
And of course, always read what you’re approving and never interact with links or websites of unknown and unverified origin. It might seem obvious, but for many people starting out in the digital assets world, it is another thing to be cautious about and is often forgotten. 🙏🏼
Keeping your crypto assets safe is not rocket science 🚀 but you have to be careful, pay attention and always think twice. ⚠️If something bad happened to you, make sure that you learn from your mistakes. There is no support helpdesk or entity that can help you (like if you make a mistake in a bank). This is the responsibility of each individual. 🙏🏼
