If you’re new to the world of Web3, the first thing you need to learn is to be skeptical, to be awestruck, to be curious; The road is free and beautiful, but the road is also dangerous.
For now, Web 3 is just a direction, an experiment in trial and error, an idea that will take a long time to complete; The crypto world is still in its infancy. Freedom and decentralization means ownership is in your hands, and all your operational choices determine where your assets belong. Asset security has always been the most difficult problem to eliminate in the Web3 world; Some people jokingly: the most successful transformation of Web2-Web3 is hackers.
The other side of freedom is security. Where there is light, there is darkness and shadow, but if there are lights on the road to illuminate the darkness, the road is smoother. I hope the following points can help you, so that you can avoid security problems to the greatest extent.
1. Avoid storing your wallet information on the Internet
The mnemonic and private key in the wallet is like the key to open your wallet, once leaked, the whole wallet will be completely controlled by someone else (basically fake links, etc., are also to get your private key); It has always been difficult to achieve 100% security and information leakage when connected to the Internet.
Therefore, if possible, do not save your private key, mnemonic or other sensitive information on a mobile device connected to the Internet. If possible, copy it by hand and back it up on a mobile phone that is not connected to the Internet (a device that is not commonly used) to shield yourself from possible risks. Even if possible, don’t connect your computer or mobile device to public Wifi.
2, assets dispersed placement
As the FTX has such an event, I believe everyone will understand the importance of diversified asset allocation. Before that, everyone thought the exchange was the safest place to be; This is why sales of cold wallets surged after the FTX incident.
In terms of wallets, hot wallets and cold wallets have their own advantages. Metamask, as the most popular hot wallet, has been criticized for its security, but it is convenient and operational. Cold wallets are a good option for large assets, but they are not as convenient and are suitable for long-term holdings.
There is no absolute safety, but you can try to avoid the risk. If the amount of money is relatively large, then according to their own needs according to the proportion of dispersed placement is very important.
3. Be careful to identify all links
There are often a variety of “welfare links”, “drop links”, and every popular project will also have a lot of phishing links similar to the official link, if not carefully identified, it is easy to click the wallet authorization or leak some information.
In addition, many Web3 hackers do this in a very simple way — they simply hack official or Mod social media accounts and post phishing links (this is one of the three ATM’s that cross Link Bridge and Oracle call hackers). If not discovered by other officials in time, many user assets or information will be stolen. If you don’t click on links, you’ve already avoided 80% of the risk.
In addition, you need to double check whether the NFT you want to buy is an official NFT, otherwise it is easy to accidentally buy a fake one.
4. Be careful when signing your wallet
In July, Metamask made a very useful update to the NFT contract authorization function. It will update the UI for the NFT contract authorization function to make the operation intention of the signature clearer and reduce the risk of fraud. Before this, users could not easily judge the content of the signature and authorization. As far as possible, the wallet will only interact with the signature of the judged, feel safe items; revoke.cash as soon as possible once you find that the project you interact with has been stolen.
All in all, after this update, there are fewer theft incidents due to signature issues, but we still need to pay extra attention every time we sign.
5. Use (license) trusted applications and plug-ins
This part of the problem is mostly the “shear board”. Private keys and addresses are random alphanumeric combinations that no one would choose to type up one by one, and some applications or plug-ins read and record what the user copies, making it easy for the private key to leak.
Before using an app, it’s important to know whether it’s an “official app” and whether it’s an “official website” — just like, can you really remember if the Azuki website is Azuki.com or azui.io?
6. Disable DM (private message)
Email you so-called “airdrops,” lottery links, or send you welfare benefits posing as an official (they’ll change their ID and profile picture to look exactly like the official’s, send you fake links, or induce you to withdraw), This kind of deception happens mostly on Discord or Telegram — there is almost no official message to you, and there is no useless pie in the world (famous Discord: We will never DM you).
It’s very cheap, so it’s very frequent; The easiest way to eliminate this problem is to simply turn off the DM, which also filters out a lot of spam.
7, in case of accidental asset disclosure, the first time to abandon the wallet
Once the wallet has any assets leaked, it should be the first time to abandon, should not have any chance. The reason behind the leak of wallet assets is almost always that the private key or mnemonic was leaked at some point, even months ago, but it was only months later that the hacker remembered to take the assets.
So if anything happens, don’t take any chances. Get a new wallet as soon as possible and move all your assets.
8. Beware of some “lessons”
Web3 has a threshold, and the difficulty is that there is no systematic learning path yet. There are a lot of courses online, but the quality of the courses, the level of the main lecture is very mixed, it is likely that adulterated knowledge mixed with real learning. If in the real and effective information, mixed with some false links or single behavior, it is easy to make a large number of small white users cheated.
How to distinguish the authenticity and effectiveness of information and how to strengthen their ability to retrieve information is a lesson that all users should learn when they come to Web3.
9. Get involved in your areas of expertise
There are so many subdivisions involved in the whole Web3, such as DID, Gamefi, PFP, DAO, etc., that it is difficult for us to thoroughly study each field. Web3 hotspot transfer speed is very fast, but for unfamiliar areas, we should make a good proportion of funds when chasing hot spots, remember not All In; Similarly, we can allocate more funds to familiar areas.
Only when you are familiar with a field, and after several small-scale practice and trial and error, you are more likely to see the quality of a project and make a better judgment.
10. Read Zero to One: Mastering the NFT.
0 to 1: Mastering the NFT is a good place to start, to help you get an idea of the Web3 world and get you excited about NFT. You can also help them to take a step further when you have entered the NFT circle and improve their understanding of the entire NFT industry and even the Web3 ecology.
As I said, the whole circle doesn’t have a complete learning path yet; But this 18w booklet (still being updated) is sure to help you generate your own understanding. Many enthusiasts in the industry are working in their own ways to help outsiders open up the world of Web3 and help those within it climb the ladder — and if the climb gets tiring one day, the Labs community can also serve as a green place for your Web3 friends to rest.
Hopefully, this article, along with “0 to 1: Mastering the NFT” (check out Sophia for those who haven’t yet), will help you avoid some potholes and explore the entire Web3 world more safely.
Reprinted from NFT Labs provides relevant information only and does not constitute any investment advice.
