No matter how much emphasis is placed on it (1) 10 steps to ensure the security of encrypted assets

10 steps for secure encrypted asset protection

Author: William M. Peaster

Translation: H+H@InfoFlow

Layout: ZaynR@InfoFlow

• From now on, will OP and Base become ‘family’? Maybe not, discussing the variables and prospects of superchain cooperation.
• Binance Research In-depth Study of Decentralized Sorters
• Dida Chain The ‘AMM Moment’ of Full-chain Gaming

Today, we introduce how to strengthen the ability to defend against phishing scams and other frauds. Let’s dive into 10 simple steps that you can use to ensure that your assets stay safe and that your journey into the world of cryptocurrencies is smooth.

Successful phishing attacks depend on three elements:

1. A fake opportunity that looks real enough (usually a so-called airdrop claim website or NFT minting page)

2. The victim falls for the fake opportunity and signs a malicious transaction

3. The victim’s infected wallet has approved operations for valuable tokens, which the attacker can exploit through malicious transactions

With attractive propaganda and websites, any one of us can be deceived by phishers.

Fortunately, we can combine a series of practices and resources to eliminate opportunities for malicious transaction signatures or effectively minimize the impact of doing so.

Here are 10 important steps to enhance the defense of your crypto assets in 2023:

Create a Vault

Strategy: Create a multi-signature wallet for long-term holding of cryptocurrencies!

Recommended tool: Safe{Wallet}

A multi-signature wallet is often referred to as a “vault,” similar to a bank safe for cryptocurrencies. It requires multiple private keys (i.e., wallets) to authorize any transaction, providing higher security for your cryptocurrencies. Multi-signature is like a digital fortress, protecting your long-term assets even if one of your private keys is compromised.

One of the easiest ways to create a multi-signature now is by creating a Safe account. You can add any addresses you want as signers, but starting with a 2-of-3 multi-signature strategy will be simple. Also, consider using hardware wallets like Ledger as some of your signers to enhance security!

Create a Risk Wallet

Strategy: Create a dedicated risk wallet for daily activities!

Recommended tool: Delegate

Do not use your vault for regular cryptocurrency activities such as claiming airdrops or minting NFTs. For such things, set up a separate dedicated wallet where you only deposit cryptocurrencies like ETH as needed.

Wallets that are frequently used should not be filled with all on-chain assets. You can consider services like Delegate, which delegates the permissions of your vault wallet to a risk wallet, which will not move or endanger any assets. For example, if the NFT in your vault gives you whitelist minting privileges, you can use the Delegate service to help you mint. This way, even if you accidentally sign a malicious transaction with the risk wallet, your long-term savings will not be affected.

Use Transaction Preview Tools

Strategy: Download transaction preview tools to remind yourself of attempted malicious transactions!

Recommended tools: Fire, Pocket Universe, Stelo

Wait a minute??? I don’t want to transfer 60,000 USDC and all my NFTs to this random address?!?! The preview tool can help you visualize information before you approve any content.

These tools are free browser extensions that pop up windows explaining all suggested transactions. These extensions are magical barriers against phishing attacks, so make sure to run one of them for all transactions!

Audit Token Allowances

Strategy: Revoke your unlimited token allowances (approve)!

Recommended tool: Revoke.cash

Many Ethereum-based applications (e.g., DeFi) will ask you to approve “unlimited” token allowances so you don’t have to constantly reapprove and spend funds. The problem is that if your wallet is hacked and you have a bunch of unlimited token approvals, the attacker can drain all of those assets.

Therefore, you want to monitor your outstanding allowances regularly and revoke or minimize unlimited approvals whenever possible. The revoke.cash platform makes it easy to modify your token allowances, so no worries.

Do Your Research Before Using

Strategy: Research the project you’re interested in before using it!

Recommended websites: DeFiLlama (current resources), CryptoWiki (historical information)

Never fly blind in the cryptocurrency space, always do your homework!

For example, recently I’ve been exploring the Ajna protocol, which is a relatively new governance-free DeFi lending protocol. I directly looked at its documentation, FAQs, whitepaper, etc., so that I can start delving into it and assessing its details and risk profile.

Deep research is necessary: Take the time to understand the fundamentals before diving deep into anything. Don’t blindly imitate, as it can put you in a dangerous position. If you can’t find good documentation and similar educational resources for a project, that itself is a big red flag.

Monitor your positions

Strategy: Use portfolio trackers to keep an eye on your cryptocurrency positions!

Recommended tools: DeBank, MetaMask Portfolio, Zapper, Zerion

In the cryptocurrency space, closely monitoring your assets is crucial, and portfolio trackers are your best friends in this regard. They provide you with an overview of the assets you hold across various wallets and platforms, allowing you to easily monitor your cryptocurrencies in real-time.

Remember, staying updated on your positions is not just about observing returns, it is also an important part of risk management. By regularly monitoring your assets, you can identify any abnormal activities that may indicate security vulnerabilities and have the opportunity to take action to protect your remaining assets.

Stay informed about ecosystem news

Strategy: Stay informed about cryptocurrency news, such as recent hacking attacks!

Recommended resources: Bankless, DeFiLlama Roundup

Sometimes, attacks on projects like DeFi protocols can indirectly or directly affect your cryptocurrency positions. To stay ahead of potential impacts, it is crucial to stay informed in a timely manner.

However, you don’t have to do all the work yourself. For example, Bankless analyzed the reentrancy attack on Curve in a Twitter thread within a few hours of the attack starting. Bankless always strives to keep you informed. There are also many other great resources available to help you, such as the DeFiLlama news aggregation chat on Telegram.

Secure your web2 personal information

Strategy: Rely on good OpSec (Operational Security) practices to protect your web2 activities!

Recommended resources: Officer’s Blog

Even outside of web3, don’t leave any room for attackers. Malicious individuals may infiltrate your email or social accounts, attempting to deceive people who trust you into clicking on phishing websites. Don’t let them get to that point! According to security researcher ficialcia.eth, strong operational security basics include:

1. Using secure email providers, such as Protonmail
2. Using different strong passwords and avoiding reuse across multiple places
3. Not linking your phone number to cryptocurrency platforms
4. Using 2FA to back up your accounts, but avoiding SMS-based 2FA
5. Requesting your phone carrier to lock your SIM card
6. Using up-to-date antivirus software

 

Create an Escape Strategy

Strategy: Create an escape strategy for your assets in case of the worst case scenario!

Recommended Tools: Webacy, Spotter

Even with all the above tools and practices, it is still important to be prepared for the worst case scenario. Webacy is a web3 security provider that allows you to create a custom backup wallet + emergency button (LianGuainic Button) system; if you are under attack or feel a security threat, you can use the platform’s “LianGuainic” feature to transfer all or any remaining assets to a pre-designated backup wallet.

For more advanced users, there are other monitoring and protection services available, such as Spotter, which aims to help you detect and evade on-chain attacks within milliseconds.

Sound the Alarm

Strategy: Sound the alarm quickly if you encounter a phishing scam!

Recommended Resource: CryptoScamDB

If you see something, say something!

If you do come across a cryptocurrency phishing scam, sound the alarm to keep others away. You can send messages in group chats, make posts on social media, or upload reports to databases like CryptoScamDB. It only takes 30 seconds to help others protect their crypto assets!

We will continue to update Blocking; if you have any questions or suggestions, please contact us!