By Alex McCurry Founder of Solidity.io
Hacking
and social engineering have become increasingly prevalent in the world of
Crypto, NFTs, and Web3 more broadly. While malicious strategies and tactics
continue to become more innovative, human error remains the leading cause of
compromised wallets. These errors usually stem from inexperience, but even the
most seasoned investor can lose everything if not careful.
Hackers can be very deceptive and target
tapping into your personal needs. Let's talk about some best practices to help
protect your digital assets.
First,
do routine research on what types of hacks and compromises are transpiring in
the space. It is essential to stay updated on common exploits to avoid falling
victim to any sneaky tactics. Tactics are being deployed and tested by hackers
on a daily basis, and being out of the loop could end up being a costly
mistake.
Second,
ensure you are using a hardware wallet or multi-signature wallet if you are in
possession of valuable assets.
Each
transaction requires multiple signatures, which may slow down the transaction
process, but this provides a layer of security that hot wallets cannot offer.
If you decide to use a multi-signature wallet, always keep in mind the number
of signatures required to execute a transaction. In the event that multiple
keys become compromised or lost, you will need the minimum number of required
signatures to process a transaction and access your funds. An example of an
entity that should employ a multi-signature wallet could be a DAO with a large
treasury they're trying to secure or even a collector with a valuable personal
gallery. Still, everyone should at least have a hardware wallet if invested in
Web 3 to ensure an enhanced level of security.
Third,
frequently disconnect your wallet and remove signing approvals from websites
you have connected to. An excellent tool for this is Revoke.Cash, see this
article to learn more about Revoke.Cash and its benefits.
Finally,
ensure that any seed phrase you have is written on paper and not kept online.
When saved as a photograph, in your notes, or stored digitally anywhere, your
private keys are vulnerable. This includes ICloud storage; if your private keys
for Coinbase Wallet or Metamask are stored on iCloud, an iCloud exploit could
make your wallet vulnerable.
Have
your seed phrase stored in your camera roll? Think of how many apps have
requested access to your photos, then ask yourself if you trust them to protect
your information.
We
recommend segregating your seed phrase's storage, keeping half of the phrase in
one secure location, and half in another. We recommend hyper-secure storage
locations like bank safety deposit boxes as an example. Just remember that if
you lose even one piece of your seed phrase and need to back up your wallet,
you will not be able to recover it. This is why we also recommend memorizing
your Seed Phrase, if possible, as the ultimate way to protect your assets.
It's
important to consider that this digital world is just emerging, and certain
assets will be worth substantially more in the future. Furthermore, as this
space is already filled with scammers trying to steal your precious assets, it
would be wise to expect that they will only become more prevalent as blockchain
adoption increases. All this to say, now is the time to focus on protecting
digital goods, as being proactive could save you time and money down the road.
Some
key takeaways are: upgrading your wallet to a hardware wallet or multi-sig,
being 100% sure every signature you sign is the right one, revoking approvals
frequently, storing your seed phrase offline, and never sharing your screen or
seed with anyone.
Solidity.io
will continue to inform you of notable events and valuable information in the
wild world of Web 3. Continue to use us as a resource as you navigate this new
digital world, and feel free to reach out at Solidity.io for any Blockchain
development or security needs.
##
ABOUT
THE AUTHOR
Alex
McCurry is an American business executive, blockchain expert, investor, and the
founder and owner of Solidity.io.