logo

flaq

🛡️

DIVE INTO WEB3

Is my wallet 100% secure?

by Neha, Akshita
For users investing in crypto, wallets are their ride or die- it’s the single most important thing in their web3 lives! However, are crypto wallets completely safe? 🤔

Types of Wallet Scams You Should Be Aware Of

The concept of web3 is becoming more than just a notion. It is tied closely to data ownership and monetary worth. In the cryptocurrency industry, millions of users are falling prey to fraud, resulting in a huge sum of money being lost. In such an environment, how can you make sure to keep your assets safe?🔐
Stay tuned, and let us help you understand the different types of scams eminent in the web3 world! ⬇️

1. Phishing scams

Phishing scams are by far one of the most prominent scams in the web3 world. You might have a slight idea about what phishing is, right? It’s a malicious strategy to obtain private user data, including, among other things, credit card numbers, login information, and passwords.
 
⚠️
Let’s say a fake website of Phantom deceives you by portraying itself as the actual website. If you continue to use that website by giving your passwords and seed phrases, you have been phished‼️
 
The above-displayed site is the only legitimate Phantom site. By any means, do not fall prey to other malicious sites portraying to be Phantom.
The above-displayed site is the only legitimate Phantom site. By any means, do not fall prey to other malicious sites portraying to be Phantom.
Hackers also attempt phishing by meddling with platforms that use smart contracts. Simply inserting a code that changes the receiver's address to the attacker's address is what the hacker needs to accomplish. Users must know better than to confirm the transaction before verifying it is the correct address!
🚨
Here’s an example of a very infamous phishing scam!
 
📤
Just like you usually send a very minimal amount of Rs. 1 on Google Pay to your friend just to confirm that it’s the right account, the same can be followed while confirming transactions on web3 as well!
Phishing scams can also take place when users impersonate themselves, and try and extract your personal information.🎭
🚨
Please be extremely careful before trusting people, even in the web3 world. Not everyone has genuine intentions!
 
This is a legitimate screenshot of a phishing scam, where the user was trying to impersonate someone else. Never go ahead with transactions without verifying the account first!
This is a legitimate screenshot of a phishing scam, where the user was trying to impersonate someone else. Never go ahead with transactions without verifying the account first!

2. Malicious airdrops

Airdrops are a marketing strategy used by businesses to lure customers into using their platforms, services, or goods. Companies frequently offer users free cryptocurrency in exchange for participating in certain activities, such as a new product, launching a new coin offering, or promoting a brand.
📢
For instance, users may receive a message via social media, email, or SMS notifying them that a random cryptocurrency has been transferred to their wallet due to an airdrop. Following that, the victim is led to another exchange so that they can sell the cryptocurrency. The website urges users to connect their wallets, but once they do, they discover that all of their funds have been lost!
 
An example of a malicious airdrop
An example of a malicious airdrop

3. Social engineering

Social engineering threats cover a wide range of malicious tactics that cybercriminals use to manipulate users into disclosing private information. It captivates upon human error rather than a technical glitch.
Platforms like Discord and Telegram are the most susceptible to social engineering threats simply because they do not have the option of double verification accounts. 😥
A common phishing tactic requires users to provide security credentials to update their passwords after notifying them of a claimed policy violation. Although these messages can seem sincere, they are not!⚠️

4. Rug pulls

Rug pulls are dishonest strategies developers use to abandon a venture and abscond with investor money. They attempt to hype their projects and exaggerate their numbers to try and get investors to fund their websites. Once they receive the funding, they flee- a classic example of ghosting someone in the web3 world!👻
Source: Coindesk
Source: Coindesk

5. Bot scams

A bot is a piece of software that carries out automated tasks with the help of the internet. In the web3 world, bots are actively used to replace human users in trading and transacting crypto. Off late, these bots have also been involved in fraudulent activities, resulting in the loss of crypto assets for hundreds of users.
Let’s give you a case study to help you understand better. ⬇️
MEV Bot Scam
In essence, MEV, or the Maximum Extractable Value, is the highest value that can be retrieved from a block. Until recently, only miners were involved in such an activity. The invention of bots that could trade in crypto, ultimately replacing miners, gave rise to security concerns.
These MEV bots deceive users into investing in them by offering lucrative services and exciting offers. But once they do, these bots gain access to your crypto, and users end up losing their assets forever! 💰
⚠️
Beware of such scams!

The Seed Phrase Dilemma

Ahh, the seed phrase. We’ve said it before, and we’ll say it again- you lose your seed phrase, you lose your crypto. Go that extra mile to ensure your seed phrase is protected from hackers and malicious actors!
Wait, is losing access to my seed phrase that bad? 😟
Well, yes. Let’s say you created a seed phrase, and trusting your ability to remember things, you do not make a note of it. A few days later, god forbid, you forget your seed phrase. What then?
You have a) lost access to your funds because you can no longer transact, and b) give someone else the golden opportunity to lay their hands on your crypto.
Disastrous, to say the least.
There must be a way in which you can still gain access to your assets, right? 🧐
There surely is. Introducing social recovery wallets! 🥳

Social recovery wallets

Social recovery wallets are smart contract-integrated wallets that provide users access to their stolen assets even if they misplace their keys.

How do they work?

notion image
 
A single ‘signing’ key that can be used to authorize transactions is required for a social recovery wallet. You can decide to create at least three of the keys needed for verifying transactions to improve security. The supplementary keys are known as ‘guardians.’
The guardian keys can alter the wallet's signature key if they coordinate. The three guardians can quickly switch to a new signing key in the instance that the first one is stolen, rendering it unusable.
The signing key has the authority to change guardians as well. To prevent a hacker from instantaneously disabling the guardians, there is a delay period of 1-3 days. The delay is crucial because it gives the guardians time to gather and alter the signing key.
Now, your guardians can be anyone - friends, cousins, relatives, or neighbors! 🧑‍🤝‍🧑
💡
Argent is one of the most popular examples of a social recovery wallet!
 

Tips for securing your wallet

Given below are a few tips to help you secure your crypto wallets! 🛡️

Hot wallet

Identify

  • One of the easiest ways to identify scams is by making sure that the website is a legitimate one. Often, legitimate websites have a formal white paper, containing the background, history, and all the requisite information needed about a particular cryptocurrency or website.
  • Keep an eye out for ‘rewards’ or ‘giveaways’ that pop up on your website. Remember, a legitimate website would never endorse or encourage users to participate in such activities. 🔍

Avoid

  • Avoid storing huge amounts of crypto in your wallet. We’d suggest that you store smaller amounts in your wallet, and the rest in a much more secure system.
  • As goes without saying, avoid giving away your seed phrase, even to people you trust. One of the safest ways to store your seed phrase would be to write it down on a piece of paper and store it in your vault. Some people even go to the extent of engraving their seed phrase onto a metal object/stone and depositing it in their safety deposits!
Source: Reddit
Source: Reddit

Protect

  • To ensure that your system is protected from any sort of malware, always keep it up to date. Download all the available updates and clear all the critical bugs from your system.
  • Having multi-sig wallets increases the security of your wallet, so you could consider creating one!

Cold wallet

  • Back up, Back up, Back up! Backing up data is the single most efficient way to ensure that your cold wallet is protected, in case you were to lose your assets! ✅
  • Beware of phishing scams- do not fall prey to malicious actors trying to extract information from you!
  • Make sure you purchase your cold wallet from authorized dealers only. Popular cold wallet manufacturers include Ledger, Trezor, and Ellipal.

Signing off

We know it can get overwhelming out there- with comparing cryptos and storing seed phrases and creating wallets and ensuring backups, there’s no end to the number of things that you can do in the web3 world. But hey, remember, this is your choice to make. You get to decide when to hop into this world. We must add, it is an exciting new world with endless possibilities! 🌍
But have you ever wondered what your identity will be in the web3 world? Stay tuned to know more!

Dive Deeper

Why we need wide adoption of social recovery wallets| Vitalik
Bitcoin Scams: How to Spot Them, Report Them, and Avoid Them| Investopedia
Securing your wallet - Bitcoin
 
Flaq Logo

flaq

Contact us at

welcome@flaq.club

Newsletter

Be the first to know about every publication, every new feature, and every event of Flaq, in your mailbox.

Home

News

About Us

FAQs

Privacy Policy

© 2022, Flaq Academy