24 Tips to Protect your Crypto Funds from Scammers

July 20, 2022

How to avoid scammers in web3

Image version
Text version

Crypto Scammers stole $14 billion from people last year.

Proper management of your crypto funds can stop that.

24 tips to protect you and your funds:

This was inspired by @thedefiedge. Check out his tweets to learn more about DeFi.

1. Don't share your private key

A public key = bank account number.
You can send and receive crypto using this address.
Your Private key = ATM Pin
Don't share it.

2. Never share your seed phrases

You get your seed phrases when creating a wallet for the first time.
Never share it, or you lose your coins for good.

3. Buy a Hardware Wallet

These are physical devices that hold your private keys.
No transactions can happen unless you physically confirm.

4. Store your coin on the public ledger.

Wallet and Hardware devices are the keys to your funds.
So if your Ledger gets lost, you still have access to your money with seed phrases.

4.1. Wallet recommendation

Buy a @ledger nano S straight from the website, not from Amazon or resellers.If you can afford it, grab the Nano X over the Nano S.(More storage and a sleeker interface)

4.2. Do DeFi with a hardware wallet

Most hot wallets like Metamask will allow you to connect with a device.
@Ledger
has an advanced feature that lets you create a secret 25th password.

5. Don't let your seed phrases exist in the digital world.

Don't store them on dropbox, a USB stick, or your password manager.
Note your seed phrases down.

6. Store Seed Phrases on Metal

There are cheaper options out there like an engraving pen.

7. Shamir's Secret Sharing

You break your seed phrases into parts. Distribute them to different people/places.
It's kinda like Lord Voldemort broke his soul into different pieces and put them in the Horcrux.

8. Get creative on hiding your seed phrases

Someone freezes his Seed Phrases in tomato soups, and stores them at the bottom of his deep freezer.p.s. safety deposit boxes are NOT safe

9. Secure your Accounts /w 2FA

Use Google's Authenticator app only.
Don’t use SMS authentication. Hackers can get a duplicate sim card from your phone company. And then bypass your 2FA.

10. Transact on a Separate Device

Eg. one main laptop to do everything, and a separate laptop just for transactions.
In case the main laptop gets compromised, all they can steal is the hentai collection.
But your coins will be safe.

11. Use Operating systems that are designed for privacy and security.

Like @QubesOS and @Tails_live
You can use a Win / Mac as your main device, and use a more secure OS for your Crypto transactions.

12. Always Use a VPN

VPN are like the condoms of the internet.
Never use public wifi without a VPN.
The most secure is @mullvladnet.
They keep ZERO information about you.

13. Install Firewall Software

Think of it as a "shield" for your internet.Every incoming/outgoing action must be approved or added to the white list.Windows: Win10 has an amazing built-in FirewallMac: @littlesnitch

14. Limit Smart Contract Spending

You can set limits with the Custom Spending Limit feature.

15. Watch out for "fake" sites

Use the official website to find the links to the official discords, telegrams, etc.
Common fake sites include:• Fake protocols• Fake exchanges• Fake wallet sites

16. Keep your funds off Central Exchanges

You can buy coins from CEX's, but send them to your wallet as soon as possible.

17. Official places can get Hacked

- Elon's account was hacked last year.
- Hackers target official discords now.
Don't fomo into things. Verify with others first.

18. Be careful of email phishing attacks

Crypto websites related websites are always getting hacked.
Create a new email just for Crypto.
You can use @protonmail

19. Always do test transactions

Send a little bit first and verify that it goes through to the correct address.Even @VitalikButerin does it.

20. Make sure you send the transaction to the right address

Don't be lazy and verify just the last 4 digits of the address.Read and verify the whole thing.

21. Be aware of Dust Attacks

If you receive unknown tokens out of nowhere into your wallet, it could be a dust attack.
There could be malicious code in the smart contracts.
Don't move it.Don't touch it.

22. Revoke Contracts

A protocol gets exploited. You're vulnerable.
At that point, you should end the contract.You can use apps like @zapper_fi or @Rabby_io to revoke contracts or go to ecosystem scanners.For ETH, use @Etherscan
For AVAX, use @SnowTraceHQ

23. Don't blindly connect your wallet to websites

- Always make sure you're on the official website.
- Don't connect unless you have a specific reason to.
- Disconnect once you're done.

24. Watch out for Social Engineering

Two Popular ways:
- Fake YouTube Live Streams
- Fake Customer Support

Companies to Watch:

@ledger

@QubesOS

@Tails_live

@littlesnitch

@protonmail

@zapper_fi

@Rabby_io

@Etherscan

@SnowTraceHQ

Key takeaway:

You will never be too careful with your money management!

Learn more about funds protection in web3.

Sources

Community Highlight

Join the Smoothie Newsletter

This is a special newsletter. Every week, we deconstruct the best crypto trends and share those insights with you.

Thanks for subscribing

We will send you an email shortly
Oops! Something went wrong while submitting the form.