A Beginner's Guide to Fighting Crypto Scams: 10 Steps to Better Security

Source: Bankless
Compiled by: BitpushNews Tracy
Use these 10 basic security tips to protect your cryptocurrency from threats like phishing scams:
Dear fans, with digital thieves rampant at an unprecedented rate, it is vital to remain vigilant against potential threats.
Today, we’ve got you covered with a beginner’s guide on how to fortify yourself against threats like phishing scams. Let’s dive into 10 simple steps to ensure your assets remain safe and your journey into the cryptocurrency world remains unhindered.
Phishing scams impersonating unbanked individuals are increasing day by day.
Ultimately, a successful phishing attack depends on three main factors:
A fake opportunity that looks real enough (usually a purported airdrop claim site or NFT minting page); The phishing attacker successfully convinces the victim to sign a malicious transaction for the fake opportunity; The victim has valuable tokens approved in a hacked wallet that the attacker can exploit through a malicious transaction.
With a good promotion and website, any of us could be deceived at first.
Fortunately, there are a number of practices and resources we can employ to eliminate the possibility of signing a malicious transaction, or effectively minimize its impact.
Here are 10 important steps to strengthen your cryptocurrency defenses in 2023:
1. Create a vault
Strategy: Create a multi-signature wallet for your long-term crypto holdings!
Recommended tool: Safe Wallet
A multi-signature wallet, often referred to as a “vault,” is like a cryptocurrency version of secure bank storage. It provides greater security for your cryptocurrency by requiring multiple private keys (i.e., wallets) to authorize any transaction.
Therefore, a multi-signature wallet acts like a digital fortress, and even if one of your keys is compromised, your long-term holdings will remain safe.
Today, one of the easiest ways to create a multi-signature wallet is to create a Safe account. You can add any address you want as a signer, but starting with a 2-of-3 multi-signature is straightforward. Also, consider using a hardware wallet like Ledger as one of your signers for an added layer of security!
2. Create a risk wallet
Strategy: Create a risk wallet dedicated to daily activities!
Recommended tool: Delegate
Never use your vault for regular cryptocurrency activities such as airdrop claims or NFT minting. For these activities, set up a separate dedicated wallet and only top up currencies such as ETH when needed.
What’s the idea? A wallet you actively use shouldn’t be filled with all of your on-chain savings. You can also consider using a service like Delegate to delegate permissions for your vault wallet to a risk wallet without moving or jeopardizing any assets, for example if you want to participate in an allowlist minting and the NFTs in your vault qualify.
This way, even if you accidentally sign a bad deal on your risk wallet, your long-term savings will not be affected.
3. Use the transaction preview tool
Strategy: Download a trade preview tool to alert yourself to malicious trade attempts!
Recommended tools: Fire, Pocket Universe, Stelo
Wait a minute?! I don’t really want to transfer 60,000 USDC and all my NFTs to this random address?!? This is exactly what the preview tool helps you visualize before you approve any transaction.
These tools are free browser extensions you can download that will provide a pop-up explaining any proposed trades. These extensions are a great defense against phishing incidents, so make sure you run one of these on all your trades!
4. Review your token authorization
Strategy: Revoke your authorization for unlimited token spending!
Recommended tool: Revoke.cash
Many Ethereum-based applications, such as DeFi, will ask you to approve “unlimited” token spends so that you don’t have to constantly re-approve the use of your funds on these applications.
The problem is, if your wallet is compromised and there are a lot of ongoing grants of unlimited tokens, the attacker can empty it of all the assets.
Therefore, you should monitor your pending authorizations regularly and revoke or minimize unlimited authorizations when possible. The revoke.cash platform makes editing your authorizations a breeze, so don't ignore it.
5. Pre-experimental research
Strategy: Research the projects you’re interested in before you take the plunge!
Recommended websites: DeFiLlama (current resources), CryptoWiki (historical information)
When it comes to cryptocurrency, never act blindly, always do your homework!
For example, recently I was exploring the Ajna protocol, a newer governance-free DeFi lending protocol. I went straight to its documentation, FAQ, whitepaper, etc. to be able to start understanding it and assess its nuances and risk profile.
Due diligence is important: take the time to understand the basics before diving into anything. Don’t irresponsibly put yourself in a risky position by blindly imitating others. If you can’t find good documentation and similar educational resources for a project, that can be a big red flag.
6. Monitor your positions
Strategy: Monitor your crypto assets with a portfolio tracker!
Recommended tools: DeBank, MetaMask Portfolio, Zapper, Zerion
In the cryptocurrency world, keeping close tabs on your assets is essential, and portfolio tracking tools are your best ally in this regard. They provide an overview of your holdings across multiple wallets and platforms, allowing you to monitor your crypto assets in real time.
Remember, understanding your positions is not just about focusing on returns, it is also an important part of risk management. By regularly monitoring your assets, you can detect unusual activity that may indicate a security breach and potentially take action to protect your remaining assets.
7. Get the latest ecosystem news
Strategy: Stay up to date on cryptocurrency news, like the recent hack!
Recommended resources: Bankless, DeFiLlama Roundup
Sometimes attacks on projects such as DeFi protocols may directly or indirectly affect your crypto assets. In order to understand the potential consequences in advance, it is crucial to stay informed.
You don’t have to do all the work yourself, though. For example, Bankless broke down Curve’s reentrancy attack in detail via a Twitter thread just hours after the attack began. We always strive to keep you informed, but there are many other great resources to reference in this regard, such as DeFiLlama’s news aggregation chatroom on Telegram.
8. Lock in your web2 life
Strategy: Protect your Web2 activities with good operational security practices!
Recommended resource: Officer's Blog
Even outside of Web3, don’t give attackers any chance.
Criminals can hack into your email or social accounts to try to trick others who trust you into clicking on fraudulent websites. Don't let them succeed! According to security researcher officercia.eth, strong operational security fundamentals include:
Use a secure email provider like ProtonMail Use different strong passwords and don’t reuse them in multiple places Don’t link your phone number to encrypted platforms Use 2FA to back up your accounts, but don’t use SMS-based 2FA Ask your phone carrier to lock your phone’s SIM card Use up-to-date antivirus software 9. Create an escape hatch
Strategy: Create an asset evacuation strategy for the worst-case scenario!
Recommended tools: Webacy, Spotter
Even with all of the tools and practices mentioned above, it’s still important to consider preparing for the worst-case scenario.
To this end, Web3 is a platform that provides Web3 security services, which allows you to create a custom backup wallet + panic button system; if you are attacked or just feel uneasy, you can use the platform’s “Panic” function to transfer all or any remaining assets to a pre-designated backup wallet.
For more advanced users, there are other monitoring and protection services like Spotter, which is designed to help you detect and escape on-chain attacks in milliseconds rather than minutes.
10. Sound the alarm
Strategy: If you encounter a phishing scam, sound the alarm quickly!
Recommended Resource: CryptoScamDB
If you see a problem, speak up!
If you do come across a crypto phishing scam attempt, sound the alarm so others can be alerted. This could be a quick PSA message in your favorite group chat, a post on social media, or a report to a scam database like CryptoScamDB. The 30 seconds you spend could help save someone else’s cryptocurrency!