Secure Yourself in Web3

Originally published on The Voyage newsletter on January 26, 2022.

Secure Yourself in Web3

I thought to myself, “What a fucking Ponzi scheme!”

Four years later, I was doing the same. I had that same deranged spark in my eyes. I was spending every moment I could scrolling through Reddit and Telegram chats, reading about the technology, soaking in the conspiracies, and engaging in passionate discussions with others who were into it.

As the saying goes, every generation rejects the previous generations’ Ponzi scheme.

In the 1970s, the US dollar was decoupled from gold — a rejection of the previous scheme.

Before that, central banks and government-issued currencies were formed in rejection of the financial structures before.

We’re in accelerated times and we’re just seeing it happen more frequently.

Let’s say you buy my spiel or you’re already getting involved with the space. I’m going to save you some headaches by sharing what I’ve learned about security in the web3/ crypto space.

You are your own security

In Web3, you are your own security

If you lose your account access, there’s no place to turn. If you are scammed by a fraudster, there’s little to be done about it.

But security isn’t only password security or some type of unbreakable cyber-security system, it also requires exercising some judgment. There’s a popular meme in the crypto space called the $5 wrench attack illustrated below.

In Web3 your data is open and exposed for anyone to see. Today there are hundreds of companies emerging onto the scene that mining the public data on blockchains.

Transactions can be traced easily from account to account. When you start getting involved in the Web3 community, you’ll be asked provide some details on who you are. Usually your name, email, and social media accounts. In some cases, the information is then linked to your public address and openly accessible. Once you share those details anyone can trace your personal identity and link it to your crypto holdings and activities.

I expect, at some point, we will see better solutions that balance public exposure with privacy, but for now, this is what the community offers.

For most of us today, that’s a manageable risk, but not for everyone.

As you scale and grow influence and accumulate financial value in the space it becomes a greater concern since the assets in your account are fully transparent.

Here are some considerations to secure your participation.

Password Manager

A password manager is a great way to create hard-to-hack unique passwords for each account without having to remember each one. My go-to password manager is 1Password. It syncs with all of your devices and web-browsers. You can use biometric authentication on your cell phone or laptop as well to login to websites through 1Password.

LastPass is another often recommended password manager.

Multi-factor authentication

VPN

I’ve heard stories of people instantly losing all of their cryptocurrency through a one-time transaction executed on a public network. I’ve been using NordVPN for over three years and I’m happy with it. ExpressVPN is another I’ve heard recommended from trusted sources.

Don’t get one of those free VPNs, who knows what they are doing with your data.

Another thing to keep in mind with VPNs is that they don’t protect you from malicious links. When you go to a website, you are opening a direct connection with them. The VPN disguises you, but the VPN has no impact on the information passed through that connection.

Browsers

I’ve recently switched to Brave and I’m happy with it. Everything that works on Google Chrome works on Brave, so the transition is a low lift for many. Brave doesn’t allow websites to track your activity from site to site. It also blocks ads and is faster than any browser I’ve used before.

Firefox is another solid browser. Mozilla has always stood strong in its mission for privacy. They don’t block ads or limit tracking to the same extent Brave does, but there are plug-ins for ad-blocking.

Safari is probably okay since Apple has always stood in their same mission of keeping your data within the Apple ecosystem, but it wouldn’t be at the top of my list.

Don’t click suspicious links!

You’ll eventually start getting emails or messages on Discord for ‘life-changing’ opportunities. Approach with caution.

Secondary email address

Wallets, keys, and accounts

The Exchange

The exchange is where cash is exchanged for crypto. Some of the standard exchanges are Coinbase, Gemini, and Binance. There are many more with new ones launching all the time.

Protecting your exchange account is just the same as any Web2 account — strong secure password, multi-factor authentication (MFA), etc.

Wallets

If you lose your key, there is no recovery. A wallet typically provides you with a set of words, usually between 12–24 words. Your job is to secure the words in the exact order and spelling you receive them.

Many people recommend writing down the seed, securing the paper copy, and never storing it digitally. Others are comfortable saving it in their password manager or some form of digital security vault.

There are pros and cons to each, I’ve included links to some different perspectives at the bottom so you can weigh in different trade-offs.

The Cold Wallet

Your cold wallet should be used sparingly. I would recommend storing the majority of your crypto there and never using it to log in to websites.

If you decide to buy a Ledger, do it directly from their website and not a second-hand source. If the device has been tampered with, your whole security is already compromised.

The Hot Wallet

Some popular ones include Metamask for Ethereum, Phantom for Solana, and Kukai for Tezos.

I recommend not holding too much of your assets in the hot wallet. Send NFTs to the cold wallet if they all of sudden explode in value. But if you want to sell, do it through your hot wallet.

Additional Resources

General Web3 security

Crypto security can be a pain, but a few safeguards will go a long way

4 Key Cryptocurrency Security Measures: Are You Following Them?

Best practices to storing your seed phrase

Best ways to keep your recovery phase secure

7 secrete places to securely store your recovery seed phrase

Ways to store your seed phrase securely

This post was created with Typeshare

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Hassan Karimi

UX/ product former architectural designer writing about building a creative practice in modern times