Web 3 Security Tips from Sympathy for the Devils!

Tony



December 19, 2022

Sympathy for the Devils is an ETH NFT Community where the community wallet functions as an investment fund. Holding blue chip NFT investments which are voted on by the entire community. Learn more about them with the links listed below this article! These security tips are courtesy of their team member Dayhzz!

In the event of a major global cyber attack, this article provides tips on securing your blockchain assets such as crypto currencies and NFTs among others. These tips are for all crypto users

Security Tips!

‍Do not click on any links that you get in DMs

I cannot stress this enough - this is the most common scam in the crypto space. People create fake minting websites or fake Opensea websites to lure folks into clicking the link and/or doing transactions on these unsafe websites. If anyone DMs you with a link, it should be an immediate red flag!

Here's an example of a fake Opensea link. Notice the domain is Opensea.fo and not Opensea.io

‍Always keep your wallet in locked mode except when you wish to make a transaction/purchase

Most wallets have a lock feature. When unlocked, it's possible for all tabs in the window to view your address, which may make you vulnerable for several phishing attacks. So, it's best to always keep your wallet in lock mode unless you would like to make a transaction or purchase.

Here's how the Lock button works in Metamask. Click on the Colored Circle on the top right, then click Lock. When you want to use it again, it will ask for your password (but won't ask for seed phrase).

‍Use separate browsers for browsing and your wallet

If you use Chrome for your ethereum wallet, don't open any other links except the ones where you need to use the wallet. For example, use a separate browser for your email, social media, etc. This way even if you do click on a link you should not have, you still have an extra layer of security.

‍Do NOT ever share your private key or seed phrase

No matter what happens, don't share your private key or seed phrase with anyone (except maybe your loved ones at your discretion)! If they have either of these, they can make any withdrawal or transfer as they please. Only your public address can be shared with others, not your private key or seed phrase. Remember, noone will ever ask for it. Not Metamask, nor any project. If someone asks for it, it's 100% a scam!

‍Never EVER share your screen: If someone asks you to share your screen

It's also 100% a scam. Sharing your screen opens you up for a QR code scam where the hacker takes a screenshot of your wallet's private key QR code and then can gain full access to your wallet. I know a lot of people that were scammed this way. Sharing your screen is a big NO!

‍Purchase a hardware wallet if you have a lot of ETH/NFTs

If you have a lot of your wealth (eth or NFTs) in your wallet, purchase a hardware wallet like Ledger or Trezor. Do NOT purchase it from Amazon, eBay or any other website. Purchase it ONLY from the official website!!

‍Never connect or sign on an untrusted website

If an untrusted website is asking you to connect your wallet or sign using your wallet, do NOT go ahead with the connection or sign request. Simply close it without any approvals on your wallet! Using signatures, people can steal your eth or NFTs in your wallet, so beware!!

‍Beware of trading scams

There are lots of scammers on Discord who offer a great trade deal, that looks really good. They ask you to first transfer your NFT to their address and then they promise to do the same. Or they may ask to do the transactions simultaneously as well. Beware of such scams. Either make a deal in eth where they buy your NFT in exchange for some fair value eth and you do the same, or use trusted platforms that enable trading. Do not go ahead with any transactions like that or even through an escrow.

‍Disable DMs from server members

Since most scams are DM scams, it's often best to turn off your DMs from servers you're on.

‍Do not transfer, list, sell, approve or burn your airdropped NFTs

Another seemingly common attack is to airdrop a fake NFT to your wallet and then when you attempt to transfer, list, sell, approve or burn your airdropped NFT, the code of the malicious contract is executed which may wipe out all your assets. Be super careful! The only thing you should do to these NFTs is hide them using the Opensea hide feature!