Security in Web3: Best Safety Practices in the Crypto Space

Web3 (less commonly referred to as Web 3.0) has drawn a lot of attention in recent years due to the rise in the popularity of cryptocurrencies. To some, Web3 is the future, the next big thing, a get-rich-quick solution, the revolutionary technology that is taking power away from big corporations and putting them in the hands of users and creators. In a sense, Web3 is the breaker of chains (yes, this is a Game of Thrones reference). 

But to some, Web3 is a sham, a figment of imagination, an exaggeration, a new shiny object that the tech ecosystem is temporarily obsessed with. 

Whichever side of the divide you are on, it's hard to ignore the contributions (crypto, NFTs, play-to-earn games, artificial intelligence tools, etc) of Web3 to our current zeitgeist, even though it's still an emerging technology and riddled with obscurity. 

However, just like Web 1.0 and 2.0 have their own complications and unintended consequences, the same is gradually being identified in Web3, particularly in the Crypto space. 

First, a definition of terms.

What is Web3?

Depends on who you ask. If you asked different people who worked in the Web3 space, they'll probably give varying answers, as there is no universally accepted definition of what Web3 is.

Web3 has been defined as idea for the third generation of the internet currently being built, which incorporates concepts such as decentralization, blockchain technologies, machine learning, and trustless economic mechanisms i.e token-based economics. 

You get the point. 

Is Web3 secure?

While decentralization and individual ownership are the core principles of Web3, it's not completely a euphoric picture. Blockchain technology, which is what many cryptocurrencies are built on, is quite secure as each new block of information connects to all the previous blocks in a way that it's nearly impossible to tamper with, even by the government.

However, a  lack of centralised control combined with an influx of funding from venture capitalists like Y Combinator, The Spartan Group, etc. makes web3 the perfect breeding ground for scammers and mischievous entities. While Web3 is about giving power back to the people, power in the wrong hands can be dangerous.

If you're familiar with the crypto space, then you've probably heard the phrase: you've been rugged, at least once, which literally means: you've had the rug pulled out from under you. It is used to describe a person who has unknowingly fallen for a scam. 

However, it's not all bleak as there are innovators working tirelessly to make the crypto space safer. For example, there are now tools that can detect suspicious domains or security issues around smart contracts. 

The best safety practice is perhaps, knowledge. Being able to identify suspicious activity or manipulation risks can save you your hard-earned money. 

What are some of the most common attack vectors in crypto? 

51% attacks: These occur when an unethical group of miners or an entity controls more than 50% of the blockchain’s hashing power and then hijacks it. 51% attacks are probably the most expensive and tedious method to compromise a blockchain. They have been largely successful with smaller networks that require lower hashing power to overcome the majority of nodes. For instance, large networks like Bitcoin or Ethereum will be practically impossible to compromise this way. This is because the attacker(s) or entities will have to spend billions of dollars to gain access to the majority of the nodes. A good way to prevent being prey to 51% attacks is to do research about the entities or miners that hold stakes in a network, before investing in it. Another way is to decide to only invest in large or private networks. 

Phishing attacks: This is a common tactic used by hackers.  Phishing is a scam wherein cyber-criminals send convincing messages (via text, emails, DMs etc) to wallet owners, in order to gain access to sensitive or confidential information such as personally identifiable information, banking and credit card details, and passwords, so they can empty out their wallets. It is a social-engineering tactic that involves posing as a legitimate institution or individual to trick individuals into divulging sensitive information. Some phishing schemes are incredibly intricate and can look completely innocuous. A useful way to avoid phishing scams is to avoid clicking on unverified links or attachments. Also, if the offer looks too good to be true, it probably is.‍

Malware and Crypto-jacking: Crypto malware often refers to a type of malware that aims to mine cryptocurrencies on a victim’s computer without detection. Malware can be hidden in an email attachment or in legitimate software, that when installed, embeds malicious code into your applications and programs. A crypto-malware can also be installed through a compromised website or app, without an individual even downloading anything from the site. They are designed to stay hidden in the victim’s system and often go undetected for years because they are usually stored in the individual's browser and not on the device.

Giveaway scams: This is yet another common scam in the crypto space. Individuals are usually lured to depositing crypto to a particular account with the promise that they will receive more money than they initially deposited. The more bad actors are able to pose as credible individuals or organisations, the more likely people will believe the giveaway is real and fork over their digital assets. For example, in 2021, due to a fake Elon Musk giveaway scam, one individual lost £400,000. The good thing about crypto giveaway scams is that they all pretty much use the same playbook, so they're easier to spot once you know what to look for. It is common for individuals or institutions to give away certain amounts of crypto, however, legitimate giveaways will almost never require you to send crypto to a particular wallet before you can benefit from it.

Best Safety Practices Crypto

Since there are no central bodies you can report to or ways of finding the true identities of individuals in the web3, due to its decentralization and the anonymity it guarantees, the onus is on individuals to take responsibility for their safety and protect themselves as much as is humanly possible. Here are a few ways to avoid falling prey to scams/attacks:

Guard your personal information and Secure your wallet

This is the number one commandment. Your crypto wallet is the most important component you own as you navigate the crypto space. It contains your private and public keys, which give you access to your assets and allows you to interact with other wallets in the crypto ecosystem. 

Losing your private keys means you lose your entire crypto asset- even if no one steals it from you, thus it should be guarded dutifully.

You can secure your wallet by never sharing your seed phrases with anyone and storing the seed phrase offline, instead of online. Practising good password hygiene and guarding your personal information is also important to prevent identity theft and minimise the cost of attacks. 

Invest In a Cold Storage

Also called hardware wallets, cold storages are secure hardware devices on which you can store your assets, thus adding an extra layer of security to your portfolio. Initiating transactions using a hardware wallet will protect you from most online attacks. Research different types of hardware wallets to find the one most suited for you. 

Do your own research (DYOR)

Do the hard work of doing your own research. DYOR is a common phrase in crypto communities. Many cybersecurity incidents would have been avoided if people did thorough research before investing. Avoid FOMO and only invest in crypto projects you actually believe in. 

Tread Carefully and Beware of Malicious Actors

Another way to put this is to say, look before you leap. Scruitinise the information you come across carefully to avoid falling prey to hacks or scams. Avoid accepting or interacting with unknown tokens as this can lead to the installation of malware that will steal your entire crypto assets. Do not open files or links from strangers or unverified sources. If the email or DM seems too good to be true, it probably is. 

Conclusion

The world of Web3 is filled with opportunities. However because it is a developing technology, it gives room for obscurity, which is a breeding ground for scammers and hackers. As individuals navigate the Web3 space, the responsibility of protecting themselves and their assets rests heavily on their shoulders.