Your Crypto Bull Run Safety Checkup

The pumping may have taken a break, but this bull market is far from over. With price action excitement comes increased activity and the very real possibility of making a mistake in all the madness.

Fear not! Safety tools have improved dramatically since the last cycle, and so has the industry’s understanding of attack vectors and vulnerabilities.

Here’s a run-down of what to pay attention to for an extra bump of security. Let’s dive in! 👇

Editor's Note: We reached out to Webacy's Maika Isogawa to write up this excellent guest post on staying safe in Web3. We had full editorial oversight over this finished article, and we're psyched to publish it! This is not sponsored content!

🛀 Wallet Hygiene

Wallet hygiene is critical to safeguarding your on-chain assets… but what is it?

Typically, wallet hygiene is about having good habits around keeping separate wallets for separate purposes. Your high-value NFTs and large token holdings should be held in a wallet that’s more secure than a wallet you use for shitcoin trading. 

However, there are cases where it’s tempting to place your higher-value assets in a risky situation, such as when you need to verify ownership of an asset to join a community, or utilize a big wallet’s characteristics for an airdrop payout. 

delegate.cash (delegate.xyz) is one popular option for delegation, which is the process of extending powers of one wallet to another, ultimately keeping your assets in a more secure state. 

Beyond delegation, regular cleanup and check-ins of your cold wallets, hot wallets, browser wallets, and hardware wallets are all part of a solid crypto hygiene regimen. 

🖥️ Monitoring

How do you know what’s going on in your wallets?

As users, when we actively make trades, swaps, and sends, we’re aware of the changes occurring in our wallet - but you’d be surprised to find out how much happens that we’re unaware of on-chain. 

Some activity may be benign, like spam NFTs being sent to your address, but occasionally, unknown activity can be cause for concern. Regular monitoring of the state of your wallet is a large part of keeping your assets safe long-term.  Companies like Webacy (Hi 👋 I'm the CEO!) make monitoring easy by sending an SMS or email in real-time as activity occurs in and around your wallets. 

🙇‍♂️ Pre-Transaction Research

We’ve all been there. You see everyone making money on some token that’s pumped 1000% overnight and want in on the action. You see a link and click it. Your browser wallet pops up and prompts you to connect and then …. that’s where so many mistakes happen. 

In the heat of the moment it can be difficult to pause and assess the safety of the transaction you’re about to sign. Oftentimes the transaction itself is difficult to interpret or even malicious. 

There are a host of browser extension tools that help users assess transactions before they happen including Pocket Universe, Fire, and Wallet Guard.

Lately, wallets have been taking more responsibility in user safety by integrating additional security features into the wallet themselves. Phantom Wallet has an excellent UI that displays the change in wallet state that will occur post-transaction, making it easy for the user to make informed decisions. Other wallets are experimenting with their own security enhancements, which has been met with mixed reviews. 

If possible, you’d want to be able to assess the team behind a project, the contract itself, as well as the historical success of the project before ape-ing in.

✅ Approval Review

When you transact on-chain, you often need to grant permission to other addresses to spend your token and NFTs. These allowances are called “Approvals.” These allowances are often necessary, but can sometimes be overreaching, or even malicious.

If you’ve been using a wallet for a while, or are simply very active, you should be checking your open approvals regularly. While tools like revoke.cash or etherscan’s token approval services are great, they don’t provide users with which approvals are good vs bad. Our Revoke functionality provides both native revoke functionality, as well as a risk assessment of which open approvals are potentially dangerous to your wallet. 

🔒 Web2 Security

We can’t forget that traditional OpSec is fundamental to the overall security of our crypto assets. Everything uses the internet after all. 

The common culprits highlighted here have been the cause of too many users falling victim to hacks and scams. Take a moment to check your systems – don’t be the next twitter thread. 

• SMS 2FA is no longer reliable. Sim swapping has been a major narrative in crypto security as well as a playbook for hackers to follow. Remove your phone number from the 2FA options across every account that enables anything else. 
• Password managers and cloud-based storage providers are not a safe haven for your logins or seed phrases. Exposure of these through hacks, or even data breaches of the company itself leave you at risk.
• Bookmark your most commonly visited crypto sites to avoid phishing link scams. 
• Turn your Discord DMs off.

The list goes on, but following these few steps alone will make sure you’re not an easy victim to target. 

🤝 Use Projects That Care About User Security

A final note to mention is to choose companies and projects that care about user security. Now that there are turnkey solutions out there, such as Embedded Security APIs, projects have no excuse not to put extra protections in place for their end-users. 

Self-custody means that more responsibility falls on the user to protect themselves, but self-security is only part of the equation. Project owners also have a responsibility to leverage newly developed risk mitigation tools to protect their end-users, and ultimately protect the health of the company. 

Companies like Mintify are taking active steps to integrate security measures directly into their platforms – a clear sign that they care about the safety of their end-users.

Distributed Safety Means a Safer Web3

Decentralization – a buzzword in blockchain and a fundamental pillar of what makes crypto so great. It must also be applied to safety and security. If data and ownership are no longer controlled by a central entity within a walled garden, security of that data and ownership aren’t either. 

As control shifts to users and the network of companies that build for them, risk mitigation and safety becomes a category that's collectively improved to serve the new challenges and use cases that arise. 

Let’s work together to build a safer crypto ecosystem for everyone. 

About the author: Maika Isogawa is the CEO of Webacy. Webacy enables a safer Web3 world through a consumer-direct Safety Suite and embeddable APIs. Maika is a former Cirque Du Soleil acrobat and Cybersecurity Engineer at Microsoft.