SOME HELPFUL RESOURCES & INFO IF YOU’RE NEW TO WEB3
LINK // WHAT IS THE BLOCKCHAIN
LINK // WHAT IS AN NFT
SAFETY GUIDE
(courtesy of my social token partners at Roll)
Whether you’re new or experienced to the NFT and/or crypto space, please take some time to read through our community made safety guide below. This has been created by the community to help guide those that are new to the space. This guide is not exhaustive so always DYOR (do your own research) into further safety and security.
Why should we be concerned with developing good safety habits?
- It is important to understand that in the NFT and Crypto space you now inhabit you are your own bank and are the sole custodian of your assets. Developing good safety habits early is crucial to safely navigate the burgeoning Web3 ecosystem.
- As in any other area of the internet, or within financial systems, there is always a potential for harm in the form of stolen liquidity, assets and/or information. Being responsible members of a community also means taking responsibility not only for ourselves but that we also work to reduce the potential for harm within our community wherever possible. The purpose of this basic information is to empower all members to help prevent any future theft or loss.
How can we reduce the potential for harm?
- There are a few simple things we can do to avoid having our money or assets stolen.
When using Discord
- Turn off Server Direct Messages (DM) - do this now! Go to server Privacy Setting > turn OFF direct messages from members. That way, you have to first be added as a friend before you can be DM’ed. You can always turn on DM’s temporarily when there is a need to DM someone.
Some examples of scams that happen over DM’s are:
- Asking users to join new NFT projects for giveaways
- Pretending to be team members, administrators, or moderators
- Impersonating a server bot like MEE6 or CarlBot or CollabLand and asking you to connect your wallet and enter your password or seed phrase.
- Turn ON two factor authentication (2FA) - do this now! Go to User Settings and enable 2FA. This adds an extra layer of security to your account. One time passcode apps such as Google Authenticator are a good way to enable this function. SMS passcodes work well but may provide another attack vector if your phone is compromised.
- Do NOT click any links. These links can be phishing attempts (scams) and if interacted with, have the potential to steal information or fool you into ‘buying’ fake products.
- Buy a hardware wallet. This is one of, if not the most important things we can do to secure our private keys and therefore our NFT’s and crypto from potential threats. Ledger and Trezor hardware wallets are widely considered to be the clear top two choices on the market and you can’t go wrong either way. It’s recommended to buy directly from the official website of the company, but it’s also possible to buy from local ‘authorised resellers’. However, if you choose to buy from an authorised reseller, make sure to check your device for authenticity upon arrival as scammers have gone as far as selling compromised wallets to steal people’s assets. It is not recommended to purchase from other online vendors such as Amazon as there is always the potential for a compromised hardware wallet being sent to you.
- NEVER give out your seed phrase to anyone. Regardless of the type of wallet you choose to use, you will be given a seed phrase, which is usually a 12 or 24 sequence of words, that can be used to import your accounts into other applications, and to recover your accounts if a hardware device is lost or stolen or if you forget your password.
- Write down the seed phrase and put it in a secure location. Do not take photos of it, or store this information on your phone or computer. If your seed phrase is lost then you won’t be able to recover your assets.
- Make sure every website you visit is legitimate. This is most important whenever you intend to transact eg. buy/sell/trade/swap using a wallet. You can check this by double clicking on the search bar to see if there is a https:// at the front of the address. There should also be a small lock icon like this to the left of search bar that if you click will show if the connection is secure and some other site information.
When using Metamask
- Disconnect your wallet from any decentralised apps (DAPPS). It is a good practice to disconnect your wallet from connected sites regularly. As an example; you may have minted an NFT from a trustworthy project and website, but if they are ever compromised after the fact, if your wallet is still connected to that website, it could put your assets at risk. Instructions for disconnecting your MetaMask wallet: Within MetaMask Account view, click on the 3 dots button on the top right-hand corner and disconnect from the connected sites by clicking on the trash can icon.
- Lock your wallet immediately after you have finished transacting. Do this BEFORE leaving the page you are on or switching off your computer to help prevent your assets from being vulnerable to theft. To do this: click on My Accounts button next to ‘Ethereum Mainnet’ > click ‘Lock’. Locking your accounts works on every website simultaneously so you can be safe while browsing other sites.
- Never sign a transaction that you are not 100% sure of. If it sounds too good to be true, it most likely is.
- Be careful when buying bundles of NFT’s. If you are buying more than one nft as a bundle to save gas, always double check each individual item. It is a common scam for people to misrepresent the NFT’s or their quantity in the title
- Ignore any NFTs dropped to your account. Don't sell them or transfer them if you don’t recognize the NFT and where it has come from. You can hide NFT’s that you don’t recognize in your wallet as this does not cause any contract interaction.