Your ultimate guide to cryptocurrency safety



Did you know that in 2021 scammers stole over $14 billion from people in the cryptocurrency market? I find it truly disgusting that there are so many wicked people who have a sole intention in life to either defraud or steal from other people. Safety and security as a cryptocurrency investor should be something that you both learn, stay on top of and take extremely seriously. You may only have a few thousand dollars worth of cryptocurrency today, but if you have invested in the right project that could soon be worth hundreds of thousands, if not millions of dollars in the future. As such I have created this ultimate guide to cryptocurrency safety that will open your eyes to the many devious and malicious methods that are currently being used and hopefully make you start to look at this aspect of investing more seriously.


Here's what I'm going to cover:


• Securing your physical devices

• Smart contract risks

• The top scamming tactics in 2022

• Mindsets

• Plus I am going to share tons of examples.


As a cryptocurrency investor this might be the most important article you'll ever read!


Let's start with the basics.


Public & Private Keys


A PUBLIC key can be thought of much like your bank account number. You can send and receive crypto using this address.


Your PRIVATE key is like an ATM Pin to your bank account.


It proves you OWN the account, and it allows you to send transactions.


Never, ever share your PRIVATE key with anyone.


Seed phrases


When you create a wallet for the first time, they'll give you seed phrases.


Save this and NEVER share it.


If someone has access to your seed phrases, you lose your coins forever.


Once again, NEVER share it.



Hardware wallet


Buy a Hardware Wallet


These are physical devices that hold your private keys.


No transactions can happen unless you PHYSICALLY confirm them with your wallet.


Say someone hacks you.


They can't do much because they can't confirm the transactions in person.



Your coins are NOT stored on the hardware device.


Your coins are stored on the public ledger.


Your wallet and Hardware device are the KEYS to get you access to your funds.


So if your Ledger or Trezor device gets lost, you still have access to your funds as long as you have the seed phrases.


Which Wallet Should You Buy?


Both Ledger and Trezor devices are supplied by reputable companies. Trezor was formed in 2012 and Ledger in 2011.


DO NOT buy from Amazon or resellers (they can compromise the device before selling it to you).


If you can afford it, grab the Nano X over the Nano S. More storage and a sleeker interface.



"Ser, how do I use a Hardware Wallet to do DeFi?"


Most hot wallets will allow you to connect with a device. Here's an example from Metamask. These two combined allow you to use DeFi with the security of a hardware wallet.



Ledger's 25th word


Ledger has an advanced feature that lets you create a secret 25th password.


Warning: this is an advanced feature and not necessary for most people. But I wanted to share this with those who don't know.


The Passphrase adds a 25th word of your choosing of max 100 characters to your recovery phrase.


Using a Passphrase will cause an entirely different set of addresses to be created which cannot be accessed via the 24-word recovery phrase alone.


Aside of adding another layer, the Passphrase grants you plausible deniability when under duress.


If using a Passphrase, it’s key to store it securely and remember it perfectly, character for character.


Seed Phrase Storage


Don't let your seed phrases exist in the digital world.


  • Don't store them on Dropbox

  • Don't store them on a USB stick

  • Don't store them on your password manager.


Write your seed phrases down. But not on paper...


Store Seed Phrases on Metal. Most people write their seed phrases on sheets of paper. What happens if there's water or fire damage? Keep your seed phrases on steel. I bought a bunch of these from Amazon. There are cheaper options out there like an engraving pen.



Where to hide your seed phrases? Don't store them in a safe - too obvious. Get creative on where you hide them. I read that someone freezes his Seed Phrases in tomato soups, and stores them at the bottom of his deep freezer. P.s. safety deposit boxes are NOT safe!


Shamir's Secret Sharing


With this method you effectively break your seed phrases into parts and then distribute them to different people/places. To then get access, you need 3 out of 5 (customizable). It's kind of like Lord Voldemort broke his soul into different pieces and put them in the Horcrux.


You could consider using a Cryptosteel Capsule. This is the premier backup tool for autonomous offline storage of valuable data without any third-party involvement. The solid metal device, designed to survive extreme conditions, works under nearly all circumstances.


Secure your Accounts with 2FA


Use Google's Authenticator app. DO NOT use SMS authentication. Hackers can get a duplicate sim card from your phone company. Unfortunately phone companies can be really stupid and they have been known to be duped into believing that the hacker is the rightful owner of the phone thereby giving them the ability to bypass the 2FA. Use the Google Authenticator app ONLY.



Different devices


Transact on a separate device. Consider having a main laptop that you do everything on, then own a separate laptop just for crypto transactions. In case your main laptop gets compromised, all they can steal is your Hentai collection! I'm sure you'll be sad, but at least your coins will be safe.


Operating System


Most people are using Windows, Mac, or Chrome OS. There are operating systems that are designed for privacy and security.


It worth looking at:


Qubes OS

Tails (boum.org)


You can use a Win / Mac as your main device, and use a more secure OS for your Crypto transactions.


Always Use a VPN


VPNs are like the condoms of the internet. NEVER use public WiFi without a VPN. There are a wide variety on the market however one that is secure and trusted is Mullvad VPN


They keep ZERO information about you or anything to identify you.



Install Firewall Software


Think of a Firewall as a "shield" for your internet. Every incoming/outgoing action must be approved or added to the white list.


  • Windows: Win10 has an amazing built-in Firewall

  • Mac: I recommend Little Snitch


Limit Smart Contract Spending


Some smart contracts allow a protocol to spend an INFINITE amount of money. You're effectively giving a blank check to a stranger. You can set limits with the Custom Spending Limit feature.


Pro Tip: for anyone using Metamask to interact with smart contracts - don't set unlimited spend limit when approving transactions. Always click Edit on Permission and customize the spend limit to the amount that you want to send.



Doing so is safer because if a smart contract has unlimited spend limit for one of your tokens, say USDT, it can drain your entire USDT balance if the contract is malicious or has a backdoor. This is not a desirable outcome, so always control what permission you give out.


Do use Etherscan's token approval checker to see which contracts that you have given an unlimited spend limit. Connect your wallet via Web3 and click the Revoke button. I like Etherscan's token revoke function the best amongst all the tools out there.


Fake sites


Watch out for "fake" sites. Once you find the right site, BOOKMARK it in your browser. Use the official website to find the links to the official Discords and Telegrams groups, etc. Common fake sites include:


• Fake protocols

• Fake exchanges

• Fake wallet sites


Not Your Keys Not Your Coins


Keep your funds off Central Exchanges. CEX's get hacked. They can also freeze your account and KYC you to death. You can buy coins from CEX's, but send them to your wallet as soon as possible. Remember....... "Not your keys not your coins!"


Official places can get Hacked


  • Elon Musk's Twitter account was hacked last year. The bad actors did a Bitcoin giveaway scam.

  • Hackers target official Discord groups now.


Don't FOMO into things. Take your time to do your research and try to verify with others first.


Phishing Attacks


Be careful of email phishing attacks. This is the act of sending email that falsely claims to be from a legitimate organisation. Unfortunately crypto related websites are always getting hacked. Bad actors email databases of Crypto users and then send people to scam sites.


Create a new email just for Crypto - Protonmail is worth considering.


Always send a little bit first


Whenever you're sending a transaction, always send a small amount first as a test. Verify that it goes through to the right address. Even Vitalik Butterin sends test transactions.

Do the addresses match?


Some viruses can hijack your Clipboard to insert their own addresses. Whenever you're sending a transaction, make sure it's to the right address. Don't be lazy and verify just the last 4 digits of the address. Read and verify the whole thing.

Dust Attacks


Have you ever received unknown tokens out of nowhere into your wallet? This could be a dust attack. They're trying to trick you into interacting with it. There could be malicious code in the smart contracts.

  • Don't move it.

  • Don't touch it.


Revoke Contracts


A protocol gets exploited. You're vulnerable. At that point, you should end the contract.


You can use apps like Zapper Finance or Rabby to revoke contracts or go to ecosystem scanners.


For ETH, use Etherscan. For AVAX, use SnowTraceHQ


Don't blindly connect your wallet to websites


You don't know what these protocols can do once they have access to your wallet.

  • Always make sure you're on the official website.

  • Don't connect unless you have a specific reason to.

  • Disconnect once you're done.


Social Engineering


You can have the best security in the world, but you can still fall for scams and cons.


Remember...conmen and scammers do this for a LIVING.


Let's look at popular ways of social engineering.


Fake YouTube Live Streams


Scammers will record a REAL stream with prominent people.


They will then upload the replay, and add a fake overlay on top.


Directing people to a scam site in order to get their seed phrases.



Fake Customer Support


Scammers are looking for people who need help on Discord, Telegram, Twitter, Reddit, etc.


They will have fake accounts pretending to help.


They direct people to scam websites that look like the real thing.

Influencer Scams


It's a bear market - rent is due soon for those high-rise condos. Watch out for all the different ways that influencers scam.


"Show me the incentive and I will show you the outcome." - Charlie Munger

Why are influencers sharing their alpha? Ask yourself, "What's in it for them?". This is important so you don't become exit liquidity. I'm going to share with you some of the most common business models out there.


1. Affiliate Deals


Whilst technically not a scam they may promote a product, and they will then get a percentage of every sale made.


Examples:


• Ledger hardware wallets pays a commission. For transparency, the links above for Ledger has my affiliate link and if you use it I will make a nominal fee for any sales made.

• Koinly Tax software pays a commission for each sale.

• The major exchanges (that offer leverage) have lucrative affiliate programs. Did you know that the influencers that push people to leverage trade will actually receive a kick back when people liquidate their accounts?


2. Sponsorships


Companies want eyeballs. They can't advertise Crypto on Google or Facebook right now. There is huge demand and low supply. So they turn to influencers.


3. Premium Content


They're sharing information. Maybe there's MORE information that they're not sharing publicly. This would fall under premium content. It's kind of like how some people on Instagram share free pictures, but you then have to sign up for their OnlyFans to see more.

  • Consulting by the hour. They'll give you advice or do a portfolio review over the phone.

  • Content Upgrade. You have premium substacks or yearly stuff like Delphia Digital / Messari. You get a deeper level of information.

  • Courses. A bunch of videos and content that teach you their methods and systems.

  • Private Communities (Forums / Discords / Telegrams). You get access to a community, their project picks, and maybe some 1 on 1 time with them.

  • Community support like Patreon or donations.

4. Dealflow


Some protocols are looking at influencers for investments. They can provide distribution and hype. Influencers can make their money by getting access to tokens at a price far cheaper than the public does. Retail investor > Influencer > VC is a path.


5. Validators


This is an interesting one that most people don't realize. Influencers push a certain coin and ask you to join their staking pool. They get a percentage of the staking fees. Have you ever noticed how a lot of larger YouTube accounts keep pushing Cardano?

6. Undisclosed Promos


Project X pays them either tokens or cash to promote their project. Influencer talks about how awesome it is but doesn't disclose this. This comes off as a genuine endorsement when it wasn't. It's actually illegal in certain countries to do this.

7. Pump and Dumps


They buy $100k of X coin (low market cap). They talk about how awesome it is. The price pumps by 30%. They dump the coin for an easy $30k profit.


8. Cash Grabs


This could be any number of projects that don't deliver what they promise.

  • A course that's copy and paste info without any value add.

  • An NFT collection that's half-assed.

  • Endorsing and shilling crappy projects for a payday.

And remember that someone can start off with good intentions, but people change. It's easy to turn down $1k promos, but what about $10k offers? Or if the market becomes bearish, but their Lambo lease payments are due.


Remember....they should earn your trust over and over again!


Abusing Credibility


People can easily photoshop images and videos. This is going to become even worse as deep fake technology evolves. Here's a simple photoshop scam using Vitalik Butterin

Don't Talk About Crypto in real life


Inflation is at an all-time high. Crime rates are going up. Talking about Crypto in real life puts a target on your back. It makes your home a target for burglaries.


Don't make Crypto your personality - no one cares.

Trust Must be EARNED


DO NOT blindly trust anyone in this space.

  • Why would someone DM you to help?

  • If someone is making money, why would they help you 1 on 1 for free?

  • If it's too good to be true.....then it is.

Now, this is by no means all of the devious methods used by the scammers. it is a moving target that you have to stay abreast of and just have your wits about you when interacting in the crypto space.


I researched countless stories of different people who have lost their life savings from many of these tactics. Remember that behind every tactic I have shared, are tons of people who got REKT'ed. Learn from their mistakes. It's liberating to have ownership of your assets however you have to put on your big boy (or girl) pants as it is ultimately your responsibility to protect your funds.

IMG_0098 (1).jpg

Hi,
I'm Paul

I am on a mission to help people start a journey to financial freedom. The key to long term success is education and understanding the incredible opportunity that exists right now.

Post Archive