Crypto security is a hot topic as scammers around the world took home a record $14 billion in cryptocurrency in 2021, thanks in large part to the rise of DeFi. Between 2020 and 2021, losses from crypto-related crime rose 79%, and theft increased 516% to $3.2 billion – CNBC.
When we think about the topic of security, we can consider the following:
Two main ways to loose your money/investment.
For the information below, we’ll stay focused on Web 3 wallets, which require you to connect them to a decentralized application to perform an action, like buying or selling an asset eg. Connecting your Meta Mask wallet to Opensea to buy an NFT.
Any time you connect your wallet to an exchange, market place, application, or website you are giving the company access to see what is in your wallet. This isn’t necessarily bad, however, if someone has the ability to sign a transaction, you’re in trouble. A signature = an approval/authorization to transfer funds out of your wallet.
Now, you might be asking yourself, ‘how does someone obtain the ability to sign transactions on a wallet?’…the answer – through a password or by knowing your ‘Seed Phrase’, which grants the holder of this information the ability to restore the wallet on another device.
In web 3, our wallets are decentralized, meaning, there is no central authority to help you if someone hacks you. You are the custodian of your assets, and while this is incredibly powerful, with great power, comes great responsibility! Transactions can’t be reversed and once your assets are gone, they are typically gone forever.
Note: when you use centralized exchanges (coinbase, kraken, gemini) you are placing all of your trust in that exchange to hold your funds – this is akin to a bank holding your money. Exchanges can get hacked (and they have), however, when this happens, they’ll typically intervene where possible, and sometimes, offer refunds. You might be thinking that centralized exchanges are a safer bet compared to decentralized wallets, however, there are many cases where exchanges have been hacked, and unable to provide their users with refunds. Mt Gox (2011) was the biggest, and since then, there have been several more that are significant – see The 10 Biggest Crypto Exchange Hacks In History
At Clutch, we’re strong advocates of decentralized wallets, where you are the custodian of your own assets.
Another common way people get ‘scammed’ is when they invest in a bad project that never had any intention to build a project, but rather run off with investor money. In crypto, this is referred to as a ‘rug’ or ‘rug pull’.
When you invest in crypto projects, you’ll typically enter when the company is at one of the following stages:
It can be hard knowing what a good project looks like, especially when businesses come in different shapes and sizes, and at different stages. To help you out, we’ve made a checklist of questions that can be asked/considered when looking into projects.
Your seed phrase is a string of words that are generated from a cryptocurrency wallet provider at the time of establishment – this string of words is basically like the master password; It can be used to restore your wallet if you forget your standard password.
Like a standard password, your wallet password is used to login to your wallet.
Seed phrase and password management is important, especially in the context of wills. Ensure you have an adequate process around how this information is stored, and who has access to it.
When it comes to storing and transacting with crypto assets, users will have to choose between web 3 wallets (decentralized) or exchanges (centralized).
Note: It’s common to use both.
Exchanges are great at:
Wallets are great at:
Both solutions have:
The most important thing to note:
Exchanges do not give you autonomy over your crypto which is why people often opt to keep their investments in DeFi wallets where you are the full custodian of your assets.
When deciding the type of wallet to use, consider the following:
Scammers are becoming more sophisticated so it’s important to understand what scammy behavior looks like.
Activities to look out for:
A smart contract audit is an extensive methodical examination and analysis of a smart contract’s code that is used to interact with a cryptocurrency or blockchain. This process is conducted to discover errors, issues and security vulnerabilities in the code in order to suggest improvements and ways to fix them.
A rug pull is a malicious maneuver in the cryptocurrency industry where crypto developers abandon a project and run away with investor funds. Rug pulls thrive on decentralized exchanges because these types of exchanges allow users to list tokens for free and without audit, unlike in centralized cryptocurrency exchanges.
“Smart contracts are simply programs stored on a blockchain that run when predetermined conditions are met. They typically are used to automate the execution of an agreement so that all participants can be immediately certain of the outcome, without any intermediary’s involvement or time loss. They can also automate a workflow, triggering the next action when conditions are met.”