ZORA ZINE

Safeguarding the Movement

Wallet security means sharpening our senses

written byZora
Posted On18 Nov 2021
Safeguarding the Movement

Diving into the world of decentralization and crypto is meant to be thrilling: we're challenging our previous notions of ownership, finance, and culture; that means navigating Web3 can also feel like traversing the Wild West.

Scammers are co-opting the movement, preying on the many newcomers in the crypto space, and employing a litany of tactics to plunder your funds.

You can expect common targets to be your:

  • Crypto Wallet
  • Exchange Account
  • Email
  • Social Media Accounts
  • Phone Number

As a result, we've jotted down some essential morsels of info for artists and creators like you—the bedrock of ZORA—to absorb and stay safe.

NEVER Share Your Seed Phrase

Whenever you generate a cryptocurrency wallet, you’ll be provided a unique list of words to keep in a secure spot: this is a seed phrase. It enables you to recover a wallet if your device is ever lost or stolen. Scammers can elicit this through a variety of clever tactics, like creating clones of MetaMask, otherwise known as 'spoofing', and be nearly impossible to detect. Your wallet or a website will NEVER request your seed phrase without your initiation. If it does, it’s a scam; once they have access to it, they have full rein to raid all of your wallet’s assets.

Example of scammers trying to exact your private 12-word recovery phrase

Consider a Hardware Wallet (Cold Storage)

If your expedition in crypto has yielded a healthy sum, we strongly recommend getting a hardware wallet. While we salute our partners at MetaMask, storing vast amounts on a chrome extension on your computer can leave you vulnerable to malicious software. So if you’re holding over $5K on your MetaMask, the hardware wallet is the prophylaxis between your computer and your crypto.

The two most commonly trusted hardware wallets are:

Trezor Hardware Wallet

Enable Two-Factor Authentication (2FA)

Sometimes, wielding a secure password isn't enough to stave off the hordes of malicious actors, highwaymen, and bots to your share of your pie. 2FA provides an extra layer of security by asking a prompt when logging in. Make sure to set up 2FA with Google Authenticator, NOT your phone number (SMS).

Flex Your Skeptic Muscles: Who’s actually reaching out to me?

The age-old tale of a wolf in sheep's clothing: scammers can moonlight as a branch of a support organization or a service you already use, so if you receive an email or DM on platforms like Twitter, Discord, or Telegram, be sure to double-check that the email and/or link is exactly as the original website. If anyone asks for personal information, your seed phrase, or money: disengage and block. Authentic representatives will never randomly reach out. Let's look out for each other.

An ENS scam account—notice the Twitter @ has added one extra "n"

Fake MetaMask Twitter support

Employ a Password Manager

If you're like your uncle in the Boomerverse, you probably have the same password for every platform you enjoy. If that one password is compromised, you're in for a world of trouble. The only leak we'd want for you is some alpha. Password Managers are a bulwark to leaks because they generate and store random, secure passwords. This ensures you'll never have to use a password twice or memorize them by heart.

Recommended password managers include:

No Phishy Links: Bookmark Your Websites

Bookmarking your websites ensures their authenticity. In the age of clickbait, we may see ourselves on "Zoora.co" instead of Zora.co, or "Conbase.com" instead of Coinbase.com. Always take the time to confirm you’re on the correct website. The devil is in the details, folks.

Scam ENS Airdrop—notice the incorrect ENS URL

Tone Down the Public Crypto Posting

We encourage everyone to engage in crypto discourse and bridge the gaps in the metaverse. However, gloating about how much you have is never bright. After all, every transaction that occurs on the blockchain is public, so if you post an address, it’s there for all to see. Don’t draw extra attention to yourself and become a potential target.



ZoraText By
Zora

Related

Fractional and the Instilled Emotion of NFTs

Andy Chorlian's permissionless protocol facilitates ownership, champions accessibility, and underscores NFTs' capacity to evoke emotion

Zora30 Nov 2021

Eric Hu Will Not Take Web3 For Granted

The "Monarchs" co-creator emphasizes building Web3 deliberately and sustainably, delineates artistic versus design approaches, and opens up on his Decentralized Beauty initiative

Zora23 Nov 2021

Subscribe.

Your weekly updates inside the Inbox
ZORA
ManifestoZineFAQsCareersWhitepaperDocumentationTerms Of Service