Even though Web3 evangelists have long touted the native security features of blockchain, the torrent of money flowing into the industry makes it a tempting prospect for hackers, scammers and thieves. This article will tell you how to protect yourself, your crypto and your NFTs.

When bad actors succeed in breaching Web3 cybersecurity, it’s often down to users overlooking the most common threats of human greed, FOMO, and ignorance, rather than because of flaws in the technology.

According to a June 2022 report by the Federal Trade Commission, over $1 billion in cryptocurrency has been stolen since 2021. And the hackers’ hunting grounds are where people gather online.

Nearly half the people who reported losing crypto to a scam since 2021 said it started with an ad, post, or message on a social media platform.

The Federal Trade Commission commented

Types of cyber attacks

Security breaches can affect both companies and individuals. Cyberattacks targeting Web3 typically fall into the following categories:

  • Phishing: One of the oldest yet most common forms of cyberattack, phishing attacks commonly come in the form of email and include sending fraudulent communications like texts and messages on social media that appear to come from a reputable source. This cybercrime can also take the form of a compromised or maliciously coded website that can drain the crypto or NFT from an attached browser-based wallet once a crypto wallet is connected.
  • Malware: Short for malicious software, this umbrella term covers any program or code harmful to systems. Malware can enter a system through phishing emails, texts, and messages.
  • Compromised Websites: These legitimate websites are hijacked by criminals and used to store malware that unsuspecting users download once they click on a link, image, or file.
  • URL Spoofing: Unlink compromised websites; spoofed websites are malicious sites that are clones of legitimate websites. Also known as URL Phishing, these sites can harvest usernames, passwords, credit cards, cryptocurrency, and other personal information.
  • Fake Browser Extensions: As the name suggests, these exploits use fake browser extensions to dupe crypto-users into entering their credentials or keys into an extension that gives the cybercriminal access to the data.

How to protect yourself?

The basic way to protect yourself from phishing is to never reply to an email, SMS text, Telegram, Discord, or WhatsApp message from an unknown person, company, or account. Never enter credentials or personal information if the user did not start the communication. Do not enter your credentials or personal information when using public or shared WiFi or networks. Do not enter your credentials or personal information when using public or shared WiFi or networks.

Keep your crypto and NFTs safe.

Let’s look at a more “Web3” action plan. When possible, use hardware or air-gapped wallets to store digital assets. These devices, sometimes described as “cold storage,” remove your crypto from the internet until you are ready to use it. While it’s common and convenient to use browser-based wallets like MetaMask, remember, anything connected to the internet has the potential to be hacked.

If you use a mobile, browser, or desktop wallet, also known as a hot wallet, download them from official platforms like the Google Play Store, Apple’s App Store, or verified websites. Never download from links sent via text or email. Even though malicious apps can find their way into official stores, it’s more secure than using links.

After completing your transaction, disconnect the wallet from the website.

Only invest in projects you understand. If it’s unclear how the scheme works, stop and do more research.

Ignore high-pressure tactics and tight deadlines. Often, scammers will use this to try and invoke FOMO and get potential victims to not think about or do research into what they are being told.

Last but not least, if it sounds too good to be true, it probably is a scam.

Side note: advertising and in-game monetization: busting myths.