The web3 environment is both centralized and decentralized because of the intersection between some centralized entities and decentralized protocols. Conversely, navigating the decentralized aspect of the web3 space requires some basic understanding of the space. The decentralization of blockchain embodied various attributes and security responsibilities and as a decentralized environment, we must step up and be responsible for our security to mitigate and reduce the risk of becoming a victim. Due to the decentralized nature of the web3, cybersecurity becomes a major concern and protecting your non-custodial wallet, decentralized exchanges transactions, and data becomes your sole responsibility. Although web3 does allow decentralized transfer of value and autonomous interactive environment, thus, decentralization comes with some security responsibility trade-off, and as always, humans remain the weak link in web3 space. Understanding The Blockchain Trilemma As postulated by Vitalik Buterin - the co-founder of the Ethereum blockchain - public blockchains must trade-off either decentralization, security, or scalability at the protocol and application level, as further explained by Yahoo. “The blockchain trilemma is the problem of being unable to balance between security, decentralization, and scalability in blockchains. Decentralization is the ability of blockchains to distribute data and computing power across the many computers in their network.” Blockchain protocols must trade-off one from the blockchain trilemmas to achieve the other two. Understanding Web3 Security The web3 ecosystem inherited some security vulnerabilities from its predecessors, web1.0 and web2.0 caused by human factors. Although, blockchain technology provides additional security and privacy layers using cryptographic end-to-end encrypted processes and mathematics computational mechanisms such as zero-knowledge proof. The web3 and blockchain technology provides centralized and decentralized platforms for transactions. In the centralized aspect of the web3, the service provided by the exchanges is centralized with a single point of failure. Centralized exchanges (CEX) like FTX, Binance, Crypto.com, KuCoin, and Coinbase provide a platform for transacting using custodial wallets where they control your private and public keys. There is this popular saying that goes, “Not your key, not your money.” However, in a decentralized peer-2-peer environment (DEX), you control your non-custodial wallet, your private, public keys, your money, and your security become your primary and sole responsibility. Conversely, the security concerns in the web3 space are inherited from web2.0 as previously stated on the application level. Although, there are also protocol-level security concerns. However, some security vulnerabilities are designed to trick and deceive decentralized application (Dapp) users into giving out their sensitive information. Hackers are becoming more sophisticated in their attempts to compromise security and trick users. So making security your top priority is significant. In every emerging technology, there are 3 actors, 1. The good actors 2. The bad actors 3. The Victim. are the ones with good intentions, they build projects with real-life use cases, educate the people, and provide a safe working environment. The good actors: are the ones with bad intent. They trick and take advantage of people. The bad actors Anyone can be a victim of both bad and good actors. A good project doesn’t guarantee a good return. A good project can fail due to encapsulated and systemic complexity. The victims: Major Web3 Security Threats There are several security threats in the web3 environment. Spamming Scams : The CISA defines Ransomware as a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Some of the ransom demands are in cryptocurrency. Ransomware : Cryptojacking is malicious software (malware) that infects your devices to use for cryptocurrency mining. Cryptojacking scripting Smart Contracts Social engineering Man in the middle attacks (DOS) Denial of service attacks : Hackers send a small amount of crypto to a wallet to deanonymize users and break their privacy. Wallet Dusting Attacks Phishing attacks : Hackers are also deploying the use of honeypot to lure their victims and gather intelligence about their identity Honeypot attacks Routing attacks : In a Sybil attack, hackers create and use many false network identities to flood the network and crash the system. Sybil attacks : On proof of work blockchain, having more than 50% of the power means having control over the ledger and the ability to manipulate it. 51% attacks How to Protect Yourself and Your Crypto Account From Threats Always visit the original website Only download applications and software from the source If possible, disable direct messages on telegram and discord Only click the official website of your community Never click any link sent to you from an unverified source without properly checking Never send your seed phrase to anyone Never open an email link that looks suspicious Never install any file with a “.exe” or “.scr” extension sent to your email by an unknown email Never fill your wallet password and seed phrase into any form that you are not sure of Make sure you don’t keep all your money in one wallet Have multiple wallets for different transactions Store your crypto money in a cold wallet (A cold wallet is an offline hardware wallet) How to Secure Your Non-custodial Wallet if You Are Interacting with Decentralized Exchanges and Finance Never share your seed phrase with anybody Never input your seed phrase on any website requesting for it Never reveal your wallet private key Never grant access to any smart contract requesting access to your wallet if you are not sure Be careful of people contacting you that they have some money in their wallet, and they cannot transfer it because of their government restrictions, and they want you to help them, and they will ask you to cover the gas fees Make sure you double-check any website requesting you to connect your wallet Avoid websites that have spelling mistakes from the original website Always disconnect all active connections on your metamask You can use a separate wallet to connect to a smart contract you don’t know Never store your wallet seed phrase on your email or cloud How to Spot a Potential Web3 Security Threat Security vulnerabilities come in many forms, and the best solution is to educate yourself and take preventive precautions to protect yourself. is one of the most sophisticated tricks in the web3 space. Unaudited smart contracts pose a lot of security risks, they can be programmed with malicious intent to compromise your security by executing an unauthorized recurring transaction in your wallet when you interact with decentralized applications (Dapp). Smart contracts scripting To protect yourself, make sure you interact with audited smart contracts after every transaction Disconnect your wallet : The concept of rug pull goes beyond token value going back to zero or the project devs running away with the liquidity. Even a legitimate project with bad tokenomic could drop in value drastically. However, a smart contract can be programmed with malicious intent to lock tokens for a long period by denying withdrawal. Even after fundamentally and technically analyzing a project and even going as far as performing some technical on-chain analysis, due to encapsulated and systemic complexity project value can go back to zero even with a good fundamental. So, make sure you do your due diligence before investing in any project to avoid emotional rug pull. Rug pulls What Not to Do While Interacting with Web3 Never give out your seed phrase to anybody [ ] Never interact with the web link you are not sure of [ ] Never click a spam link pretending to be from trading exchanges [ ] Always double-check the website you are interacting with [ ] Never click on unlockable content from any NFT airdrops you are not expecting [ ] Conclusion: Web3 Security There is an inherent security vulnerability threatening the internet since its inception. These security vulnerabilities transcended from web1.0 to web2.0 and now the web3 environment. Thus, pose risks to the web3 ecosystem users. However, preventing and mitigating these security risks requires proper knowledge, education, and risk management skill. References Lisa Ann Yount (2022) What Is Cryptojacking? How to Protect Yourself Against Crypto Mining Malware. Retrieved from https://www.coindesk.com/learn/what-is-cryptojacking-how-to-protect-yourself-against-crypto-mining-malware/ Simplilearn (2021) What Is Blockchain Security: Challenges and Examples. Retrieved from https://www.simplilearn.com/what-is-blockchain-security-and-its-examples-article IBM (2019) What is blockchain security? Retrieved from https://www.ibm.com/topics/blockchain-security Cybersecurity and Infrastructure Security Agency (…) What is Ransomware? Retrieved from . https://www.cisa.gov/stopransomware#:\~:text=Ransomware is a form of,ransom in exchange for decryption Tanvir Zafar (2021) How Layer-Two Solutions Can Help Solve the Blockchain Trilemma. Retrieved from https://finance.yahoo.com/news/layer-two-solutions-help-solve-144306678.html Also published here

Ethereum

Chain

Binance

Coinbase

Dapp

fees

Enforcing Scalability and Data Integrity on Blockchain with Zero-Knowledge Proof

Nominated for 2022 - HackerNoon Contributor of the Year - Cyber Threats

Nominated for 2022 - HackerNoon Contributor of the Year - Cybercrime

Too Long; Didn't Read

Web3 Security: Tips to Protect Yourself and Your Crypto Wallet from Hackers

Web3 Security: Tips to Protect Yourself and Your Crypto Wallet from Hackers

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Decentralized Society's Next Stage: The Soulbound Token

(1/100) Crypto Countdown: Golem

A Research Report on the Trader $JOE DeFi Platform

07/03/2018: Biggest Stories in the Cryptosphere

05/02/2018: Biggest Stories in the Cryptosphere

01/06/2018: Biggest Stories in the Cryptosphere

Decentralized Society's Next Stage: The Soulbound Token

(1/100) Crypto Countdown: Golem

A Research Report on the Trader $JOE DeFi Platform

07/03/2018: Biggest Stories in the Cryptosphere

05/02/2018: Biggest Stories in the Cryptosphere

01/06/2018: Biggest Stories in the Cryptosphere

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps