The web3 environment is both centralized and decentralized because of the intersection between some centralized entities and decentralized protocols. Conversely, navigating the decentralized aspect of the web3 space requires some basic understanding of the space. The decentralization of blockchain embodied various attributes and security responsibilities and as a decentralized environment, we must step up and be responsible for our security to mitigate and reduce the risk of becoming a victim.

\
Due to the decentralized nature of the web3, cybersecurity becomes a major concern and protecting your non-custodial wallet, decentralized exchanges transactions, and data becomes your sole responsibility. Although web3 does allow decentralized transfer of value and autonomous interactive environment, thus, decentralization comes with some security responsibility trade-off, and as always, humans remain the weak link in web3 space.

\
## **Understanding The Blockchain Trilemma**

As postulated by Vitalik Buterin - the co-founder of the Ethereum blockchain - public blockchains must trade-off either decentralization, security, or scalability at the protocol and application level, as further explained by Yahoo.

\
> *“The blockchain trilemma is the problem of being unable to balance between security, decentralization, and scalability in blockchains. Decentralization is the ability of blockchains to distribute data and computing power across the many computers in their network.”*

\
Blockchain protocols must trade-off one from the blockchain trilemmas to achieve the other two.

\
 ![The Blockchain Trilemma](https://cdn.hackernoon.com/images/dm0NIVFX87QelDnxmjfCQ3RAT1N2-4xa3y66.png)

## **Understanding Web3 Security**

The web3 ecosystem inherited some security vulnerabilities from its predecessors, web1.0 and web2.0 caused by human factors. Although, blockchain technology provides additional security and privacy layers using cryptographic end-to-end encrypted processes and mathematics computational mechanisms such as zero-knowledge proof.

\
The web3 and blockchain technology provides centralized and decentralized platforms for transactions. In the centralized aspect of the web3, the service provided by the exchanges is centralized with a single point of failure. 

\

:::tip
Centralized exchanges (CEX) like FTX, Binance, Crypto.com, KuCoin, and Coinbase provide a platform for transacting using custodial wallets where they control your private and public keys. There is this popular saying that goes, “Not your key, not your money.”

:::

\
However, in a decentralized peer-2-peer environment (DEX), you control your non-custodial wallet, your private, public keys, your money, and your security become your primary and sole responsibility.

\
Conversely, the security concerns in the web3 space are inherited from web2.0 as previously stated on the application level. Although, there are also protocol-level security concerns. However, some security vulnerabilities are designed to trick and deceive decentralized application (Dapp) users into giving out their sensitive information. Hackers are becoming more sophisticated in their attempts to compromise security and trick users. So making security your top priority is significant.

\
In every emerging technology, there are 3 actors, 1. The good actors 2. The bad actors 3. The Victim.

\
* **The good actors:** are the ones with good intentions, they build projects with real-life use cases, educate the people, and provide a safe working environment.
* **The bad actors** are the ones with bad intent. They trick and take advantage of people.
* **The victims:** Anyone can be a victim of both bad and good actors. A good project doesn’t guarantee a good return. A good project can fail due to encapsulated and systemic complexity.

\
### **Major Web3 Security Threats**

There are several security threats in the web3 environment.

\
* **Spamming**
* **Scams**
* **Ransomware**: The CISA defines Ransomware as a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Some of the ransom demands are in cryptocurrency.
* **Cryptojacking**: Cryptojacking is malicious software (malware) that infects your devices to use for cryptocurrency mining.
* **Smart Contracts** scripting
* **Social engineering**
* **Man in the middle attacks**
* **Denial of service attacks** (DOS)
* **Wallet Dusting Attacks**: Hackers send a small amount of crypto to a wallet to deanonymize users and break their privacy.
* **Phishing attacks**
* **Honeypot attacks**: Hackers are also deploying the use of honeypot to lure their victims and gather intelligence about their identity
* **Routing attacks**
* **Sybil attacks**: In a Sybil attack, hackers create and use many false network identities to flood the network and crash the system.
* **51% attacks**: On proof of work blockchain, having more than 50% of the power means having control over the ledger and the ability to manipulate it.

\
## **How to Protect Yourself and Your Crypto Account From Threats**

* Always visit the original website
* Only download applications and software from the source
* If possible, disable direct messages on telegram and discord
* Only click the official website of your community
* Never click any link sent to you from an unverified source without properly checking
* Never send your seed phrase to anyone
* Never open an email link that looks suspicious
* Never install any file with a “.exe” or “.scr” extension sent to your email by an unknown email
* Never fill your wallet password and seed phrase into any form that you are not sure of
* Make sure you don’t keep all your money in one wallet
* Have multiple wallets for different transactions
* Store your crypto money in a cold wallet (A cold wallet is an offline hardware wallet)

\
## **How to Secure Your Non-custodial Wallet if You Are Interacting with Decentralized Exchanges and Finance**

* Never share your seed phrase with anybody
* Never input your seed phrase on any website requesting for it
* Never reveal your wallet private key
* Never grant access to any smart contract requesting access to your wallet if you are not sure
* Be careful of people contacting you that they have some money in their wallet, and they cannot transfer it because of their government restrictions, and they want you to help them, and they will ask you to cover the gas fees
* Make sure you double-check any website requesting you to connect your wallet
* Avoid websites that have spelling mistakes from the original website
* Always disconnect all active connections on your metamask
* You can use a separate wallet to connect to a smart contract you don’t know
* Never store your wallet seed phrase on your email or cloud

\
## **How to Spot a Potential Web3 Security Threat**

Security vulnerabilities come in many forms, and the best solution is to educate yourself and take preventive precautions to protect yourself.

\
* **Smart contracts scripting** is one of the most sophisticated tricks in the web3 space. Unaudited smart contracts pose a lot of security risks, they can be programmed with malicious intent to compromise your security by executing an unauthorized recurring transaction in your wallet when you interact with decentralized applications (Dapp).
* To protect yourself, make sure you interact with **audited smart contracts**
* **Disconnect your wallet** after every transaction
* **Rug pulls**: The concept of rug pull goes beyond token value going back to zero or the project devs running away with the liquidity. Even a legitimate project with bad tokenomic could drop in value drastically. However, a smart contract can be programmed with malicious intent to lock tokens for a long period by denying withdrawal. Even after fundamentally and technically analyzing a project and even going as far as performing some technical on-chain analysis, due to encapsulated and systemic complexity project value can go back to zero even with a good fundamental. So, make sure you do your due diligence before investing in any project to avoid emotional rug pull.

  \

## **What Not to Do While Interacting with Web3**

- [ ] Never give out your seed phrase to anybody
- [ ] Never interact with the web link you are not sure of
- [ ] Never click a spam link pretending to be from trading exchanges
- [ ] Always double-check the website you are interacting with
- [ ] Never click on unlockable content from any NFT airdrops you are not expecting

\
## **Conclusion: Web3 Security**

There is an inherent security vulnerability threatening the internet since its inception. These security vulnerabilities transcended from web1.0 to web2.0 and now the web3 environment. Thus, pose risks to the web3 ecosystem users. However, preventing and mitigating these security risks requires proper knowledge, education, and risk management skill.

## **References**

* Lisa Ann Yount (2022) What Is Cryptojacking? How to Protect Yourself Against Crypto Mining Malware. Retrieved from <https://www.coindesk.com/learn/what-is-cryptojacking-how-to-protect-yourself-against-crypto-mining-malware/>
* Simplilearn (2021) What Is Blockchain Security: Challenges and Examples. Retrieved from <https://www.simplilearn.com/what-is-blockchain-security-and-its-examples-article>
* IBM (2019) What is blockchain security? Retrieved from <https://www.ibm.com/topics/blockchain-security>
* Cybersecurity and Infrastructure Security Agency (…) What is Ransomware? Retrieved from [https://www.cisa.gov/stopransomware#:\\\~:text=Ransomware is a form of,ransom in exchange for decryption](https://www.cisa.gov/stopransomware#:%5C\~:text=Ransomware%20is%20a%20form%20of,ransom%20in%20exchange%20for%20decryption).
* Tanvir Zafar (2021) How Layer-Two Solutions Can Help Solve the Blockchain Trilemma. Retrieved from <https://finance.yahoo.com/news/layer-two-solutions-help-solve-144306678.html>

\
Also published [here](https://medium.com/carthago/web3-securities-threats-how-to-protect-yourself-and-your-crypto-wallet-from-hacker-93235b686b53)

Ethereum

Chain

Binance

Coinbase

Dapp

fees

2022 - HackerNoon Contributor of the Year - Cyber Threats

2022 - HackerNoon Contributor of the Year - Cybercrime

Nominated for 2022 - HackerNoon Contributor of the Year - Cyber Threats

Nominated for 2022 - HackerNoon Contributor of the Year - Cybercrime

Too Long; Didn't Read

Build JavaScript blockchain apps easily with Lisk

Web3 Security: Tips to Protect Yourself and Your Crypto Wallet from Hackers

Web3 Security: Tips to Protect Yourself and Your Crypto Wallet from Hackers

Too Long; Didn't Read

People Mentioned

Companies Mentioned

Coins Mentioned

@authorityjoel

RELATED STORIES