Web3 Security - The basics
Since the very beginning, 1inch Network has been dedicated to security. With a total of 9 audits for its Aggregation Protocol alone, 1inch is one of the most well-scrutinized projects in the DeFi space. Through various features and implementations, the team has built a wide array of tools to help users protect themselves against fraud, theft, and loss of funds. Long story short, 1inch pours a massive amount of resources and capital into creating the most secure platform in the industry.
Despite every effort put into building and maintaining a rock-solid platform, there are still countless security risks in the crypto-sphere. Whether you are a first-time user, a seasoned veteran, or somewhere in between, knowing how to operate in this fast-moving environment is critical to success for everyone.
In the spirit of reducing risk, here are some general "do's and don'ts" to keep you secure on your crypto journey:
NEVER share your wallet's private key with anyone, even if it is an admin of a group or project team member. Your private key is the only thing needed for someone to steal your tokens. This, of course, requires understanding the difference between a private key and a public key.
Always store your large amounts of funds in a hardware wallet / offline.
By storing your funds offline, thieves and hackers cannot access your funds. A hardware wallet (like Ledger or Trezor) requires your physical presence to move any assets. Pro tip: Use a multi-signature wallet "safe" for an even stronger layer of security. (Safe is a great option)
Never visit the website link of a randomly airdropped token.
Only interact with reputable and time-tested projects. Several things to look for are: Audits, multi-factor authentication features, SSL/TLS website encryption, thriving communities, and length of time in the industry without hacks or exploits. A quick browser or block explorer search can make all the difference.
Example from the block explorer:
Always use a unique (and strong) password/passcode for wallet applications
(yes its annoying, but using the same password for everything can lead to catastrophic losses of funds and personal data) Password management services like LastPass or Google Password Manager are great for this.
Test with small amounts first when sending/receiving to new addresses
This is one of the easiest ways to ensure your funds won't be lost forever. All blockchain transactions are permanent, so sending a small "test" amount to an unknown address is a good habit to adopt.
Do your own research (DYOR)
Know what you are buying/selling, and make sure the token/contract you are interacting with isn't a scam.
Enable multi-factor authentication for all wallets and accounts.
Especially relevant for wallet applications, having two or more layers of access to your funds will (in theory) make it twice as hard for malicious actors to move funds out.
Never leave large amounts of funds on a single centralized exchange.
Many centralized crypto exchanges have been hacked over the years, leading to massive losses for those who held funds on such platforms.
Never share or announce your asset holdings to the public.
Bringing unnecessary attention to the value of your portfolio creates a massive target for malicious actors. This is easily avoidable.
Ask a lot of questions.
Reaching out to official support teams or reputable community members for advice before attempting swaps, staking, providing liquidity, or farming etc. is always a great idea. Chances are, someone has been in the same position before, and would happy to help you keep your funds safe. (just remember tip #1 above!)