Prevention Policies for Individuals: Difference between revisions
(Crosslinking.) |
No edit summary |
||
| Line 4: | Line 4: | ||
== Store Funds Offline == | == Store Funds Offline == | ||
{{Prevention:Individual:Store | {{Prevention:Individual:Store Funds Offline}} | ||
== Keep Multiple Backups == | == Keep Multiple Backups == | ||
| Line 19: | Line 19: | ||
== Always Verify Executables == | == Always Verify Executables == | ||
{{Prevention:Individual:Always | {{Prevention:Individual:Always Verify Executables}} | ||
Revision as of 13:16, 12 May 2023
Below is a list of prevention policies for individual cryptocurrency users. Each of these policies is a standard template which can be included in the applicable case studies. We also have Prevention Policies for Platforms and Prevention Policies for Regulators.
To add a template to an article's Prevention section, select Insert > Template and Type "Prevention:Individuals:<title>" where <title> is the title below.
Store Funds Offline
Store the majority of funds offline. By offline, it means that the private key and/or seed phrase is exclusively held by you and not connected to any networked device. Examples of offline storage include paper wallets (seed phrase or key written down and deleted from all electronic media), hardware wallets, steel wallet devices, etc...
Keep Multiple Backups
Ensure that more than one copy of your seed phrase is kept, and that each copy is in a distinct location. For example, you may keep a backup copy in a bank vault. A common scheme is to split the 24 word seed phrase into 3 sets of 16 words each, such that any two of the sets are needed to unlock the wallet.
Private keys can be obtained through seed phrases, mnemonics, private key files, mobile synchronization screens, wallet export features, wallet backups, etc... Never ever send these to anyone else who you do not intend to allow to take all of your money. Attackers will use a wide variety of tactics to convince you like pretending to be your wallet software, pretending they work for the wallet software, or asking you to screen share. Don't fall for them.
Question Unrealistic Profit
Any time that you are promised any profit or benefit in exchange for an initial payment, smart contract approval, or deposit, pay special care as to whether the entity making that offer is trustworthy, actually who they say they are, and has the means to fulfill what they're promising. There are no magic algorithms providing guaranteed returns from trading or mining. Trading on average will lose money. Mining is expensive and complex. No one is going to immediately send back more than you sent them. NFT projects will rarely announce a surprise mint in only a single location. Are you fully prepared for the event your money is kept and nothing is delivered in return?
Double Check Transactions
Every approval on Web3 is an opportunity to lose all of the funds present in your wallet. Take the time to review the transaction in full. Fully check over the balance, permissions, and entire address which you are interacting with. Do not trust that your clipboard or any website front-end is guaranteed to provide an accurate address or transaction status. Always perform a test transaction prior to the first high-value transaction in any session.
Always Verify Executables
Any time untrusted software is being run is an opportunity for abuse. It is recommended to always interact with cryptocurrency in a fully controlled environment, which is an environment where you have understanding of every piece of software running there. Using a hardware wallet, spare computer with all software wiped, and/or virtual machine with only the needed software greatly reduces your attack surface. Take the time to verify downloaded files come from the correct and expected source and match available hashes if provided. Any time you encounter a new file, always check if it can contain executable code prior to using it.