Lesson 1
DeFi security 101: Staying safe in the new decentralized world
Avoid scams, learn some tips and get a foundation of safety and security knowledge as you explore DeFi projects
When you build or use anything on the blockchain, one of the best things you can do for your business is educate yourself and your customers about common crypto scams.
To start, equipping yourself with a basic security education can help you build a stronger product. It can protect you, your business and customers, and can help you launch projects and make decisions with confidence.
Let’s discuss what it takes to defend your DeFi project and assets in 2024.
What’s with all the scams?
DeFi is at the center of many news headlines today, and pretty much everyone has heard of the major crypto projects, Bitcoin and Ethereum. Cryptocurrencies are being incorporated into phone apps like Robinhood, and even your parents have probably heard of Coinbase. More people than any time in history are actively launching web3 projects. No wonder the headlines, there’s a lot to talk about!
Unfortunately, a good number of these news stories are centered around crypto scams: Phishing links, pump-and-dump schemes, and fake NFTs. These stories are common and they scare many would-be entrepreneurs from even beginning to learn about DeFi.
So, what’s with all the scams?
Since cryptocurrencies are designed for anyone and everyone to get involved, there isn’t as much regulation when it comes to the legal and financial side. It’s called decentralized finance (DeFi) for a reason. But we can’t have the benefits of decentralization without also coming to terms with some of its challenges.
When a large corporation or government isn’t there to defend or insure your project and assets, you should take security into your own hands. The good news is, it doesn’t have to be complicated.
Born in a security world
The entire blockchain and crypto industry grew from cryptography. Serving as the foundation of it all, cryptography is a concept that was built for protecting communication and information. While crypto scams may be common, we should remember that they exist in a world built with tons of defensive tools for securing transactions and your assets.
For example, blockchains are generally built on an immutable ledger. This means once your data is recorded, it cannot be altered or tampered with retroactively. The ledger maintains trust and transparency within systems to reduce the risk of fraudulent activities and data breaches.
Immutability is just one example of native security built into the blockchain world. But security doesn’t stop on the blockchain. You also need some best practices.
DeFi security 101
The key to maintaining a good baseline of security in DeFi is practicing self-guided security. Keep asking questions, stay vigilant and take your time before making decisions. Here are a few best practices to keep in mind before getting into a project:
Own your keys to truly own your wallet (instead of storing it on exchanges): Remember that you only truly own your wallet if you have the keys to access it. As long as you maintain the security habits mentioned throughout this article, crypto assets are safer under your supervision than crypto exchanges.
Use a hardware wallet: The easiest break-in tool for hackers is the internet. That means one of the best ways to defend your crypto wallet is to avoid storing it online. A hardware wallet is where you store your private keys offline, protecting them from most malicious hackers. Make sure to write down your keys and keep them in a safe, secure place. With a hardware wallet, lost keys = lost crypto.
Use multifactor authentication (MFA / 2FA): 2FA is a classic cybersecurity tool. It requires multiple forms of identification from anyone logging into their account. 2FA ensures that even someone armed with your password can’t break into your most important accounts and wallets.
Use known and trusted DeFi projects and platforms: The cryptocurrency industry is still relatively young, with new projects launching each day. But even in our industry’s short history, strong brands have risen to the top. As a general security rule, it’s best to begin your DeFi journey by only engaging with the oldest and most established projects.
Common scams and how to avoid them
Phishing (or “lookalike”) scam: There are many ways to become the victim of a phishing scam. But let’s focus on the most important one for business owners: The landing page lookalike scam. This is when a scammer creates a landing page that looks like your business landing page. When real users try to log in, their credentials are stolen by the scammers.
How to avoid phishing scams
To avoid this scam, be vigilant about clicking any links from your inbox. Also, always make sure to check your URL bar and make sure you’re on the page you think you are, especially when doing anything involving a login and password.
Pump-and-dump: Pump and dump scams are the result of individuals and companies making large financial promises to a niche community, like a celebrity telling you to invest in a new cryptocurrency that you haven’t heard of. After hearing the advice, the community might quickly buy niche coins being promoted, only to watch their money rise quickly and then disappear.
How to avoid pump-and-dump scams
Beware of anyone promising large and fast returns with little or no risk. These promises are almost always followed by a victim losing a lot of money. If you see an online community promising high returns from a specific coin, beware. Do your research, because it may be a pump and dump scheme.
Fake wallets, tokens and exchanges: This one is pretty self explanatory. Companies or individuals can put up a website pretending to be a trustworthy exchange or wallet entity. Once you sign up, they might steal your information, or worse, your crypto accounts and assets. This goes back to our point earlier about only using trusted DeFi platforms. Blockchain technology has been around long enough that there are now trusted organizations with a long history of providing reliable services.
How to avoid fake wallets, tokens and exchanges
Aside from using the most vetted services, before you try a new platform, do a simple search for reviews and online discourse about its validity. It’s hard to hide illegitimate projects from independent review websites. Similarly, you can post to trusted forums or chat groups to get the opinions of other web3 experts.
Pyramid and Ponzi schemes: These schemes promise high returns on investment when you help them recruit new investors—who then recruit more investors, and so on. What’s really happening is a classic crypto pyramid scheme.
How to avoid pyramid and ponzi schemes
Beware unsolicited offers. If a crypto founder approaches you with an “opportunity”. Be skeptical. Also, fact check the promises of the crypto project. Most pyramid and ponzi schemes are empty projects sold through a persuasive founder. Do your own research. Look for red flags. If something sounds too good to be true, ask yourself: What’s the catch?
Take a security-first approach to exploring crypto
Building a business on the blockchain comes with great risks and incredible agency. Once you understand the risks and how to avoid them, web3 technology is an incredibly powerful new suite of tools for you to use.
Keep exploring, don’t stop asking questions and stay safe out there!