While we’re all about the idea that Web3 can solve a lot of problems in the world today, it’s not without its own risks. From hacks to scams and common mistakes that can result in a loss of funds, learning about Web3 safety is key to keeping your crypto wallet happy, especially if you use your wallet to pay IRL bills.
At Spritz, we’re dedicated to ensuring trust and safety in our platform and want to enhance our education toward helping our community avoid these mistakes. We’ve recently enhanced the security of our smart contract, and will continue to monitor risks that may come in the future. Mistakes are common, but here are some great practices that can keep your crypto safe as you navigate Web3 dApps and platforms.
Never share your keys
One of the best ways to keep your crypto and wallets safe and secure is to go above and beyond to safeguard your keys. Your keys are either a series of numbers, letters, or words that are used as a way to verify your ownership of a particular wallet and/or asset. While you are encouraged to share your wallet address, no one should ever be sharing your keys with anyone. Doing so makes it possible for them to steal your wallet as well as all of the assets inside it.
Hide your keys in a secure place
Much like your ATM pin or other important passcodes, you must do your best to store your hide and protect your keys. This means you should never leave them out in the open, nor should you leave them in spaces that can be easily accessed or taken. So, for instance, you wouldn’t want to keep them in places such as your actual wallet, as they can possibly be stolen or accessed by random people. However, you may want to keep them in places such as a safe or a secure file, which also requires a password or some level of encryption to use.
There are virtually no ways to retrieve your wallet once someone has stolen it, so keep your keys safe and hidden. We recommend keeping your keys written down on a piece of paper and hidden in your personal belongings, or stored in a secure place that can’t be hacked into or accessed without your permission. If you’re storing large amounts of cryptocurrency or valuable NFTs, never store your keys in the notes of your phone.
Use multiple wallets
Although crypto wallets are relatively safe and secure, there are still risks associated with them. Hacks are common, and the more you connect your wallet to smart contracts the bigger there is of a risk that you could be hacked. To reduce the chances of having all of your assets stolen, keep all your assets in a separate wallet from the one you use to connect to smart contracts.
For example, if you’re connecting to a metaverse dApp or an app like Spritz to pay bills with crypto, keep only what you need to use to interact with that application in the wallet that you connect to it with. If you have all of your most valuable NFTs and your entire net worth of cryptocurrency in a MetaMask wallet, consider opening a second wallet that you can use to interact with dApps. This will keep your assets safe, and let you freely access the Web3 ecosystem without having to worry about your assets being stolen from you.
Use a cold wallet
A great way to assure that your assets are safe from being stolen in a hack is to keep them stored securely on a cold wallet. Cold wallets are physical cryptocurrency wallets that are not connected to the internet. These look like thumb drives, and they’re one of the most secure ways to store large amounts of cryptocurrency or valuable NFTs and collectibles.
There are risks associated with cold wallets, however, so take some time to learn about the pros and cons of each. For example, since a cold wallet stores your cryptocurrency physically, you could lose everything if the wallet becomes lost or damaged. Consider storing your cold wallet in a secure place, or look into insuring its contents in case of loss or damage.
Spritz lets you pay bills with Ledger directly from your cold wallet, making it easy to pay bills with crypto that you keep stored offline.
Do due diligence when connecting to new smart contracts
Take some time to look into new smart contracts before you connect your wallet to them. For instance, when you are dealing with things such as bridges and other ecosystems that have a higher risk associated with them, make sure you research the security mechanisms that the developers have put in place.
Bridges are at higher risk for being hacked or stolen from, so research which bridges are most dedicated to security before you sign a transaction with your wallet. We love the Polygon Bridge because it’s one of the most common and most secure bridges in the DeFi ecosystem, but there are certainly other great options out there.
Check links before you click on them
Unfortunately, phishing attacks are pretty common in cryptocurrency. To keep your assets protected, make sure you never click on any link you don’t trust. If someone you don’t know sends you a link over social media or Discord, don’t click on it. If you search for a Web3 platform on social media, like Uniswap for example, check on the link before you click on the first result. It’s not uncommon for phishing scammers to pay for ads with fake links under the name of a common website.
Check the project contract before purchasing an NFT
On the topic of checking links before you connect your wallet, check on NFT project smart contracts before purchasing an NFT. This is the code attached to the NFT on the blockchain itself, which you can check on sites like Etherscan or Polyscan. Look up the smart contract code online and check that it matches the smart contract code of the NFT you’re purchasing.
The best way to make sure you’re getting an authentic NFT is to follow the link in the bio of the project’s social media pages. However, even on social media there are often fake pages selling fake NFTs. Take your time before making a purchase, and look for signs that a social media page or NFT collection could be fake. Are there a lot of followers on the social media page? Are there a lot of users interacting with it? Is the social media page verified if it’s a bigger project? On platforms like OpenSea, some major projects will be verified to let you know that the NFT is part of the correct collection.
For major projects like Bored Ape or Crypto Punks, for example, fake versions or derivatives of the NFT project are all too common. Take some time to understand how NFTs work so that you know what you’re buying. If the price on an NFT seems too good to be true, it probably is. There is nothing wrong with buying a derivative of a popular NFT project, but make sure you understand what that is before you purchase.
Overall, keeping your wallet and assets safe on Web3 is not as hard as you think. Nevertheless, you should be especially careful when making transactions using crypto on the web. Since all of the technology is still relatively new, there are still hiccups that developers and marketers are working on to make the ecosystem as secure as possible.
Use Spritz to limit transactions
Each time you send crypto from one place to another you run the risk of sending it to the wrong address by accident. Spritz makes it easy to use your crypto in the real world by enabling bill payments directly from your crypto wallet. This limits the amount of transactions you have to make, lowering your margin for error overall. Sign up for the Spritz beta today to qualify for our beta program,and enjoy real-world use for your crypto.
We use 2-factor authentication by verifying your account using a phone number. This ensures better security when using the Spritz app, and enables you to pay your bills with crypto on a secure platform. We also recently improved our smart contract security and have implemented static code analysis tools to monitor for potential vulnerabilities. It’s important that users take Web3 security seriously within their own wallets, but there are steps that we can take on our end to assure that our users are kept safe when interacting with our smart contract as well. At Spritz, we’re implementing the best in Web3 security to provide a product that our users can trust.