Security In Web3: Why Is My Metamask Wallet Empty?
It’s everyone’s worst nightmare to wake up to find that your Metamask Wallet has been drained. Sadly, this is the reality for many people, and it’s becoming increasingly common with advanced hacks and social engineering constantly developing in the Web3 space.
As there is no governing body within the Web3 space to regulate measures such as metamask wallet security, the responsibility for safe interaction has shifted into the user’s hands. What this often means is that simple actions such as clicking on the wrong link or signing something without reading it, could compromise your security and allow others to gain full access to your wallet.
Seed Phrase Storage: Don’t Share It With Anyone.
Whenever you set up a crypto wallet like Metamask, a “seed phrase” is generated. A seed phrase is a combination of words which essentially become your “password” to gain access to your wallet. It is the primary key to accessing a wallet, so it is extremely important to have secure seed phrase storage and to never share this with anyone or anything.
A common exploit circulating the Web3 space is when websites ask for permission to access your seed phrase when trying to connect to the site. When situations like this occur, it’s very important to read what you sign in detail to avoid giving away access to your wallet unknowingly.
Crypto Hardware Wallets
Using an online wallet like Metamask is quite convenient as it’s easy to access, however it also means it’s easy for hackers to gain access to it in the event that your device is compromised. This is where using a physical wallet ( i.e. a crypto hardware wallet) can be much safer as it is a completely different and separate device. A physical wallet in this sense is similar to a USB, a device you can connect when you only want to sign transactions, meaning once unplugged your wallet is essentially “offline”. This extra layer of security means a hacker would need access to your crypto hardware wallet in order to gain access.
Using a Secondary Wallet
It is becoming increasingly difficult to tell legitimate websites from fraudulent ones, so it’s a good idea to use a clean wallet for minting anything you’re not 100% sure is safe or legitimate. In doing this, you can keep your main wallet completely separate and secure your crypto wallets against any risks that may compromise your crypto assets.
Stay safe in the Community
Discord has become the choice digital distribution and communication platform for Web3 groups as it offers features and flexibility which are ideal for any Web3 project. However, the nature of Discord also makes it a common ground for crypto scammers to target unsuspecting victims.
A common crypto scam on Discord takes advantage of people who have a fear of missing out (FOMO). Scammers will DM users with malicious links which look somewhat legitimate, offering eye-catching incentives such as the opportunity to win a free BAYC (Bored Ape Yacht Club). Skilled scammers make these offers look legitimate, and each time they circulate, there’s almost always someone bound to click the link.
The best practice on discord is to disable direct messages from all members when you join a server – this will prevent any type of spam and secure your crypto wallets.
You can do this by going to; User Settings -> Privacy Settings -> Disable “Allow direct messages from server members.”
Social engineering is becoming increasingly common on Discord with fake accounts impersonating projects and notable figures in the space. Some of the most common types of this are:
1) Fake accounts pretending to be moderators or project leads. These accounts contact users about opportunities to get access to a “Free NFT” or “Stealth Mint” which usually involves some sort of link – which you should never click on!
2) Fake Accounts pretending to be a bot related to a project asking users to “verify” themselves through a link, typically impersonating Discord resident bot, Collab.Land.
3) Fake Account contacting users about certain projects that have started minting and inviting users to join through a “special link”.
These types of fake accounts are very common and if you’ve been involved in Web3 for a while, more often than not you would have experienced most of these crypto scams. The good news is, there are ways to distinguish a fake account from a real account.
The most prominent way to ensure your Metamask wallet security is to always communicate through the server. This way you can confirm that you are talking to the real account as you can check which roles they hold within the server. Another easy way to confirm if you are dealing with a fake account, especially with Collab.Land, is to check for verification.
As Collab.Land is a verified bot within Discord, you can notice almost immediately that the 4 unique digits on the fake account are different to that of the official account. Additionally, Collab.Land has a verified bot badge which makes the distinction between accounts clear.
Look For Crypto Scam Giveaways
Discord hacks have become increasingly common over the past year, with projects being hacked on a daily basis. To help avoid these crypto scams and secure your crypto wallets, there are some key red flags to watch out for in any project.
If a project suddenly sends an unscheduled announcement that they’re minting now with access via a link, it is often easy to fall victim to FOMO. However, most projects will always give you a mint date well before it actually launches, so a sudden announcement is usually a big warning. It is much safer to hold out and wait before taking any action when it comes to these sudden announcements – never jump the gun!
At the end of the day, Web3 is all about community, so it’s always a good idea to reach out to members in a server if you receive a malicious DM or you are unsure of something. Members with a moderator role or owner role within a server are incredibly trustworthy and will be able to give you the right advice in these situations.
How to stay safe in NFTs (Thread ⬇️)
1. Never click unknown links
2. Never give out your seedphrase
3. Disconnect your Metamask from websites
4. Revoke Permissions/Access from your NFTs
5. Use a Hardware Wallet
— Angel (@NFTverse_) February 20, 2022