It is very important to be aware that you are the only master of your funds, here is a small guide listing the good reflexes and the mistakes to avoid in order to keep your funds safe.
Securing your funds should be a priority, especially if you are new to the ecosystem, not everything is rosy, you should not trust anyone. In this guide, we will see together the minimum to do in order to secure your funds and avoid the drama.
We will also look together at the different types of scam you may come across during your journey into Web3 and cryptos.
1/ Storing your funds
The place where your funds will be stored is very very important. You have several options:
- On the CEX (Centralized Exchange) directly. (risk ++)
This involves some risks. A CEX is an exchange hosted on servers and is managed by a company whereas a DEX (Decentralized Exchange) is based on the blockchain.
To create an account on a CEX like Binance, you need an email address and a password, nothing more, the CEX doesn’t even give you your seed. When you deposit funds on the exchange, they are stored on a custodial wallet.
It’s a bit like a bank, you delegate your funds to the platform, but the latter owes you a security, it is supposed to be solvent, that is to say that it must be able to reimburse its customers in case of bankruptcy.
So if the exchange goes bankrupt, is not solvent and they disable withdrawals, your funds will remain blocked and (surely) lost. So your funds, if stored on an exchange, are not “really” yours.
- Custodial wallets. (risk +)
A custodial wallet is a wallet held in your name but where you do not own your seed, it is managed by a third party. Handy if you don’t want to lose your seed but you don’t have full control over your funds.
This can be a good thing if you don’t want to be your own bank for fear of losing your seed, but in that case, choose a trusted, regulated and compliant third party.
- Non-custodial wallets.
A non-custodial wallet is a wallet where you hold your seed, you are the sole manager and owner of the funds. You are therefore your own bank.
xPortal, Metamask are non-custodial wallets, if you don’t lose your seed, you are the only person who has access to it. You will not have any security problem, you and only you can sign transactions.
- Cold wallets.
A cold wallet, such as Ledger, is a wallet that is completely disconnected from the internet and where you own your seed. This is the form of wallet with the highest security capacity. You own your seed and the only way to sign transactions is to own the wallet, plug it in, enter your PIN and confirm to sign the tx.
- The .json wallet (risk +)
This type of wallet is stored as a file on your PC. In the case of MultiversX web wallet, you can use it to access your funds. This type of storage is risky because if your PC is infected, your wallet and the mdp is easily recoverable because you have to type the mdp in order to access your wallet.
There are also wallets in paper form, stored on a USB stick or on an uninfected phone not connected to the internet. But let’s keep it simple, easy to implement and just as safe.
2/ Securing your seed
A seed is a password composed of several words, generated at the creation of your wallet. It is the key that allows you to access your funds if your wallet is lost. Your seed must remain secret, even more than the code of the nuke at the white house (avoid to do 25 kills anyway)
It is very important to always have access to your seed if you lose access to your wallet, this will allow you to recover your funds on a new address.
Things not to do:
- Store your seed on a cloud, even if the wallet offers it to you at creation
- In your photos on your phone
- In a text file on your computer desktop
- In your phone’s notes
- On a post-it note on your desktop
- Share your seed with someone, even someone you trust
To store your seed, you can opt for a storage like this one, which allows you to keep it on a solid, encrypted and fire or water resistant support.
If you can’t afford it, you can write your seed on paper, in multiple copies, and store them in different locations in case your home is burned or flooded.
The best way to store paper is in a safe that can withstand anything.
3/ The scam
In this field, you should not trust anyone, there are a lot of malicious people.
- Fake support accounts
On Twitter, it is not uncommon to come across accounts such as “Metamask support”, “Binance support”… These accounts will automatically reply to your tweets via keywords in order to offer you help, even though you did not ask for it.
Either they will redirect you to a Google Form where you will have to fill in some information including your seed (NEVER FILL IN).
Or by private message, they will ask you for the same information. Of course, you should never give them anything, block them and report the accounts.
- “Send $0.5BTC and I’ll send you back double”
There are sites, Twitter accounts or even videos, explaining to you that if you send a sum of money to an address, automatically you will receive double of what you sent, of course, this is not true, you will never receive anything.
- The gurus
Some “investors” make believe when lending them your funds, they will multiply your wallet by 10. This is obviously not true, you should never transfer your money to someone who promises you huge gains.
- Phishing
NEVER click on suspicious links. Even if these links sometimes look like official websites. Instead, bookmark the secure, official links and use only them to remove any suspicion.
- ICOs
ICOs are actually fundraising to start a project, some are very serious and legal, but others are just scams. Once the ICO is over and the investors’ funds are recovered, the scammers leave with the money, without sending your tokens in return. So if you want to participate in this kind of fundraising, find out well beforehand about the project you intend to invest in and also about the platform (if there is one) that manages the ICO.
- Public networks
You should avoid connecting to your wallets using public Wi-Fi networks, wait until you get home or stay on the 4G/5G network.
