🧵/13 Empirical and Suggestive Guide to Staying Safe in Web 3

This guide draws on extensive internet experience to provide you with effective strategies to safeguard your digital presence. It's essential to proceed cautiously, especially in communications that could expose you to risks, and to place your trust only in individuals and entities that have established their reliability over time within the community.

Legendary Builder • Working on /genyleap • /geny ecosystem.

https://linktr.ee/compez

🧵2/13 I can assert with confidence that most data and digital asset theft is due to users' lack of caution. There are no complex or bizarre methods for stealing your information; rather, exploitation often occurs precisely where you pay it least attention or deem it too trivial to worry about.

Digital Entry Points 🧵3/13

In the digital world, entry points can create opportunities for attackers to exploit misplaced user trust. Opportunists aim to use this trust to access your data and assets in various ways. Recognizing when to trust people or messages that seem official can prevent many security threats.

Haste and Neglect in Decision-Making 🧵4/13

Rapid, unreflective responses to links, tools, transactions, and interactions can lead to significant mistakes that opportunists are waiting to exploit. In the digital world, taking a moment to fully evaluate the situation before taking action can significantly enhance the security of your data and assets.

Failure to Use Trusted Tools and Software 🧵5/13

Especially in the Web 3 world, where wallets play a critical role, there are numerous methods by which your digital wallet and signature could be forged, allowing unauthorized access to your assets from your phone or computer. It simply requires that you or your system grant them access.

Flattering and offering unsolicited assistance.🧵7/13

Another method involves identifying your vulnerabilities. For example, in the Web 3 world, and particularly in communities that may require support, opportunists seek to discover problems. After identifying these issues, they approach users with offers to resolve these existing or potential problems, using names and IDs from official (but fake) projects to start correspondence with you. This situation becomes appealing, and you generally engage in correspondence to resolve your issues, thus opening another door for opportunists.

🧵8/13 My suggestion regarding social behaviors is straightforward: do not trust anyone and do not correspond with them unless they meet the following criteria:

1) They should be well-known and community-verified.

2) They should have a clear and traceable activity history.

3) They should have a credible circle of friends; for instance, if no other recognized individuals follow them, you should be skeptical.

4) The content they produce, their resume, and all their activities should generally be relevant to the area stated in their profile.

What topics do opportunists typically discuss? 🧵9/13

Many opportunists are cunning and mimic the traits of reputable individuals. While they may be psychological manipulators, don't be intimidated. By being aware and cautious, you can identify and avoid these high-risk situations.

Such individuals often contact you with offers of help or promotion, starting with praise or addressing a problem as if they're a close friend eager to assist. Be wary of these interactions; not everyone who approaches you is a friend.

Offers for collaboration or employment often praise your work and invite you to join a team or company, sometimes with a proposed fee. However, be cautious if you're later asked to register on a website or install software to provide feedback. No reputable company director or developer would require you to download potentially harmful files.

Technical and Safety Recommendations 🧵10/13

Use secure browsers like Chrome, Firefox, or Brave on any operating system or device. Ensure no extension is running unless it has been verified by the community. Remember, as helpful as extensions can be, they can be equally destructive!

In the Web 3 world, the wallet is the most important option. I strongly recommend keeping your significant assets in a hardware wallet. For everyday tasks and transactions, although MetaMask is a good option, I recommend Rabby Wallet. This wallet offers interesting security options and provides you with information before you confirm anything, helping you understand the security conditions under which a confirmation is being made, usually alerting you to safe, suspicious, and risky situations.

https://rabby.io/

Use more security and safety tools, like Wallet Guard, which checks all security-related matters before running an extension or your wallet and informs you if there is a potential problem.

🧵11/13 Wallet Guard

Before any transaction, purchase, sale, transfer, etc., check the destination wallet address, verify its history, and usually, in Farcaster and strong networks, you can receive and review more details based on the wallet. Protocols and algorithms such as OpenRank can be suitable options in this regard (for the FC environment).

Use tools to identify potential Exploits; these tools help ensure that access and authentication have been verified. You can check the signatures to ensure that you do not give access to other potential issues except for the things you are sure of.

https://www.walletguard.app/

For this purpose, I recommend using the tool revoke.sh.

Tap Strategy 🧵12/13

Many other recommendations have been mentioned, but one of the best pieces of advice is to use the TAP proposed by 6529. This is the best way to prevent phishing attacks.

https://x.com/punk6529/status/1701623475725533524

1) Three (T): Use three different addresses for various activities in the NFT world:

- Minting Address: For creating NFTs, which only holds a small amount of ETH to pay transaction fees.
- Transaction Address: For carrying out daily transactions and buying and selling NFTs.
- Vault Address: For long-term storage of NFTs you do not intend to sell. This address should never be connected to any online service.

2) Address (A): Separate addresses to manage risk and reduce the likelihood of unauthorized access to all your assets.
3) Protocol (P): Strictly adhere to security protocols during transactions and NFT creations.

This method is simple, and there should be no excuse not to use it. Implementing TAP can nearly eliminate all phishing attacks.

How to Use TAP 🧵13/13

Minting Address: Only keep the necessary amount of Ethereum for creating NFTs. Never use this address for other transactions.

Transaction Address: This address is for buying, selling, and everyday transactions. Ensure that only the necessary amount of currency is available in this address.

Vault Address: This address should be used for long-term storage of NFTs. Avoid connecting this address to any online platform to ensure its security.

By following these methods, you can significantly enhance the security of your digital assets against many common threats, ensuring peace of mind regarding the safety of your valuable assets.

https://paragraph.xyz/@compez.eth/empirical-and-suggestive-guide-to-staying-safe-in-web-3%F0%9F%A7%B513-1

How Do Opportunists Breach Your System and Data? 🧵6/13

- Identifying strengths and weaknesses.

Many people think data theft must involve some elaborate act, but paying attention to your relationships, conversations, correspondences, and everyday interactions often reveals the key issues.

No intrusion can occur without your permission. As an expert in this field, I can assure you that no unauthorized access is possible without either automatic or manual permission from you. Therefore, your data is only stolen when you have permitted it.

You might wonder, how does one inadvertently give permission for data theft? In my view, you shouldn't look for a complex reason because the explanation is quite simple! Simply trusting and corresponding with confidence with an opportunist grants the largest "permission" for them to proceed further.