One of the most major problems in the current web 3 space is the lack of security. Each day, thousands to millions of dollars are either scammed or hacked away with absolutely no way to recover the funds due to the non reversibility nature of crypto. Major hacks have happened on Twitter threads, discord channels, decentralized autonomous organizations, and of course, NFT projects.
This article will act as a small guide that is a pre-requisite for every member of the team before you guide yourself through the web 3 world.
Security is the absolute most important thing we must take seriously in order to have a successful project. The way to do it is to to LIMIT the “attack surface” (the number of potential chances) that a hacker can use against us in order to breach our system.
What is 2-factor authentication? In simple terms, it is an extra security step that a user needs to complete before they are allowed to login to an account. The typical flow is you type in your password, and then a secondary window pops up that asks you for a code that only you would know as it’s given by an installed application on your cell phone.
Why use 2-factor authentication? If your password gets stolen, or worse, guessed, the entire project has a breach. For example, if your discord account gets hacked, a scammer may post a link to a fraudulent minting website where the community will mint fake NFTs and lose thousands of dollars per person. Sounds crazy? It actually happened (https://nftevening.com/deadfellaz-discord-has-been-hacked-heres-how-to-avoid-the-scam/)
Links are the number one source of hacks currently used today within the web 3 space. There are fraudulent websites / browser extensions that are designed to trick users into (but not limited to): giving up their private keys, signing a smart contract that is designed to steal all your crypto and NFTs, mint fake NFTs, trick you into authorizing access to various social media accounts.
There are some incredibly eloquent scams out there that even the best of us fall for. Therefore, do NOT click any links and always report if there has been a “leak” where someone outside the team has authorization to post links on any social medias.
An example of a major link hack: https://www.theverge.com/2022/1/7/22870912/nft-communities-boom-discord-hackers-cryptocurrency-webhooks