Staying Safe in a Trustless Environment

As we gear up towards Mainnet, we wanted to take this opportunity to share some tips and advice that we have learned along the way to keep you safe within cryptocurrency. As part of general prudent practices, these tips can help keep your funds safe and reduce the likelihood of investing in “rug pulls”.

Keeping Your Funds Secure and Safe

This section will explore how you keep your existing assets safe from risks from malicious actors and other parties.

Using Cold Wallets Where Possible!

Cold wallets are those which are not connected to the internet. Hardware wallets such as Ledger and Trezor are examples of cold wallets.

Users are able to sign a transaction using their private keys in an offline environment. This means the private key is never exposed to an online server, which protects private keys (and associated funds) from attack vectors such as cyber hacks.

This was most recently seen in August 2022 when a number of major hot wallets in the Solana ecosystem were compromised due to software used by several providers (i.e., supply chain attacks).

Using Multi-Factor Authentication on Exchanges!

Users should look to minimize their exposure to centralized exchanges. Little transparency and the possibility of a “bank run”, or worse fractional reserves make it an unattractive location to store assets.

However, when users need to use a centralized exchange, they should make sure to enable multi-factor authentication to provide an additional layer of security. This will mean that even if a malicious actor gained access to your username and password for an exchange, they wouldn’t be able to access your funds (which also reminds me, don’t use the same username and password on all websites).

Be aware of what you are using!

Crypto is full of malicious sites that replicate other sites with the aim of having a user connect their wallet and make a transaction that unknowingly drains their wallet. Bookmarking protocols that users frequently interact with are helpful to prevent interacting with “spoofs”. Cross-referencing links to those that are provided on official social channels can also provide a greater level of confidence.

Store Your Seed Phrase!

Store your seed phrase (that string of words) in several secure locations. This can be as simple as a piece of paper placed in a safe. Alternatively, you could store pieces of your seed phrase in separate locations (along with a key in the order to recreate the full phrase). Many people also use alternative mediums such as engraving their phrase within a metal bar to be protected in case of fires or in an encrypted USB.

Reviewing and Vetting Projects

Lastly, we will share some tips that may help you dodge a potential rug pull project! None of these are definitive signs of a rug pull but are things you should consider.

Is the Project Source-Available and Has It Been Audited?

Source-available software is software whose source code is distributed along with it. While readily available, this software may not necessarily allow third parties to use, study, change, or, distribute the source code.

Even if you are unable to read code, the benefit of source-available software is that any third party may be able to read and understand the code which gives neutral parties the ability to comment on any malicious actions the software could take.

Furthermore, audited software provides the benefit that experts have provided their view on the safety of the code which provides an additional layer of confidence regarding the protocol.

Do We Know the Team?

While this will initially read as “are the team doxxed?”, this is not necessarily the case. A doxxed team makes vetting credentials and integrity easier as individuals can search the internet for their prior experience and reputation. However, this can similarly be done with “anon” developers that build a reputation across the protocols they work on.

If you are unable to find information on the team, or if the team has members who have a poor reputation, these may be red flags that one should consider.

Moreover, it is worth seeing if team members have individually aligned themselves with the project. If famous developers have been associated with projects but have never been seen supporting them in public, it is worth being cautious about such a project!

Does the Project Make Promises or Expectations of Large Profits?

Many projects within the cryptocurrency space offer unsustainable yields with high two-digit and three-digit yields. Users should be wary of large yields and consider what the source of the yield is. Users should also consider the risks associated with earning this yield (e.g., impermanent loss or effects of unbonding periods).

Moreover, users should also consider how their yield is denominated. Historically, many protocols have given unsustainable yields in their native token in exchange for absorbing the yield from the assets provided by users (which tend to be staking income from more reputable projects). Large rewards of illiquid tokens can be a net loss for users.

Is the Project Static or Is There Clear Progress and Improvements?

If the project shows you long, lengthy roadmaps with best-in-class developments but the project itself has not seen a notable upgrade or improvement in a long time, it is prudent to consider whether there are actual execution delays or if there is no intention to deploy any upgrades.

Crudely put, you could be the exit liquidity that malicious entities are looking for!

Stay safe and follow our official channels!