Skip go main kontent

Last taim wey dem update dis page: 13 Sẹptẹ́mba 2024

Ethereum sekurity and skam privenshon

Rising interest in cryptocurrency dey bring im growing risk from skamma and hackas. Dis artikol give out some praktis wey betta pass to ridus dis risks.

RimiRimemba: Nor one from ethereum.org go eva kontact yu. Make yu nor reply to email wey tok sey dem from offishial Ethereum suport.

Crypto sekurity 101

Make yu level up wetin yu sabi

If yu nor ondastand di way crypto dey wok yu go foll for one shance. For eksampol, if somone dey pritend to bi one kustoma savis agent wey fit riturn lost ETH in ekshanj for yor private keys, dem dey prey on pipol make dem nor ondastand sey Ethereum na one disentralize netwok wey ey lack dis kain funcshon. To dey edukate yousef on hau Ethereum dey wok na betta investment.

What is Ethereum?

Wetin bi ether?

Wallet sekurity

Make yu nor give out yor private keys

Neva, for any rizin, shia yor private keys!

Di private key to yor wallet na one password to yor Ethereum wallet. Na di only tin wey dey stop someone wey sabi yor wallet address to drain all yor assets komot from yor akant!

Wetin bi ethereum wallet?

Make yu nor take skreenshot of yor seed fraiz/private keys

To dey skreenshot yor seed fraiz abi private keys fit sync dem to one kloud data provida, wich fit make dem hackas access am. To dey obtain private keys from di kloud na komon attak vector for hackas.

Make yu yus hardwia wallet

One hardwia wallet dey provide offline storaj for private keys. Dem konsida dem as di wallet opshon wey sekure pass to dey store yor private keys: yoy private key neva touch di intanet and dey stay for yor lokal device kpatakpata.

To dey kip private keys offline wella dey ridus di risk to hack yu, even if one hacka get kontrol of yor komputa.

Try one hardwia wallet:

Make yu shek di transakshon again bifor yu send

To send crypto to wrong address by asident na komon mistake. Yu nor fit rivarse one transakshon wey dem send on Ethereum.Onless yu sabi di address owna and fit konvins dem to send yu yor fund bak, yu nor go fit get yor funds bak.

Always dey make sure sey di address wey yu dey send to matsh di risipient address wey dem disaya gangan bifor dem send one transakshon. Na gud praktis wen interating wit one smart kontract to read di transakshon messaj bifor dem sign.

Make yu set smart kontract spend limits

Wen interating wit smart kontracts, make yu nor allow spend limits wey nor get limit. One spend wey nor get limit fit enabol di smart kontract to drain yor wallet. Insted, set to dey spend limit to only di amount wey dey necessary for di transakshon.

Plenti Ethereum wallet dey offer limits proteshon to safeguard against akants dem drain.

Hau yu fit komot smart kontract access to yor crypto funds

Komon skams

Im nor posibol to stop skamma kpatakpata, but wi fit make dem less effektiv to bi awia of dem tekniks wey dem yus pass. Plenti variashon of dis skams, but dem generaly follow di same high-level patterns. If notin else, rimemba:

  • make you always dey ask kweshons
  • nor one go give yu free abi ETH wey dem diskount
  • nor one nid access to yor private keys abi pesina infomashon

Twitter ad phishing

Twitter link phishing

Metod to dey yus spoof Twitter (wey dem also sabi as X) link preview feature dey (unfurling) to potenshialy disiv users to tink sey dem dey visit one legitimate website. Dis teknik dey sheat Twitter mekanisim to dey generate previews of URLs wey dem shia in tweets, and dey show from ethereum.org for eksampol (wey dem show above), wen in fact dem dey diret dem to one skam site again.

Always shek sey yu dey di rite domain, espeshialy afta dem klick one link.

Plenti infomashon here(opens in a new tab).

Skam awoof

One of di skams in cryptokurensy wey komon pass na di giveaway skam. Di awoof skam fit take plenti forms, but di general idea na if yu send ETH to di wallet address dem provide, yu go risiv yor ETH back but na doubol. For dis rizin, dem also sabi am as 2-for-1 skam.

Dis skams ushualy dey take smoll taim of oppotunity to klaim di awof to kreate one false sense to do am fast-fast.

Soshial midia hacks

One high-profile vashon of di don hapun in July 2020, wen dem don hack Twitter akants of popular seleb and organisashon. Di hacka post one Bitcoin awoof at di same taim on di akant dem hack. Aldoh wi dey kwik notis and delete di tweets wey dey disiv, di hackas still dey manaj to get away wit 11 bitcoin (abi $500,000 as of September 2021).

One skam on Twitter

Celeb awoof

Di celeb awoof na anoda komon form wey di skam awoof dey take. Di skammas go take one fidio intaview abi konfrens tok wey dem rekod and go put am for YouTube - as dem make am look laik di sey dem give one live fidio intaview to di seleb wia em dey apruf cryptocurrency awoof.

Dem yus Vitalik Buterin often in dis skam, but dem also yu plenti oda popular pipol involve in crypto (e.g. Elon Musk abi Charles Hoskinson). Pesin wey dem sabi wella join to give di skammas livestream sense of legitimasy (dis bi laik skam, but Vitalik join, so im suppose dey okay!).

Awoof na always skams. If yu dey send yor funds to dis akants, yu go luz dem foreva.

One skam on YouTube

Suppot skams

Cryptocurrency na young and teknology wey dem nor ondastand wella. One komon skam wey take advantaj of di na di suppot skam, wia skammas go bi laik suppot pesin for popular wallets, ekshanjis, abi blockchains.

Plenti of di diskushon about Ethereum dey hapun on Discord. Support skammas go dey always find dem target as dem dey search for suppot kweshons for publik discord shanels and dey send di pesin wey dey ask kweshon one private messaj offerin suppot. As dem dey build trust, suppot skammas dey try trick yu to show yor private keys abi dey send yor funds to dem wallets.

One suppot skam on Discord

As one general rule, staff go neva komunikate wit yu thru private, shanels wey nor bi offishial. Some simpol tins to kip in mind wen dem dey deal wit suppot:

  • Neva shia yor private keys, seed fraiz abi passwods
  • Neva allow anyone remote access into yor komputa
  • Neva komunikate one organisashon shanels for outside
Dey kiaful: aldoh suppot-style skam dey always hapun on Discord, dem fit also plenti on any chat aplikashons wia crypto diskushon dey hapun, inkludin email.

'Eth2' token skam

For di run-up to Di Merge, skammas don take advantaj of di konfushon around di term 'Eth2' to try and get users to redeem dem ETH for one 'ETH2' token. 'ETH2' nor dey, and dem nor introdus oda legitimate token wit Di Merge. Di ETH wey yu own bifor Di Merge na di same ETH nau. Dia is no nid to take akshon wey rilate to yor ETH to akant for di switch from proof-of-work to proof-of-stake.

Skammas fit appia as "suppot", as dem dey tell yu dat if yu deposit yor ETH, yu go risiv back 'ETH2'. Nor official Ethereum suppot dey, and nor new token dey. Neva shia yor wallet seed fraiz wit anyone.

Note: E get some derivative tokens/tickers wey fit reprisent ETH wey dem stake (ie. rETH from Rocket Pool, stETH from Lido, ETH2 from Coinbase), but dis nor bi sontin yu nid to "migrate to."

Phishing skams

Phishing skams na anoda angol wey skammas go yus try yus steal di money wey dey yor wallet.

Some phishing emails dey ask users to klick on links wey go re-diret dem to dey kopy websites, to dey ask dem to enta dem seed fraiz, reset dem passwod abi send ETH. Odas fit ask make yu instol somtin wey go harm yor komputa and yu nor go sabi kon give di skammas shans to enta yor komputa files.

If yu risiv one email from senda wey yu nor sabi, rimemba:

  • Neva open one link abi attachment from email address wey yu nor sabi
  • Neva give yor pesina infomashon abi passwod to anyone
  • Delete email wey kome from pipol wey yu nor sabi

More on hau to dey afoid phishing skams(opens in a new tab)

Crypto trading broker skams

Skam crypto brokas klaim sey dem bi speshialist for crypocurrency brokas wey go wan take yor money kon invest am for yu. Afta di skamma risiv yor money, dem fit make yu follow wetin dem want, kon dey ask yu to send more money, so dat yu nor go miss for fushure investment gains, abi dem fit disappia kpatakpata.

Dis wayo pipol dey often find targets as dem dey yus fake akants on YouTube to start nashural tok-tok about di 'broka'. All dis tok-tok dey turn to inkrease legit, but di upvotes dem dey kome from bot akants.

Nor dey trust intanet pipol wey yu nor sabi make dem invest for yu. Yu go luz yor crypto.

One trading broka skam on YouTube

Crypto mining pool skams

As of September 2022, im nor longa posibol to dey mine for Ethereum. Aldoh, mining pool skams still dey. Mining pool skam kontain pipol wey dey kontat yu anyhau kon dey tell yu sey yu fit make big profit if yu join one pool to dey mine Ethereum. Di skamma go hang for yor neck kon dey messaj yu for long taim im fit take dem. Wetin hapun bi sey, di skamma go try make yu bilif sey wen yu join one pool to dey mine Ethereum, dem go yus yor cryptocurrency to kreate ETH and dem go pay yu ETH dividends. Yu go kon si sey yor cryptocurrency dey smoll riturns. Dis na juz bait to dey make yu invest more. Las las, yu go send all yor money to address wey yu nor sabi, and di skamma go disapia abi go kontinu to dey halla yu as im don hapun for risent kases.

Di koko bi sey: Make yu dey kiaful of pipol wey dey try follow yu on top soshial midia kon dey ask yu to join on pool wey dey mine. Wons yu luz yor crypto, im don go.

Some tins to rimemba:

  • Bi kiaful of anyone wey dey tell yu about ways to make money for yor crypto
  • Dey do yor risearch about staking, likwidity pools, abi oda ways to dey invest yor crypto
  • Im nor too komon, if im don eva hapun, na such tins wey legit. If dem bi, dem go fit bi mainstream and yu for don hear of dem.

Man luz $200k for mining pool skam(opens in a new tab)

Airdrop skams

Airdrop skams involve one skam projet airdroppin one asset (NFT, token) into yor wallet and dey send yu to one skam website to klaim di airdrop asset. Dem go tell yu to sign in wit yor Ethereum wallet and "apruf" one transakshon wen you try to klaim am. Dis transakshon komprise of yor akant by sendin yor publik and private keys to di skamma. Anoda way wey dis skam fit hapun na to make yu konfam one transakshon wey go send money to di skamma akant.

More on airdrop skams(opens in a new tab)

Web sekurity 101

Yus strong passwods

Ova 80% of akant wey dem hack na rizut of passwod wey nor strong abi one wey dem steal(opens in a new tab). Long kombinashon of karakta, numba and symbol go helep yu kip yor akant sekure.

One komon mistake na to dey yus kombinashon of few komon, wods wey look di same. Passwods laik dis nor dey sekure bikos dem fit hack dem if dem yus di teknik wey dem koll diksonary attak.

Eksampol of passwod wey nor strong: CuteFluffyKittens!

Eksampol of passwod wey strong: ymv\*azu.EAC8eyp8umf

Anoda mistake wey pipol dey do bi sey dem go yus passwods wey pesin fit guess am izy abi sabi thru soshial engineering(opens in a new tab). To dey put yor mama maiden name, yor pikin abi pet name abi date wey dem born yu for yor passwod go inkrease di risk for pipol to hack am.

Good passwod praktis:

  • Make passwods as long as dem allow by either yor passwod generator abi di form yu dey fill
  • Make yu yus mikshure of uppakase, lowakase, numbas and symbols
  • Make yu nor yus pesina ditails, laik family names, for yor passwod
  • Afoid komon wods

More on hau to kreate strong passwods(opens in a new tab)

Yus unik passwods for efritin

One strong passwods wey don show di data breach nor bi strong passwod again. Di website Have I Been Pwned(opens in a new tab) dey allow yu to shek if yor akants involve in any publik data breach. If dem don, shanj doz passwods kwik kwik. To dey yus unik passwods for efri akant lowas di risk of hackas to get access to all of yor akants if one of yor passwods don kompromise.

Make yu yus one passwod manaja

To dey yus passwod manaja dey take kia of kreatin strong, unik passwods and dey rimemba dem! We rekomend strongly to dey yus one, and plenti of dem dey free!

Make yu dey rimember strong, unik passwods for efri akant yu get nor gud. Passwod manaja dey offa sekure, enkrypted atore for all yor passwods wey yu fit access thru one strong masta passwod. Dem also sujest strong passwods wen yu dey sign up for new savis, so yu nor nid to kreate yor own. Plenti passwod manajas go also tell yu if yu don enta data breach, to allow yu shanj di passwods bifor any bad attak.

Eksampol of yusin one passwod manaja

Try paswod manaja:

Make yu yus Two-Faktor Autentikashon

Dem fit somtaims ask make yu autentikate yor identity thru unik prufs. Dem sabi dis as faktors. Do three main faktors na:

  • Somtin yu sabi (laik one passwod abi sekurity kweshon)
  • Somtin yu bi (laik fingaprint abi eye/face skana)
  • Somtin yu get (one sekurity key abi autentikashon app for yor fone)

To dey yus Two-Faktor Autentikashon (2FA) dey provide one sekurity faktor join for yor online akants. 2FA dey make sure sey to get yor passwod nor dey enuf to access one akant. As im komon, di sekond faktor na randomaiz 6-digit kode, wey dem sabi as one taim-base one-taim passwod (TOTP), wey yu fit access thru one autentikator app laik Google Autentikator abi Authy. Dis dey wok as one "somtin yu get" faktor bikos dem store di seed wey dey generate di taim kode on yor device.

Note: To dey yus 2FA dipend on SIM jacking(opens in a new tab) and im nor dey sekure. For di sekurity wey betta pass, yus one savis laik Google Autentikator(opens in a new tab) abi Authy(opens in a new tab).

Sekurity keys

One sekurity key na one type of 2FA wey dey more advans and sekure. Sekurity keys na fisika hardwia autentikashon device wey dey wok laik autentikator apps. To dey yus sekurity key na di way to 2FA wey sekure pass. Plenti of dis keys dey yus di FIDO Universal 2nd Faktor (U2F) standard. Learn more about FIDO U2F(opens in a new tab).

Watch more on top 2FA:

Komot di browsa ekstenshons

Browsa ekstenshons, laik Chrome ekstenshons abi Add-ons for Firefox, fit impruf browsa funkshon but dey also kome wit risks. Nomal, plenti browsa ekstenshons dey ask for access to 'rid and shanj sait data', wey dey allow dem do almost anytin wit yor data. Chrome ekstenshons dey alwaya update automatikaly, so di previos safe ekstenshon fit update later to get bad kode. Plenti browsa ekstenshins nor dey try steal yor data, but yu suppose dey awia sey dem fit.

Stay safe make yu dey:

  • Only install browsa ekstenshons from sorsis wey yu trust
  • Dey rimuv browsa ekstenshons wey yu nor dey yus
  • Install Chrome ekstenshons lokaly to stop auto-updating (Advans)

More on di risks of browsa ekstenshons(opens in a new tab)

Further reading

Web Sekurity

Crypto sekurity

Skam edukashon

Test your Ethereum knowledge

Shey dis artikol dey helep?