Best Practices for Safety in Web3

Getting into blockchain and Web3 technologies can be daunting. That is why we are providing an educational series on things to look out for when first getting into the space. There is a lot to know, but if you practice these basic strategies you can start to feel more secure in how your investments are kept safe and how you can confidently browse through Web3!

Just like in our every day lives today, hackers and scammers are constantly looking for ways to take advantage of people in order to gain information, money, assets, identity and more. We've all gotten that phishy email or that ridiculous phone call telling us we have just won one million dollars! Maybe even that you've won a new vacation to the Bahamas! Congrats! Now all you need to do is provide your social security number, or your bank account number.

Although this is exaggerated, there are levels to scammer's ability to siphon information from you. I'll break down how this happens often in Web3 and give some simple solutions on how to avoid this. At the end, there will be a link to a CoinBureau video that outlines some specific steps you can take to keep yourself safe!

General Security

As a reminder, here are a few simple security tips when using any app or website no matter if it is in Web3 and related to blockchain or in your everyday browsing on the internet


Understanding Password Creation from Intel

Seems pretty simple, but this is an important one to highlight. Hackers have the ability to brute force query for passwords. They can essentially run software to figure out your password by trying out millions of combinations until the right one fits and even use common passwords that have already been revealed from hacks in the past. This is why it is important to make sure your password contains a variety of characters (capital and lowercase letters, symbols and numbers) the more variety, the more difficult the guess. Some may even choose a password manager to help keep everything secure and simple.

2-Factor Authentication (2FA)

This takes just a little more time so that your account is secure. It provides two steps.

  1. Entering in your password (this is open to hacks)
  2. A separate email, text or authenticator app request sent to your device

These two factors bolsters the security if your password ends up being obtained by scammers. Sometimes, this isn't enough though because some phishing links can bypass this securty altogether.


Image Source TalosIntelligence

This happens very often, especially in the Web3 space. A well known website can have a couple of rearranged letters (as demonstrated above) that result in you selecting a website that looks very similar to the one you are used to interacting with but in fact leads you to a different interface to steal your information - phishing. These phishing attacks have become more sophisticated over time and have led to large amounts of funds being stolen. In some cases, they can even bypass 2FA if you open the links

Another common strategy is to offer a bonus or claim an attack to create a sense of urgency and encourage you to use the link. STAY AWAY. Always question these types of links. Here is an example of one that is seen often. Looks real doesn't it? The moral of the story is that although you can earn and get rewards for contributing in Web3, nothing is truly free. Be cautious of these types of scams

Common phishing scam

Web3 Security


As you enter into this new space, you will be confronted with these common security threats outlined above. Web3 is new, and you may be new to using wallets, public and private keys, transferring funds and interacting with dApps. This section is meant to make these things feel safer and easier. If those topics don't make sense, rest easy! We have some more content for you to learn about that! Let's breakdown a couple of these topics.

Keeping Your Crypto on an Exchange

This is a very easy thing to do. When using common apps like Coinbase, Kraken or Kucoin you may purchase a coin and hold it in the exchange account. This is inherently risky as exchanges are the most commonly targeted for attacks. This is because they are centralized places of money. It's all in one place. Notably, your coins aren't even yours there. The amount in your wallet is an IOU from the exchange to you. Only when your money is in your wallet is it more safe from hacking. Getting them off the exchange and into your wallet is a good option

Hot Wallet

  • These are wallets that are commonly used like Metamask (Ethereum), Phantom (Solana), or Talisman (Polkadot/Kusama)
  • Your money is stored in your wallet so you have "custody" of them
  • They are still vulnerable to hacks as noted above because your assets are still online (hot)
  • Many people elect to use "cold storage" which is moving from being online to being offline in a separate "hardware wallet"

Cold Wallet or Storage

  • This is described as cold storage because when your assets are stored here they cannot be accessed by an online attacker
  • When you want to use your funds you can move them from "cold storage" to a hot wallet and use the funds online
  • This is a bit more complicated, you can watch CoinBureau's take on cold storage here for some good options. Trusted top options are Ledger and Trezor

A Common Flow of Safe Asset Purchase is as Follows:

  1. Buy assets on an exchange
  2. Move them to a hot or cold wallet for safe keeping
  3. If you choose a cold wallet, this is like your bank account where your assets are stored
  4. Your hot wallet is like your debit card to allow for transactions while online

Feel free to comment below for any help on this topic

Losing Your Private Keys or Seed Phrase

This one is straightforward yet common. I remember my parents used ot have a notebook with all our passwords written down and as I got older I thought it was so antiquated. Well, now I agree!

When you create a new account you are given "Private Keys" which are the keys to your wallet. As you interact with Web3 more, you will see these keys generated when creating new wallets or accounts. It is safe to keep these as a hard copy in a notebook or on key cards. Although it is convenient to put them as pictures in your phone, this is susceptible too. It is up to you on how deep you want your security to be. Here is a visual of a hard copy private key card from Ledger, a common cold storage option.

From Ledger

This is important because if you get locked out, change browsers or get a new computer, you will need to restore your wallet from a seed phrase and/or your private key. Always keep these safe and available!

Sum It All Up For Me, Please!

In the end, the most important way to stay safe in Web3 is to be vigilant about the links you choose and the transactions you sign. There are many out in this world who are working to siphon your hard work and gains away from you. It just makes sense to find ways to secure this. This has meant to be a quick overview for beginners to understand basic security concepts in Web3. If you are interested to learn more, have a suggestion or want to discuss other ways to keep your assets safe, comment below and we can chat!

As promised, here is an outstanding deep dive on Web3/Crypto security from CoinBureau, enjoy!

Csaint02Post author

Polkadot Eco Enthusiast, follow for insights on connecting the DOTs, shitposts, and general shenanigans

A streamlined beginner's guide for you to learn about everything Polkadot has to offer. From how-to guides, NFT learning, technical developments and more, we've got you covered. Want to post something educational you think will help newcomers, please feel free!


A streamlined beginner's guide for you to learn about everything Polkadot has to offer. From how-to guides, NFT... Show More