 | This post is inspired by numerous "No way I'm clicking that link" comments which make crypto look a lot more dangerous than it is. In reality, even scams have to follow rules and require certain steps, so let's look at what is dangerous and what isn't. Clicking a linkWith an up-to-date Operating System and browser you don't have to worry about clicking links. If a website asks you for additional permissions, wants to initiate a download or connect to your wallet, simply don't do it. If you downloaded something, move it to the trash. Life Pro Tip: Use browser add-ons like NoScript to explore unknown websites and using a different browser for DeFi can give you additional peace of mind. Connecting a walletThis is the point where many beginners will become unsure, but in fact it's not risky to just connect a wallet. This is how connecting a wallet in Metamask looks like: Note the text in the red circle. You allow websites to see your address (this includes balance and activity) and suggest transaction. While this might compromise your privacy, a wallet connection can not make transactions of any kind without your explicit approval. Making a signatureOne step scarier, and still safe: Prove someone you are the owner of a wallet by providing a signature. This can look like this: Note the message is shown and clearly human-readable clear text. Sometimes you might just be asked to sign an arbitrary number ("Nonce"). If you are just signing a number or clear text message, this can't possibly be used against you. While there are 100% safe signature methods today, there are older signature methods ("eth_sign") which allow to sign messages which can be disguised transactions. If the text appears to be some gibberish, binary or even code, reject it. Metamask has eth_sign disabled on default. Signing transactionsThis is the critical step without a doubt. Here are two examples: The left one asks for an approval, the right one for a contract interaction. A malicious website could use both methods to steal your funds. Before confirming a transaction, always make sure you are on the correct website. Do you remember how you got there? Did you use a bookmark or google it? In doubt just reject the tx and start over. Note Metamask now uses limited approvals on default. If a limited approval gets exploited, only the approved amount can be stolen. This is an extremely handy feature on chains with low fees and you should always use it. Once an approval is given, it can be used at any time by the contract without requiring an additional confirmation from you. Revoke approvalsIf you have an open or unlimited approval for a website you don't trust any longer, you can always revoke them. Websites like revoke.cash can be used to get an overview over them. Also most block explorers allow viewing and revoking approvals by visiting the /tokenapprovalchecker url. This is supported by Etherscan, Polygonscan, Arbiscan and many more! If you don't plan to use a contract again and have an approval for it, you should revoke it. Stay safeThis post is not an invitation to click links to clearly fraudulent websites or connect your wallet to anything that asks for it. I believe education is the best way to make people confident and safe in using DeFi, and a part of that is knowing what each of this steps does and what it doesn't. tl;dr:
[link] [comments] |
You can get bonuses upto $100 FREE BONUS when you:
π° Install these recommended apps:
π² SocialGood - 100% Crypto Back on Everyday Shopping
π² xPortal - The DeFi For The Next Billion
π² CryptoTab Browser - Lightweight, fast, and ready to mine!
π° Register on these recommended exchanges:
π‘ Binanceπ‘ Bitfinexπ‘ Bitmartπ‘ Bittrexπ‘ Bitget
π‘ CoinExπ‘ Crypto.comπ‘ Gate.ioπ‘ Huobiπ‘ Kucoin.
Comments