Blockchain Gaming Security Best Practices
Navigating the blockchain gaming metaverse as a new user can be challenging. From understanding how wallets and transactions work, to being able to securely safeguard your assets. It’s a brand new frontier that brings together gamers, entrepreneurs, bankers, computer scientists, and unfortunately includes bad actors who are looking to take advantage of others.
Whether you’re trading tokens on an exchange, yield farming, or playing the latest blockchain game, having a heightened sense of personal cyber security and being ever vigilant to the various types of common scams is crucial. This article’s purpose is to serve as an educational piece that gives users an informative overview of some of the methods you can use to stay secure in the web3 world.
Phishing is a cybercrime in which a target is contacted by email, phone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, wallet private keys, and passwords. Phishing has become an ever-present threat for all internet users and so you should always be wary of the common types of suspicious emails, DMs, and texts.
Phishing emails and text messages may look like they’re from a company you know or trust like a bank, credit card company, your job, or your mobile wireless provider. As a best practice, do not click on email attachments or links in texts that you’re unsure of or seem sketchy. If you’re unsure if an email is from a legitimate source, double check the email address of the sender (especially when receiving emails from banks or crypto exchanges), including the email domain, to make sure it’s not slightly different than the correct email address to trick you. As for text messages, be on the look out for seemingly harmless texts that have links saying things like “Click here to track your package” as these might seem completely legitimate if you frequently order online, but it may actually be an SMS phishing text.
No one at Community Gaming will EVER ask for your private key, recovery phrase, account password, or phone number. If you receive a suspicious email or direct message that purports to come from CG or a CG staff member you can contact us in our Discord or email support at firstname.lastname@example.org. For more information and examples of common phishing techniques head over to Phishing.org
Direct Messaging Scams
It seems like a daily occurrence these days as a crypto gamer that you’ll get spam messages on Discord or Twitter. Sometimes they’re relatively harmless promotional messages from a bot asking you to check out some token, but occasionally they can be a malicious actor trying to trick you into giving up your private information. Lucrative offers and eye-catching or attention-grabbing statements are designed to attract people’s attention immediately. If it seems too good to be true, it probably is.
Two-Factor Authentication (2FA)
2FA is perhaps the most underutilized (and simple) precautionary measure that will help prevent data and/or financial theft. Everyone should absolutely have 2FA on their primary emails and financial accounts. It’s also recommended to use an app like Google Authenticator instead of SMS messaging to receive your 2FA codes in order to prevent the possibility of attackers getting around your 2FA by SIM swapping, which has become very common in the crypto space over the years. Advanced users can look into something like a YubiKey, but for the vast majority of people, using Google Authenticator will keep your accounts secure as long as you have your phone.
Anti-Malware & Anti-Keyloggers
Most people know that having good a anti-malware software is needed these days. Always do your own research to determine which software is best for your particular devices but products like ESET and Bitdefender are both great options for an affordable price. What most people don’t know is that another common method used to compromise someone’s data is through using keyloggers. Keystroke logging is an act of tracking and recording every keystroke entry made on a computer, often without the permission or knowledge of the user.
This type of malicious software can be used to track your passwords, online banking access, or even your text conversations on your mobile phone. If your anti-malware software doesn’t include this feature, it’s recommended that you install your own dedicated anti-keylogger software.
General Best Practices
When heading to CommunityGaming.io, it’s a good practice to bookmark the domain and always use your bookmark when navigating to the homepage so you’re sure it’s the correct one. As an additional best practice, do not log into websites with sensitive financial information when you are using public wifi. Lastly, and this probably sounds obvious to most, but try to get into the habit of updating your most important account passwords every 6-12 months.
Not Your Keys, Not Your Crypto
This is the big one. Storing your assets on a well-maintained, self-managed wallet can be the best way to keep your crypto safe. If you decide to store your assets on a centralized exchange, you have to understand that there’s always a chance, no matter how inconceivable it may seem, that some kind of theft or hack can result in a loss of its user’s funds. While it’s generally safe to keep a modest amount of crypto on a well-regulated centralized exchange, it’s recommended to store significant amounts in a wallet that only you (or an extremely trusted loved one) have access to the private key of.
Before rushing to move assets to self-managed custody, make sure when creating a new wallet that you’re generating your private key using a secure internet connection and that you immediately makes a few hard copies (ink or printed) that are stored safely. Your private key cannot be recovered if lost so make sure you’re securely storing a copy of your private key in multiple places. An example of this can one laminated copy stored in your house and a second copy in a safety deposit box. Do your own research for what is considered the best self-managed wallet (sometimes called a non-custodial wallet) for you, but two that are widely recommended are MetaMask as a browser-based wallet and Ledger as a hardware wallet.