PROTECTING YOURSELF FROM DEFI RISK.
What is Decentralized Finance?
Decentralized Finance (DeFi) is the fusion of conventional banking services with decentralized technologies like blockchain. …… Services like s avings and checking accounts, loans, stock investing, insurance, and other utilities are among them.
Risk in DeFi could be grouped into three; financial, procedural and technical risk.
- Financial risk is described as a comparison of the potential risk and reward associated with various investment opportunities with the objective of creating a profitable portfolio based on a person’s or organization’s risk tolerance.
- Procedural risk While it appears to be similar to technological risk, procedural risk explores the ways in which consumers might be tricked into using the product in unintended ways that could compromise their security rather than looking at the product or service.
- Technical risk means checking for potential vulnerabilities in the hardware and software behind a product or service.
Now just so you’d know… The most common of the aforementioned three is the procedural risk. So lets list a few shall we?
- Baiting
Baiting, also known as “bait and switch” , this is whena hacker purchases ad space on a website and link it to a page infected with malicious (malware).
When a user (victim) clicks on the link, malware is downloaded to the device and is usually used to gain complete access to the system.
Bait and switch attacks are one of the reasons why it’s so important to be cautious when clicking advertisements and visiting new websites, companies, or organizations on the Internet.
- pretexting
Pretexting occurs when an attacker poses as a trustworthy person, such as a family member, an agent or other coworker with authority, or a healthcare provider, and takes advantage of the victim’s trust to gain money or information.
Pretexting attacks can take the form of email, phone calls, or in-person contact, with hackers pretending that there is an emergency to increase the urgency of the call, such as claiming that a supervisor is angry, claiming that a loved one has been seriously hurt, or claiming that it’s a business deal of some kind.
BEST WAYS TO PROTECT YOUR DIGITAL ASSETS
Always select trusted products and services. Baiting attacks are excellent examples of why it’s important to exercise extreme caution when installing or using new applications and websites.
Due to the lack of best practices for items like smart contract protection, determining the trustworthiness of decentralized products can be difficult and time consuming.
Unless you’re willing to undertake tasks such as auditing the protection of smart contracts, it’s best to stick with well-known solutions or seek advice from reputable experts before attempting to use unfamiliar apps.
Make use of the appropriate tool for the job. If you had access to a bank account, you wouldn’t leave your money (in cash) lying around, right?
You should also avoid storing any of your digital assets on an exchange or other hot storage solution.
It’s important to think about which digital wallets you want to use when storing digital assets.
- Hot storage refers to digital wallet solutions in which the wallet’s private key could be exposed to the Internet when performing tasks such as signing transactions. Hot storage solutions include mobile, web, and browser-based wallets, to name a few.
- Cold storage refers to digital wallets that don’t reveal the private key to the Internet by default. The most popular types of cold storage solutions are paper and hardware wallets
Hot storage solutions are mostly used for small amounts of cryptocurrency and kept for on-the-go use when using digital assets for things like teaching, developing, or trading, while funds intended for long-term savings should be secured in a trustworthy cold storage solution.
Always use multi-factor authentication
After creating a username and password, it’s very important to set up any multi-factor authentication procedures supported by your digital wallet solution. Multi-factor authentication procedures may include any of the following:
2 FactorCodes are time-sensitive codes that expire after a certain amount of time and can be sent via SMS (text) or an app like Google Authenticator. Apps that are often used instead of SMS to send codes would be vulnerable in the event of a SIM-swapping attack.
Email Confirmation could be used to confirm logins and withdrawals from a wallet.
Multi-Signature Authentication can be set up to enable “m of n” keys Before initiating a transaction, . To put it another way, a device might require 3 out of 8 keys to transfer funds — the user may decide how many keys must be present (m) and how many keys are available in total (n).
Always keep a back-up most (if not all) digital wallets allows the user to create a backup in the form of a seed phrase, JSON file, or just by exposing the private key.
Always keep the software up to date.
Effective software developers release updates on a regular basis, including bug fixes and patches for newly found flaws.It’s a good idea to keep your digital wallet apps up to date, but it’s also a good idea to download the new updates and drivers for the software on your PC and smartphones.
Any wallet containing more money than you are willing to lose should be backed up in a secure location.
Copies or seed phrases of your private key should be written on metal engraving or ink on paper enveloped in a plastic bag, and JSON files should be stored on password-protected USB drives, not on a Google drive or personal computer.
Never, ever, ever disclose your holdings. This is a big checkpoint; no matter how tempting it might seem or how ecstatic you may be, don’t offer your password, private key, or any other details that might jeopardize your investment or digital assets to the wrong stranger just because you were excited.
Consult your attorney and make a plan for your loved ones to inherit your digital asset, but don’t “snitch” on yourself by giving your lawyer your private key.(Yes that’s how important it is!!!)
Follow the guidelines given and your digital assets should be ASAP (As Safe As Possible).
