The evolution of technology means that even the Internet itself will continue to evolve. From Web 1.0 to Web 2.0, we are just beginning the next iteration of the Internet – Web 3.0.
But even in its development phases, Web 3 already has security issues that hackers take advantage of.
Read on to learn about some of the latest Web 3 hacking horror stories and how to stay safe in the coming Web 3.0 era.
Web 3 hacks are getting more and more sophisticated
While the decentralized applications (dapps) that we can currently access are already a bit Web 3, we are not really in a Web 3 version of the Internet yet. There is still a lot of work to do before Web 3 becomes fully functional.
Security is arguably the biggest challenge, as regular media reports of Web 3 hacks highlight.
Web 3 can only succeed if current security issues are addressed, which makes it nearly impossible for hackers to steal user funds.
A recent Twitter feed shared by thomasg.eth – the founder of Arrowa Decentralized Autonomous Organization (DAO) working to build open-source vertical take-off and landing (VTOL) aircraft and an air taxi protocol – which has nearly lost all of its ethereum (ETH) in what it has called a social engineering scam, shows how Web 3 scams are perpetrated.
It all started with a user called “heckshine” reaching out to thomasg.eth on Discord to show interest in Arrow and offer to help. Heckshine then introduced Thomas to Linh, who is said to be passionate about VTOLs and working on a metaverse project. After several exchanges, Linh then mentioned that they had launched their staking app and offered to send thomasg.eth two different non-fungible tokens (NFTs).
Things then got complicated because while Thomas asked for the NFT to be sent to his hot wallet, Linh wanted to send it to his main wallet. When Thomas demanded to read the contract before the NFT was sent to his main wallet, Linh started to get pushy. Thomas then realized that the tokens he was endorsing were not Armstrong ETH, but rather Aave’s aWETH and that on his main address almost all of his ETH was sitting in Aave. His saving grace was that he chose to move the NFT to a new ETH address.
And Thomas is not the only one. Todd Kramer, an NFT collector, lost 16 of his Bored Ape Yacht Club (BAYC) and other related NFTs in what it says was a hacking incident.
Unlike Thomas, Kramer lost his NFTs due to a phishing attack that happened when he clicked on a link that looked like an NFT dapp. The stolen NFTs are estimated to be worth around $2.2 million. Fortunately for him, he was able to recover some.
Unfortunately, these stories are becoming more common as the hacks become more and more sophisticated.
How to Stay Safe in the Burgeoning World of the Web 3: 5 Tips
Let’s take a look at some of the methods you can use to protect yourself as you dive into the burgeoning world of Web 3 apps.
1. Don’t connect your wallet to any app
Web 3 is still in its infancy and there is still a lot to discover. If you are using Web 3, the first security measure to take is not to connect your main wallet to any decentralized application.
If you need to connect your wallet to a dapp, make sure it’s the correct dapp to avoid losing your funds.
2. Do not click on links shared on Telegram or Discord
Although you can use Telegram and Discord to chat and connect with like-minded people, you still don’t know exactly what people’s true intentions are on these networks. And just as you’ve been advised not to click on random links shared on the internet unless you can verify their source, the same rule applies to links shared on Discord and Telegram.
Always be careful when clicking on links to open apps, as links can easily be redirected. Make sure that the particular link you access is the one shared by the particular dapp on its social pages.
3. Avoid sharing too much personal information online
Sharing too much information online can leave you vulnerable to social engineering attacks. Never share personal information unless you know exactly why it is needed and how it will be used.
Also, do not share sensitive information such as transactional data related to your main wallet.
4. Check that the people you’re talking to online are who they say they are
Unfortunately, it’s not easy to control who can contact you online. People may hide their true motivations for wanting to connect with you, but those motivations aren’t necessarily innocent. That said, if someone contacts you online, you need to check if the person they claim to be is who they are.
It is easy for scammers to open accounts pretending to be others and use these accounts to scam innocent users.
One of the ways to check if the person you’re talking to is who they say they are (especially when working in anonymous teams) is to contact the real person through other channels. This way you will know if you are talking to the real person they claim to be or an impersonator.
5. Use different credentials for different sites
Using one ID on different social or web pages is never a good idea. Consider using a password manager. Good password managers will not only create strong passwords, but also unique passwords. This way, if you end up getting hacked on one account, all of your other accounts will be safe.
Although Web 3 is in its infancy, it looks like we could be heading towards this new version of the Internet within the next decade. However, before everyday users can actually use the “decentralized internet”, security issues will need to be addressed. Otherwise, Web 3 may not materialize.
– Web3 in 2022: defining a concept and developing a new paradigm
– Crypto Security in 2022: Prepare for More DeFi Hacks, Exchange Outages, and Noob Errors
– Imposters attempt to cheat Ukrainian crypto donors via phishing websites and fake donation addresses
– BBC Scraps Show on Millionaire Crypto Trader Following Scam Allegations
– Alleged Bitfinex Crypto Exchange BTC Launderer Morgan Seeks ‘Plea Deal’
– Coinbase pulls buy instructions for three coins amid mat pull warnings
– Scammers stole $7.7 billion in crypto in 2021 amid rising rug pull – Chainalysis
– AnubisDAO reports “critical error” after losing $60 million in investor money
– Crypto Scams That Shook Asia to the Core, Part 3: iFan and Pincoin