Basic Safety in Crypto and EOS
I once sent someone thousands of pounds by bank transfer for a car which didn’t exist. God damn I felt like an idiot. I had bought many cars this way before from trusted sellers.
This deal wasn’t “too good to be true” , it was a fair price for what looked like a good car.
That was in 2014, the police are still investigating the crime, I get an update every couple of months to tell me that they haven’t made any more progress.
Yesterday some members of the EOS community were crying out for help as they were sure that an ICO exit scam was occurring and they and many others would be victims.
Without going into details I had a little dig around and was stunned at the amount of people who have sent funds to this project on the promise of further gains.
We need to stop this madness.
Here are 3 simple rules.
- Do your research.
- Be Skeptical
- Own your decision.
There are going be lots of great investment opportunities, but with that will come lots of scams. This is not kindergarten, there is no teacher to run to when you get in trouble.
Some questions to ask when evaluating a project.
- Who are the team? Can you talk with them on a Zoom call? If not, why not?
- Why are they raising the money?
- What are their delivery milestones?
- Why should you care about this idea?
- What are they doing different to the other opportunities.
- Which trusted community members or Block Producers are working with them. If not, why not?
- Where is the business located? Check that it is real.
- What references are they able to provide?
- How long have the team been working together?
- Can you meet them face to face at an upcoming event? If not, why not?
Later this month we will be launching our Ignition platform which will be helping legitimate dApps start and build their communities. While we cannot promise that every idea will work, we can assure that any projects which eosDublin are associated with will pass the above checks.
Stay safe! — Caveat emptor!
Change your Active Keys
Every EOS account uses two public keys, the active key and the owner key. Both of these keys are associated with your 12 character address. This is one of the biggest innovations in crypto security in a decade, it means you can set multiple permissions to unlock one account and essentially configure the security of your account however you wish. Most crypto technology has relied on a more simplistic account structure, with every account unlocked by a single private key. With EOS, you can set up tiers of safeguards to protect yourself and sophisticated permissions systems. As a starting point, everyone on EOS should change their active key, so that it is different than the owner key. This means that every transaction you perform will be signed by the active key. If your active key were compromised through one of your transactions, you can still use your owner key to change that key instantly and protect your account. There are quite a few tools out there that can be used to set permissions, but we’ve always liked the Greymass EOS Voter application. Follow along in this tutorial.
Changing your active permission only takes a moment and it means you can always regain control of your account. These actions are permanent, so make sure you save your new keypair securely before you modify your active key.
Stake your EOS
Now that you have a new active keypair, you can always recover control of your account if your active key becomes compromised. But what if you don’t notice and someone uses your active key to drain your account before you have a chance to check on it? This is where staking comes in as an important security tool. The EOS network uses delegated proof of stake, so it allows you to stake your EOS coins back into the network to power it for actions such as voting. Re-using resources to power the network means EOS is the first carbon neutral chain and doesn’t consume massive power like Bitcoin. In addition to being environmentally friendly, it’s also a convenient security measure. Staked EOS takes 3 days to unstake, so if you keep all of your EOS staked it means that if your active key were stolen, the only action someone could perform would be to unstake. They couldn’t send your EOS elsewhere. You will likely notice if your coins have been unstaked and you’ll have time to change your active key and recover your account. You can use the Greymass EOS Voter tool to stake your EOS, and while your at it, vote for eosdublinwow!
Don’t trust applications or wallets
There are new applications coming out all the time as well as new wallet interfaces. This security strategy is quite simple. Don’t trust anything that comes out. Wait to use any new EOS application. There are virtually no applications for EOS that work that well on your mobile phone. Don’t use a mobile wallet or any mobile EOS application. In the next few years mobile applications for EOS will be common, but for the moment it just isn’t worth the security risk. There are a few trustworthy mobile wallets for EOS but if you are new and building a security strategy just don’t bother with them for now. It’s a cool concept to send someone EOS on your phone but you probably won’t use it. What if you lost your phone and realized it had your EOS keys on it? Most of the best applications for EOS are desktop only at the moment and there are plenty to explore.
Stick with Scatter
Using a desktop means that you can use secure desktop applications to access your wallet. We trust Greymass and Scatter. Scatter has been around since the beginning and most developers use it to connect their applications to the blockchain. If you are using the Scatter application on your desktop your keys are protected with a local password. Scatter’s list of EOS applications also doubles as an authoritative list of trusted apps. As you can see there are plenty of trusted apps to explore here.
Make sure you control your keys. Make sure you change your permissions so your active and owner permissions are different. Stake all of your EOS so that you have a 3-day buffer on any transactions. Don’t randomly google for EOS applications. Join the EOSDublin telegram and ask about applications and wallets first. A common scam is to replace one letter of a legitimate website with an accented letter. Can you see the difference between i and î ? If any site asks for your private key, it is a scam. If you’re using Scatter desktop, your private key is stored locally and securely and Scatter will interact with the blockchain whenever you need to.
Send us your security recommendations