As the Web3 ecosystem continues to grow, so does the threat of crypto scams.
Recently in the news, the Australian Securities and Investments Commission (ASIC) reported having uncovered and shut down over 600 cryptocurrency investment scams in just one year, highlighting the increasing sophistication and prevalence of these threats. Even more concerning is the fact that the 600+ operations that were shut down comprises a mere 9% of the 7000+ total phishing and scam investment websites identified.
These somewhat alarming statistics are part of a broader trend where scammers exploit new technologies like artificial intelligence to deceive unsuspecting investors.
The Anatomy of a Modern Crypto Scam
Cryptocurrency scams today are not just about tricking individuals into sending funds to a fraudulent address. They have evolved into complex schemes, keeping up with the growth of the typical Web3 user. Today’s scams often involve fake investment websites, phishing attacks to steal personal data, false promises of AI-powered trading systems that guarantee unrealistically high returns or falsely claimed international regulation. ASIC’s crackdown on these operations is a clear indication that the landscape of financial crime is adapting quickly to the innovations within the Web3 space.
The Role of AI in Amplifying the Scam Threat
One of the most concerning developments is the use of AI by scammers. While these emerging technologies are beneficial in many aspects, they can also provide tools for criminals to automate and enhance their scams, sometimes multiplying the potential damage. This can include creating convincing fake identities, automating phishing attacks and even generating fraudulent financial reports that appear entirely legitimate to the untrained eye.
As the Gala ecosystem continues to advocate for decentralized technology and the empowerment it offers, it’s crucial that our community remains vigilant against these emerging threats. Awareness is the gateway to knowledge, and knowledge is power and safety in this new Web3 world.
ASIC’s Efforts: A Wake-Up Call for the Global Crypto Community
ASIC’s successful takedown of 615 crypto investment scams serves as both a warning and a call to action for the global Web3 community. With Australians losing an estimated A$1.3 billion to these scams in the last year alone, the scale of the issue is undeniable. This is not just a problem for regulators but for every participant in the Web3 space, including those within the Gala community.
GalaChain’s Commitment to Security and Education
At Gala, we are committed to creating a safe and secure environment for all our users. GalaChain, our purpose-built Layer 1 blockchain, is designed with security at its core. Our ecosystem includes robust measures to protect against malicious activities and ensure that users can engage with Web3 technology safely. However, technology alone is not enough. Ongoing self education and awareness are key to avoiding and preventing scams.
We encourage our community to stay informed about the latest threats and to always verify the legitimacy of any opportunities in the Web3 space. Remember, if something sounds too good to be true, it probably is.
Building a Safer Web3 Future Together
The fight against crypto scams is a collective effort. As we continue to build and expand the Gala ecosystem, we must all remain vigilant and proactive in protecting ourselves and each other. By fostering a well-informed and cautious community, we can mitigate the risks and continue to enjoy the benefits of decentralized technology without falling victim to fraudulent schemes.
Imagine that you were a scammer trying to target a particular group of people… let’s say people who like to spend their days at the lake relaxing with a fishing pole hanging in the water. Who knows why – maybe you are trying to sell counterfeit lures? Coordinate putting out some AI-enabled fishing rod that’s collecting fingerprint data while they laze their days away? Motivations are rather inconsequential for this example.
You could pay for a big list of dark web data, but you could also just insert yourself into that community. You can hop on message boards, join chat groups, heck you could even go hang around local bait shops. Before long, you’ve got a lot of useful demographic data on people that are part of that group. Maybe all you have is some emails and IP addresses… but that’s enough to start refining your list and getting more information.
The same is true with Discord. The Gala community is a great place for the latest news and robust conversation about every aspect of the Gala Ecosystem. The popularity and richness of social connections that are forged on our Discord server or Telegram channel, however, also make them a popular destination for another type – scammers. It’s important to know and understand the tactics of these digital miscreants to keep your digital assets safe while still participating in any digital community.
Welcome to the 8th installment of The Guardian Papers, where we try to impart the wisdom that everyone should have to start a successful journey through the world of digital ownership. The blockchain world is still in its infancy. We here at Gala believe that empowering each and any member of our community makes us stronger as a whole.
Miss an issue of the Guardian Papers!? Check out past editions below!
It is our hope that this series has and will continue to present foundational information that will not only provide a base understanding of how to keep your blockchain footprint secure, but will also help inform your journey through this digital adventure so you can ask better questions, do better research, and make better decisions to help guard your entire community.
The Dark Side of Community
Discord was originally made for gamers. As the scope of the platform has grown to include countless massively popular communities, however, it has also attracted the riffraff that stalks digital space for the opportunity to steal from the unwitting. Because Discord servers categorize people into common interests, it’s easy for scammers to get inside groups and represent themselves as just another member – or even an authority figure – within that community.
The same is true for Telegram or other messaging apps where people commonly gather in like-minded groups. In these spaces, the community itself has already done the work to compile victims for all the villains in the cryptoshadows. Communities are welcoming because that’s the point of community. By simply being in these groups, however, you’ve done part of the scammers research for them… they know that you are part of their target audience.
Make sure you customize your privacy settings in Telegram… or else you’re about to get a whole hornet’s nest of attention from all the wrong people!
Community messaging apps like Telegram and Discord are third-party platforms that are utilized by Gala, but these can have their own security issues that are simply beyond any community’s ability to control. The scammers thoroughly know the shortcomings of these apps, and can exploit them to attempt to scam thousands of members of a community within minutes. Even one success will show them this pond is well-stocked with easy catches for their future fishing endeavors.
Any community where the digital villains see opportunity isn’t going to get rid of them without a fight, however. We can only turn the tide against the scammers by making sure that each and every one of us is ready to defend against them.
Don’t forget to customize your exceptions as well! By default, any member of Telegram’s premium subscription can contact you regardless of your settings 😱
Don’t forget to customize your exceptions as well! By default, any member of Telegram’s premium subscription can contact you regardless of your settings! 😱
How Scammers Prey on Communities
It’s hard to build and feel community if you’re always suspicious of your neighbors. The scammers are counting on this, because that’s not how defenses work. When you perceive yourself as ‘among friends’ your defenses naturally go down. You want to be helpful – after all, that’s what building community is all about.
That’s why they’re here. Community is a group trust that we build up over time with likeminded people. We can’t simply turn it off and on. It’s not like we recognize every member of the community, we just recognize that they are part of the community.
We’ve discussed impersonation before, so you’re all very well aware that there are people out there who will pretend to be Gala customers or community support. You need to stay vigilant for these types of things… these apps are where the scammers find their marks.
This isn’t to say that community itself is bad. In fact, it’s very very good. Community standards and best practices are how we combat these scammers. Building a community is too important to let scammers stop us. We have to build a better community to make it outlast the villains.
Trust is Earned
Just because someone is part of your community does not mean they’ve earned trust, and it’s not an insult to tell them so. Caution is admirable… and part of the point of web3 is to establish systems that don’t rely on trust.
First off, please adjust your privacy settings on Telegram, WhatsApp, Discord or similar apps if you have not. In Telegram, for instance, you can be contacted by anyone by default. If you don’t change that it’s only a matter of time before you are getting blown up with spam and scams. Similarly WhatsApp will show your personal phone number to anyone who comes looking if you don’t change the security settings… make sure to get this done or you’re wide open to an attack from a crytpovillain.
Even on Discord you can customize your security settings to control who can reach out to you. As we’ve discussed before, don’t trust a display name… that can be easily changed. Put people you trust on your friends list. Consider changing your settings so friends can message you. That way any new friend requests are where you know you need to be vigilant, and anyone on your friends list has already been vetted.
Trust, but verify
-Old Russian proverb
Don’t trust these security measures to be the end all be all of your defenses, however! People can get hacked or lose access to their accounts. Sometimes the attack could come from someone you know… albeit not them actually sitting in front of their keyboard.
Community Strong
With so many threats among communities you trust, the fight against bad actors in digital spaces can seem hopeless. Fortunately, community is also the cure to this malady.
⬆️ Not a great way to seek help from the community. Not only does anyone watching now know this user’s needs, but also their urgency. I bet their DMs blew up.
⬅️This is a great way to utilize the knowledge of the community. Tons of eyes can get on the deceptive scam attempt right away to verify if it’s legitimate or not. HINT: This one was not legitimate.
No one person can be entirely vigilant all the time. We get tired. We get distracted. Our guard comes down for a moment here and there… and that’s when attacks happen. Talk to your community. Educate each other and call out the tactics that scammers are using so that everyone can learn to avoid them. Alone an attack is inevitable. Together we’re strong.
If you see something sus, reach out! Ask the community you trust whether you should be engaging. Don’t be embarrassed. A simple question could save you a lot of hassle.
Guarding Each Other
When we work together, the community really shows its strength. Those who seek to exploit communities of common interests in the web3 space are counting on us not following through with our commitment to a solid community. If a victim doesn’t use the community resources at their disposal to help themselves, what can a community do to help?
That’s why it’s so important to share tips and educate fellow community members about security culture. If we all get a little better at spotting bad actors, we’ll all be a little less likely to get scammed. If we all get a little better and share a little more of that culture with each other, we’ll be exponentially more protected from those who seek to do us harm.
That’ll do it for this week’s Guardian Papers, but we’ll be back! Next time, we’ll be breaking down multi-factor identification and how it can help protect your digital sovereignty in this new age.
Stay safe Galaxians… and always have your shield ready!
In our continuous effort to enhance the security of GalaChain, we are implementing a significant security upgrade to the GalaSwap API that will require action from users of the API. If you’re using the GalaSwap API, we appreciate your cooperation in this process to ensure that your integration continues to operate correctly.
Security Upgrade Overview
This update focuses on enhancing the security of API operations by standardizing the signature process. Moving forward, GalaChain will only accept one specific signature out of the two possible valid signatures for any given operation. As a result, API users must update their signing code to generate the newly accepted signature. Failure to do so will cause approximately half of your signed requests to the GalaSwap API to fail with an error message such as “S value is too high.”
Required Actions
Review and Update Request Signing: Please consult the updated Request Signing section of the GalaSwap API documentation. Ensure that your signatures are normalized according to the new guidelines provided in the example code.
Update Your Code Before August 1, 2024: It is critical to update your code to comply with the new signature requirements before the deadline. This includes users of Gala’s open-source bot, who should pull the latest version of the bot’s code. If you interact with third-party services using the GalaSwap API, consult the operators of those services to confirm they are also prepared for this change.
Why This Matters
This proactive security improvement is not a response to any current vulnerabilities but a strategic enhancement to our security protocols. For more information on the technical details and the importance of this update, refer to this informative article on Signature Malleability.Thanks for your prompt attention and support for this important update. Ensuring the security and integrity of GalaChain remains our top priority, and we appreciate your cooperation in achieving this goal. If you have any questions or need further assistance, please reach out to Gala Support.
You sit down at the breakfast table with your coffee. As the yawns squeeze out of you and you wipe the sleep from your eyes, you pull out your phone to catch up on your emails.
Just routine stuff… spam, spam, free offer, Amazon invoice – wait, what’s this? Your cuteandreallycuddlyfluffypuppies.com account has been compromised and needs your immediate attention! 😱 You click the link to reset your password, glad you caught this email before it was too late.
You follow the prompts on the next screen and fill out your new password… little do you know, your cuteandreallycuddlyfluffypuppies.com account has been compromised. By you. Right now. That was a fake link from a fake address, and they got exactly what they wanted out of you!
Sound familiar? This is one of the most common tales of how scammers find their way into someone’s defenses. As digital security continues to improve, there is still one glaring vulnerability to even the best system – the human behind it!
Welcome back to The Guardian Papers, where digital heroes can get the base training they need to thwart villains’ underhanded attacks against them across the web3 world.
Email is often where scammers have a chance at getting directly to you. One miscalculation or momentary lapse of attention to detail could cause you a lot of hassle, so you’ve got to know how to keep yourself safe.
Miss a previous edition of The Guardian Papers? Catch up below!
First off, we definitely don’t want to imply that email is inherently insecure – many email providers have excellent security protocols put in place, and there are tons of tools out there for anyone who wants to beef up the actual protections in their email. The problem with email security is the person behind the keyboard… and it’s a vulnerability that isn’t going away.
Your email is a direct line to you. No matter your security infrastructure, if you’re getting a scammer’s email in front of you, you’re probably going to read the words they wrote. This direct access is the dream of all those fake Discord admins and help desks. They want that direct line so they can exploit your trust… because your security systems work for you. If they convince you, your security isn’t an issue.
For most people, email is the height of routine. When you are checking emails, you’re performing the same ritual you’ve done thousands of times. You may have many email accounts, only adding to the volume and frequency of your email checking ritual. When you do something day in and day out, over and over, you eventually become less attentive to the process overall.
As something becomes part of your routine, you eventually sort of automate it in your mind. How many things do you automatically do throughout the day without any real conscious thought? It’s the same for email. While the part of your brain that reads and parses the information in the emails may be present, other parts of your mind have moved on to other tasks.
This leads to some easy wins for scammers that would never work on your while at full attention.
How Did They Find Me!?
Honestly, how wouldn’t they find you? It’s important to remember that our data is everywhere, and we don’t typically consider email addresses private data. If it’s ever been out there, it’s still out there probably.
Let’s say Billy has a private, personal email address that he typically only shares with family and close friends, then he has another that he uses for work. Billy’s dad is fond of forwarding emails on occasion, and so drops a long chain email forward into Billy’s inbox once in a while. Billy’s friend Sally CCs him into a monthly newsletter that she sends out for their Karaoke Club. One day, Billy starts seeing large amounts of spam coming into his personal email account! 😨
What happened? Well you see, Tyrone from Karaoke Club was trying to get his friend Trevor to come to last month’s championship, so he forwarded him the newsletter. Trevor’s email account was compromised and the inbox contained Tyrone’s address, along with the CCd address of every other member of Karaoke club. Welcome to a list, Billy.
Let’s be honest though, it’s probably not the first time Billy has gotten scam emails at that address. He used to have it visible in his Facebook about section for years, and it’s still listed on an ancient and forgotten DeviantArt portfolio along with his real name. Also, he’s had this account for a long time and emailed lots of people. Each of those is a chain that connects to his email address. If any one link is discovered by the bad guys, the whole chain is in the open.
After that they can do a surprising amount to learn your behaviors. With a full-feature email service, they can theoretically tell exactly when you open the email, your operating system, your geolocation… all sorts of stuff that isn’t exactly secret, but gives you the shivers that they could know. Once they have this, it’s not hard to generalize demographics and predict who would be receptive to what scams.
Wolves Dressed as Sheep
Many of the ways people will attack you through your email fall right in line with our previous discussion about The Impersonator. In your email they know they have you in a format that you’re likely to overlook small details. If they know they can get past your spam filter, then they know there’s a good chance that you’ll at least click on their email.
They’ll try to mimic emails that you are likely to be receiving. There are lots of ways they could get an idea about what email lists you may be on, and not all of them are data breaches. A tracker in your browser could be feeding info about your behavior without necessarily doing anything nefarious to be flagged as malware by your safeguards.
Remember, legitimate businesses and individuals assign cookies and trackers all the time without any ill intent. We all click “Accept All Cookies” once in a while. Even if there’s just a .01% chance that any of those you click on has something harmful coming across, it’s just a matter of time.
Also consider that people are quite predictable with a large enough sample size. For every well-timed scam email you’ve ever received that seemed like they must be actually watching you, you’ve probably received two dozen weird ones that seemed to come out of left field. It’s just a numbers game. They’ll get it right sometimes.
If they’ve identified your email and the most likely services and addresses that can trick you, it’s only a matter of seeing what they can slide by.
In the case of this above example, the fake may seem obvious. After all, we’re here stretching our brains and thinking about scammers, but when someone comes across this email they may be distracted or in a hurry. Then, they could feel panicked that their MetaMask wallet has been compromised.
Notice that they color the email to draw the eyes directly to what they want you to see. The large notice at the top, and the button to “update now”. While we didn’t click that link, a quick mouseover revealed the target to be a proxy site, with a slug pointing to a long string of characters for a dAPP command. This link almost surely goes to a fake service site where you will be immediately asked to connect your wallet.
Oh, and also –“MҽtaMask”? That’s not an E. That’s an Abkhazian Che, a Cyrillic character that is entirely different from the latin “e”. If you’re not paying close attention though… it may be enough to not get them flagged for impersonation, while your eyes simply autocorrect that to “MetaMask”.
Also, check out that XM over there. That’s called a BIMI or Brand Indicator for Message Identification. These are verified trademark spaces, so a brand can submit a BIMI that won’t be copied anywhere else. This is a relatively new system that only works with some email providers, so you may notice a difference between impersonators and the emails they’re impersonating based on their mark. This isn’t always the case though, as some brands have not yet adopted BIMI… our emails here at Gala, for instance, do not ever use a BIMI.
That verification check mark doesn’t mean anything, it’s just part of the display name – like we saw with fake help admins in our imposter profile.
The dead giveaway is the return email though. Even half redacted, it should be pretty easy to tell that’s not from MetaMask. Why would MetaMask not send emails from their domain that users know and trust?
Straight to the Source
The important part here is that your email usually has your attention. If they can slide into your inbox, half their work is done. If they send out 10000 emails, what do you suppose the chances are that no one is careless enough to click without thinking?
That’s the end goal for these scammers. They know that most people in the digital world are protected in some way from bad actors, but they also know that you hold the keys to your security mechanisms. The best defenses in the world don’t mean much if you willingly click to their site and give them your information.
This is why The Guardian Papers are here. These scammers know that there is always someone to prey on because people aren’t informed. If we all know what to look for, the fruit they’re looking for gets waaaaay higher in the tree. Maybe they’ll just go find another tree to climb.
Digital Guardians
No one is going to ensure your security on the web. You have to take matters into your own hands and change behaviors if you want to be safe. While it may seem overwhelming to think of all the ways the bad guys can get to you, it’s really not that hard. If you learn the ways that they come at you, before long it’ll be easy to spot the attackers long before they breach your walls.
We learn. We teach. If everyone is equipped to deal with them, digital villains don’t stand a chance.
That’ll do it for this week’s Guardian Papers! We’ll be back though as we dive into common ways people use Discord and other messaging apps to prey on the unaware!
Imagine that you own a castle. As a proud owner of such an impressive, shiny fortress, you’ve likely got defenses – a sturdy wall and a heavy gate to protect your valuables. When an advancing army approaches, however, you don’t necessarily want them to test that security. You wouldn’t even lower the drawbridge!
Your passwords function the same way and are your first line of defense to keep bad guys from ever even getting a foothold near your digital hoard.
Welcome to the 6th installment of The Guardian Papers, where we walk you through how you can protect yourself from the digital miscreants who seek to steal, cheat, and otherwise destabilize our beloved community.
As the blockchain revolution continues to provide opportunities for people all over the world, those who lurk in the shadows are always eager to prey on the unaware. It is our goal with this series to educate and empower our community to resist and repel the monsters who hide out there in the digital darkness, so that we all can be safe, secure and more prosperous as we build a better future together.
Miss an issue of The Guardian Papers? Catch up below!
In the next few articles, we’ll be talking about security fundamentals that apply to all aspects of digital defense. We’ll rotate back to the Gala community specifically soon, but for now these are fundamentals that everyone should learn, and that are often highly exploited in the blockchain world.
What Makes a Password Secure?
Nearly everybody has countless passwords across their digital profile, so you’d think that creating secure passwords is a skill that everybody just picks up early on in life. Unfortunately, despite most people knowing better, many people are still using incredibly unsafe practices with their passwords that can leave your digital assets vulnerable to the bandits of the blockchain frontier.
Increases in technology bring many extra tools to help keep your assets secure, but also give your enemies more sophisticated weaponry to use against you, which makes it more critical than ever to use strong and secure passwords throughout your entire online ecosystem.
Length and Variety
Different platforms have differing minimum criteria for the length and character variety of passwords, and it’s never a bad idea to go overboard. With current computing power, a cybervillain could potentially attempt billions of passwords per second. While this may be limited somewhat by network security features on some platforms, longer and more varied passwords mean more combinations will be required to guess yours.
If you were using a 7-digit password that consisted only of numbers, that password would have 10 million possible combinations (0000000-9999999). Take that same 7-digit password and include capital and lowercase letters as well– now you have 62 possible characters per digit. This would increase the possible combinations of correct answers to a little over 3.5 trillion, still with only 7 characters in the password.
Uniqueness
Not only do you want your passwords to be unique for each of your accounts, but ideally you want them to not be a combination of characters that no one else would have ever thought of in their wildest dreams. Including dictionary words or common mnemonics like a year could leave you vulnerable to hackers looking for low hanging fruit.
Your password shouldn’t be something familiar or easy to remember– the entire point is to make it something that only you know.
This may seem like common sense to many digital veterans, but repeatedly data breaches have shown that things like “password”, “123456” and “qwerty” are the most commonly used passwords throughout the world. Using any common phrases in your passwords makes you the nice, soft target that the enemies of digital sovereignty are after.
Fun Fact: According to a study last year by NordPass, here are the top 10 passwords used worldwide:
1. 123456
2. admin
3. 12345678
4. 123456789
5. 1234
6. 12345
7. password
8. 123
9. Aa123456
10. 1234567890
Don’t be like these people. Make your passwords secure.
Anonymity
If someone is going to try to penetrate your personal passwords, the best place to start is often for them to know their enemy– you! If personal information that they can glean from public records or social media gives them insight into what your passwords may be, they may be able to breach all of your security before you even see them coming.
Using your birth year, your pets’ names, your children’s names or anything simple to guess with just a little information about you is incredibly unwise. Especially if you use similar mnemonics on all your passwords, one glance at your Instagram profile may have given a hacker all they need to clean out your digital hoards.
Common Password Vulnerabilities
Constructing strong and secure passwords certainly helps keep your defenses high. Secure passwords can still have vulnerabilities, however, and it’s extremely important to know all the angles that your password security could potentially be attacked from.
The Human Element
While many insecure passwords are often “brute forced” by miscreants with a program that can guess combination after combination, some are obtained through phishing attempts as we’ve discussed in our previous Guardian Papers profiling the common scams in the blockchain world. This is never to be taken lightly, as criminals will continue to develop new ways to trick your information out of you.
Your passwords are yours, and should never be shared. Even here at Gala, we’ll never ask for your password or keys– anyone who does is up to no good.
Even if you have excellent security and top-notch passwords, one error in judgment can still be exploited to ransack your digital fortress. There is no reason to share personal data or password information with anyone over email, Discord or any social media.
The scammers multiply because their methods get results. This is why it’s absolutely critical that the community here at Gala and throughout the entire blockchain frontier helps educate and empower their fellow digital pioneers. Once every member of the blockchain world is familiar with and prepared to fight off these attacks, these monster’s food source will dry up.
Even the best password hygiene is no substitute for caution when connecting to unknown networks!
Data Breaches
As massive data breaches have repeatedly shown in recent years, even secure information can be compromised and leaked when the defenses of organizations that you trust are compromised. If your passwords are stored with an organization who has been breached, you need to consider that password or any variation on it compromised forever. After a breach, that information is compiled in lists and distributed all over the dark side of the digital world, and information is forever.
In 2020, white hat hacking group FireEye identified a worldwide breach in the SolarWinds software. SolarWinds was a network management company with a global presence, and over 18,000 compromised clients were identified in the breach. FireEye noticed the breach quite by coincidence, but the systems had been compromised for more than a year.
This breach was later determined to be coordinated by the Russian Foreign Intelligence Service, and by leveraging the breached systems within SolarWinds for many months, they were likely able to access a significant portion of protected information across the entire global internet.
Read more about the breach from the US Government Accountability Office.
To limit your vulnerability to data breaches that are beyond your control, never use the same password on more than one account. If one of your accounts is compromised, the last thing you want is for that to just open the door to all your defenses. Changing your password frequently will help you stay ahead of any breaches that may happen.
Most importantly, don’t trust your password information to entities when you don’t have to. Always think critically about whether you really want to share sensitive information with organizations before you have a chance to regret it. Rather than having a device remember your sensitive passwords, store them offline whenever possible– an old fashioned paper and pencil is about as unhackable as you can get.
Password Managers and Single Sign On
Password managers and single sign on (SSO) can be a great way for people to securely protect their individual credentials without getting lost in the tangle of hundreds of secure and confusing passwords.
These tools crucially only work, however, if you use them securely. If you aren’t going to follow good security practices without a password manager, then putting all your credentials into one could just be shoving your eggs all in one basket for a scammer.
If you choose to use a password manager, make sure that you follow all recommended precautions and protect your credentials to that password manager. Make sure you are choosing a reputable and well-known password manager to use… the last thing you want is to try some brand new password manager, only to find that you’ve been had by a phishing attempt that now has all your passwords!
Hold the Line
Most of the time that digital defenses are infiltrated, it’s through the front door– a password. How secure can you expect your personal estate on the blockchain to be with a wimpy lock on the front gate? Even with the extra layers of security we’ve discussed throughout this series such as private keys, and the precautions we’ll discuss moving forward (looking at you 2-factor authentication!), if your passwords are penetrated the enemy is already inside your defenses.
The best way to make sure you stay entirely secure is to keep that gate locked tight.
Maintaining secure passwords and protecting them from the grips of the enemy prevents any part of your digital profile from being compromised. Even one account being breached represents a chink in your armor that could then give way to other vulnerabilities. Keep your defenses battle ready at all times and don’t let anything past your guard.
The Advance Guard
As we continue to advance through The Guardian Papers, it’s our hope here at Gala Games that we’re contributing a collection of resources for the community to reference and share, so that we can all power-up our defenses against those who would do us harm.
For our next installment, we’ll stick to fundamental security and discuss 2-factor authentication and multi-factor authentication. As this series progresses beyond this module, we’ll rotate to an increasing focus on issues that are incredibly relevant to not only the community here at Gala Games, but the entire cryptoculture as well.
It is our sincerest hope that this series not only empowers you to defend your sovereignty on the blockchain, but also inspires you to empower others throughout our beloved community.
