Welcome back to The Guardian Papers, the series where we help bolster the security super sense of our community on GalaChain and beyond! Today we’re continuing our dive into the world of cons and villainy as we explore the methods that scammers use to deceive unwitting marks. Educate yourself on their methods, and soon you’ll be a defender of others rather than a target!
Scam Profile: Too Good to Be True
Hey there! Would you like to amass riches without any effort whatsoever?
If you answered yes to this question, you may be a human being!
Seriously, everyone wants this. This is what the scammers out there are counting on, and how they reliably reel in their prey.
Rather than exploring how scammers deceive you like last time, today we’re getting a bit more cerebral. We’re talking about the bait – the incentives that scammers will use to get you to throw aside caution and logic to dive head first into their trap.
If something seems too good to be true… it probably is.
Common Motivations
We’re living in a material world… and the vast majority of us are material people. That doesn’t mean we’re obsessed with our stuff or money hungry, but most people live in a state where an infusion of money could totally change their lives. Whether it’s an increase in living standards, a better life for our kids or simply a way out of debt, most humans have an amount of money that will reliably spur their motivation.
The amount of easy money that may light a fire under us may differ, but the important thing is that the scammers know there is likely an amount that will push caution and logic out of your head and replace it with dreams of escaping whatever financial situation you’re worried about or transforming your life for the better. This is exactly what they’re counting on.
Once they’ve got you dreaming about easy money, they can count on your critical thinking skills being less engaged. After that, all they have to do is keep you on the line and let you dream.
Preying on Need and Greed
We all have needs to survive. The scammers out there can capitalize on this to make you justify some degree of trust or risk. Sometimes, they get you in the door with only fairly unbelievable claims… the level where your curiosity is piqued, but your brow may still be furrowed.
We don’t know what your job searching experience is… but from the writer of this article’s perspective, tech jobs at major metropolitan competitive prices don’t just drop into cold calls without some major strings attached.
The wages given are very high for someone sliding in to mass announce job openings. That having been said, they are not high for competitive jobs within the industry for the very qualified. The intention is that your brain says it’s implausible… but not impossible. So you DM out of curiosity. Then they have a direct line to work on you hard.
At the point they get you into their DMs or on their site, there are any number of scams that they could attempt to run on you. The important thing is that they now have you where they want you, thinking about what that money could do for you.
Sometimes these types of scams run a little more flagrantly too good to be true. As the reward is cranked up however, our mind has a way of justifying a greater amount of perceived risk.
In the case of this DM (that I received four of at the exact same time from four different accounts 🙄) they’ve abandoned the idea of believability. Instead, they’ve employed several ‘hard sell’ techniques to make the target careless enough to slip up.
First, there’s the ludicrous amount of free money they’re offering. They temper this free thousands of dollars worth of ETH by having the target ranked third… leaving a quiet voice in the back of your head saying, “Surely if it was a scam they’d have put me in first.”
Then there’s the time sensitivity. You only have 24 hours to activate your code! Oh no! No time to hesitate!!! Your decision-making reactively goes into high-pressure mode, making quick decisions with less information than it normally would. Of course once you go to their site, you’ll be asked to connect your wallet to get your winnings. Then they have access, and you are drained.
Note the inconsistencies across the messaging. “You have been RANDOMLY selected among users of Crypto Discord Servers.” AND “If you don’t know what is crypto and how to use it – ignore this message”. But how can both those things be needed? Why would they send this to someone who didn’t know ‘what is crypto’ if they selected participants from among crypto communities only? 🤔
Think about that… selected from “Crypto Discord Servers”. That makes sense for an airdrop of some new token from a brand new ecosystem trying to get its name and token out there… but what would a trading platform have to gain by giving away so much to people who are NOT already part of their platform?
There’s no CTA to sign up. No email opt-in to enter. No marketing win for the company who fronted the prize… big red flag. At best, they’re getting 3 new users out of this ~13.9 ETH prize. That’s not how marketing budgets work.
Also, did you notice how seemingly random words were capitalized throughout the message? The capital words in the first section act as subconscious triggers for your brain, priming you to follow through on the scam. When you scan the text, your brain automatically considers the capitals more important. If you’re old enough to remember the classic tag cloud on websites, think of it as that… except it’s logging keywords with your brain instead of AOL Search and AskJeeves.
Scamming Human Nature
You may be reading this and nodding your head thinking, “This kind of stuff would never work on me!” You’re probably wrong. It can work on anybody.
The reason that scammers use these tactics is that they do work. Everybody has an instinctive reaction when presented with these kinds of stimuli. We are able to overcome them by informing ourselves, but the instinct is still there. That is what scammers exploit.
If you are informed, however, you usually cease to be a target. Notice how the last example above said to ignore the message if you didn’t know what crypto was? They don’t want difficult onboarding. They want people to slide through their trap easily with just a little butter. If you are a difficult mark, you are no longer worth their time.
Most people are familiar with the classic Nigerian Prince con… again, a ‘too good to be true’ type of scam. In this type of advance payment scam you’ll often see the scammer deliberately misspell words, punctuate awkwardly or more or less just fail to perform the language they are typing in. This is because they don’t want people who think too critically to respond.
If you overlook all those obvious errors and their inconsistency with the idea of wealthy, well-educated royalty… you’ll probably overlook other things. If you spot the signs right away, the sharks don’t smell blood in the water.
Fun Fact: The ‘Nigerian Prince’ scam is actually a very old form of advance payment scams, most notably going back to the “Spanish Prisoner” scam in the 18th and 19th centuries.
The con man tells the mark that they represent a wealthy noble who has been imprisoned in Spain. The noble is under a false name for fear of political persecution, etc. If the mark can give bail money, the noble can reward them handsomely upon their return home.
Once the mark gives the bail money, the con man comes back saying that the noble needs money for passage to his homeland where the treasure awaits. Then there will be storms and delays, extra costs. The con man keeps pumping the mark for money until the well runs dry, but the prisoner never brings back riches. They don’t exist.
Read more about the history of The Spanish Prisoner swindle in a very interesting deep dive by the Western History and Genealogy Department of the Denver Public Library. ⬇️
The way to fight these scammers is to inform ourselves and those around us. These kinds of cons are not going away as long as there is a gullible audience for them to exploit. While it’s unlikely that we’ll ever be universally free of these types of predators, we can be free of them within our community with education, support and good practices.
That is, after all, what The Guardian Papers is all about. We all come from different backgrounds. Some of this may be little more than review for some members of our community, but there are others that this is all new for.
When it comes to scammers, we really are only as strong as our weakest link. As long as the villains find an easy mark within our ranks, they will be here. With every link strong and resistant against them, they’ll go elsewhere and find somewhere else to practice their evil art. That is the strength of community.
That’s all for us this week, and that will wrap up our second module of the Guardian Papers! We’ll circle back to the methodology of scammers again in a later article, but Module 2 was designed to give you a brief overview of who the villains are and what tools they use. Hopefully you have that context and it helps you in the battle against the forces of darkness.
Next time, we’ll be starting in on Module 3. In this part of the series, we’ll shift back to proactive security and talk in more detail about these mean streets. We’ll dive into the corners of the web3 world where you tend to encounter cyber criminals and talk about how to spot them in their natural habitats.
Until then, stay safe out there heroes! Keep your wits about you, and remember to share your knowledge with your friends… our community is our greatest tool to keep us safe!
On May 20, 2024, Blockchain Game Partners Inc. (“Company”) experienced a security breach involving a third-party contractor (“Malicious Actor”) that led to the unauthorized minting of 5 billion $GALA tokens. The Company promptly responded to the incident, successfully stopping the malicious actor, and has now enhanced security measures to prevent future breaches.
This report outlines the incident details, the measures taken, and ongoing actions against the individual involved.
Incident Details
Unauthorized Minting: A malicious actor compromised the private key of an address with a minter role for the Ethereum side of the $GALA platform, minting 5 billion tokens. The contract itself was never breached, and all internal processes have been corrected, including removing unauthorized users.
Token Handling: The malicious actor returned the ETH obtained from selling GALA, which has been used to buy back and burn tokens. The 5 billion tokens created by the actor will be burned.
Security Measures: The exploited contract and wallet were blocklisted immediately, and the Ethereum contract remains secured via a multi-sig contract with geographically separated signers.
Investigation and Identification
Suspect Identification: The malicious actor was identified through usage patterns in other activities and within our network
Historical Context: These patterns were previously connected to a smaller exploit, indicating privileged access misuse rather than an external software exploit
Response and Mitigation
Immediate Actions: The attack was halted, and funds were frozen using blocklist functionality
Collaboration with Authorities: The case has been referred to the Department of Justice (DoJ) and the Federal Bureau of Investigation (FBI) for further investigation
Community Communication: We have proposed options via a Node vote to the community on the path forward
Security Improvements
Review and Audit: An internal review of security protocols and contractor access is underway to prevent future incidents
Enhanced Measures: Strengthening access controls, key management practices, and implementation of additional layers of security for critical operations. These include, but are not limited to:
Migration from user based IAM access to Okta SAML + Identity Center with restrictive permissions sets
Redesigned AWS and other RBAC permissions models to be context specific to role and team/product(s)
Fixes for shipping AWS Security Center and other related logs
Enabled AWS Macie and other sensitive data tooling
Liquidated Token Burns
Following their liquidation of the tokens, and once a public statement had been made that we knew the identity of the malicious actor, the malicious actor sent back 5,912 $ETH to the main Gala Finance Cold Wallet. The Gala Team then bridged this ETH into GalaChain and used it to purchase $GALA tokens, which were then burned.
Due to price movement, this number did not yet total the amount the attacker liquidated. An additional burn was conducted from Gala’s wallets to remove the full balance from circulation.
Continue collaboration with DoJ and FBI to see that justice is served
Implement and communicate enhanced security measures
This comprehensive report underscores our commitment to maintaining a secure and trustworthy platform for all GalaChain users. We’ve also published a blog post about it (https://news.gala.com/galachain/unauthorized-wallet-locked-down-in-record-time-funds-returned-as-security-measures-prove-effective/). Conclusion The quick identification and response to the security breach ensured no threat to GalaChain users or $GALA holders. The ongoing collaboration with law enforcement and proposed community actions aim to enhance the security and integrity of the system.
Following our security team’s swift, effective response and the involvement of Federal law enforcement agencies, the >$20M (in ETH) has been returned to the Gala ecosystem.
We want to inform the Gala community about a recent security incident involving $GALA on the Ethereum network. Yesterday afternoon we detected a suspicious transfer of $200 million in $GALA tokens. Within 45 minutes, all tokens in the unauthorized wallet were frozen. Our prompt response and the robust security measures in place ensured that the impact was minimized, and we want to reassure our community that assets remain secure.
Incident Overview
On the afternoon of Monday, May 20th, our monitoring systems flagged an unusual transfer of $200 million worth of $GALA tokens. This was an isolated incident on the Ethereum network, and our immediate response was to activate GalaChain’s blocklist protocol, swiftly halting any further unauthorized minting and movement of $GALA and effectively mitigating the incident.
Within 45 minutes of the unauthorized mint, approximately 90% of the minted $GALA was locked. A new Founder’s Node ecosystem governance vote will soon decide if the blocklisted $GALA will be considered burned as it relates to $GALA’s dynamic supply distribution model as described in the Gala Ecosystem Blueprint.
Swift Mitigation Measures
Using a new feature that was implemented with the $GALA v2 contract upgrade, our security team quickly blocklisted the wallet and froze the unauthorized tokens. This measure stopped any potential misuse and prevented the incident from escalating.
We immediately contacted US Federal law enforcement agencies to handle the breach. Our ongoing cooperation with authorities ensures a thorough investigation and appropriate legal action against the culprits.
We want to assure our community that the minting capabilities of $GALA on GalaChain remain secure and uncompromised. Our internal controls and multisig security protocols are designed to protect against such incidents, and we are continuously enhancing them to stay ahead of potential threats.
Plans are already in place to make reimbursements to anyone who has been subjected to unreasonably high transactional fees associated with this incident.
Commitment to Security and Transparency
We are deeply grateful to our partners for their quick response and invaluable assistance during this incident. Your support has been crucial in minimizing potential damage and ensuring our platform’s security.
Gala is committed to maintaining the highest standards of security and transparency. We will continue to provide updates as the investigation progresses and take all necessary steps to prevent future incidents.
We understand the concern this incident may have caused, but rest assured, our security measures are robust and effective.
Pioneering in unknown territory can sometimes be a dangerous activity, but we are 100% confident that GalaChain is well equipped to handle any unanticipated challenges that web3 can throw at us. GalaChain remains a secure and reliable blockchain for all users. Thank you for your understanding and continued support as we navigate this challenge together.
Congratulations hero, you’re ready for the second module of The Guardian Papers. In our introductory lessons, we discussed the absolute bedrock fundamentals for safely navigating the web3 frontier. Now that you’ve mastered the basics, it’s time to move on to the basics of digital self-defense in specific circumstances.
If you feel like you need a refresher on any material covered in module 1, don’t hesitate to dive back in!
When you get change back at the grocery store, do you tell them to hang onto it until next time? ...
Prepare yourself to move on from simply scratching the surface. For module 2 we’re going to dive into the underbelly of digital villainy in the web3 world, and talk about some of the most common ways that the good people of the blockchain world are preyed upon.
To protect yourself, you must first understand the danger.
Scam Profile: The Impersonator
Imagine, noble citizen of the web3 world–
You’re minding your own business, heading over to GalaSwap to make a few small trades and maximize your May Mayhem experience.
You click a handy link off Discord to gaIaswap.gala.com. It loads a little slow and the layout looks to have changed very slightly… must’ve been an update. For some reason you aren’t logged in… that’s weird, you were just a little while ago. But that can be easily fixed! Then you notice something weird after you put in your transfer code… you can’t see your balances or accept any swaps!
Suddenly panicking, you switch over to a new tab and open your inventory… oh no! Your wallet is drained! Looking back at that link… an upper-case ‘i’ sure looks a lot like a lowercase ‘L’ 😭
You’ve just fallen victim to an impersonator scam. This one may have been elegantly simple, but they come in all shapes and sizes. Even a small scam can mean total damage.
Did we even have to change the L to an i though? A link can be anything, the text that you see is just an anchor that the real URL is tied to. Case and point — where do you think this leads? Gala.com (I promise that L is not an i!)
This con relies on the scammer earning enough of your trust that you give them sensitive information before thinking twice. These types of scams get easier to recognize and rebuff as you become more experienced in the web3 world. They can also, however, almost always be prevented by maintaining normal security standards, no matter the situation.
The Personal Touch
We’re all humans and that means we’re instinctively social creatures. When a scammer is trying to gain your trust, they have two options. They can either set up an impersonal trap like we mentioned above, or they can reach out more directly to their victims. A wide-reaching trap may catch a few marks for them, but many scammers will target individuals knowing that it’s a faster way to generate the trust needed for the con to work.
Sometimes, even a simple misspelling or low effort fake name may be enough to trick someone.
In this example, someone in a hurry may not even notice that extra s before reaching out to their friendly, neighborhood Taco!
Since this scammer has Taco’s exact PFP, they are counting on the trust that people associate with that image making them let down their guard enough to get sensitive information.
Someone only has to trust the scammer for a few minutes to make a horrible mistake!
We all know to look out for scammers… and we’d all like to think that we’re far too observant for it EVER to happen to us. But it still happens.
Just because someone is a scammer doesn’t mean they’re incompetent. They know what works and how often… after that it’s just a numbers game until we all wise up to their tactics.
Here’s one we’ve all likely seen before, but they’re almost always targeted at someone who needs help and isn’t aware of what proper steps to take next.
When we want help, we want to be helped. The scammers are counting on this. When you can’t figure out what to do to fix a problem, frustration will start to build. A good scammer sees how long you’ve been looking for answers, and understands how frustrated you must be getting with the situation.
After that, it’s just a matter of providing you what you want to see in that moment – someone offering a simple and quick solution. This is the kind of situation that arguably traps the most victims for the web3 bandits.
Humans tend to see what we want to see to some degree, particularly at elevated levels of stress. If you’ve ever fallen for these types of scams, you shouldn’t feel ashamed. Many scammers out there are very good at what they do… which is why we all have to know more so we can fight back better.
This particular scammer seems to have found the ideal mark… the victim announced that they are having trouble sending $GALA and that there’s a problem with their wallet connection.
These are easy pickings for a scammer. Often when they are initiating the conversation, they’ll be attempting to extract very sensitive information, like your seed phase or transfer code. Since they know this person is having trouble connecting a wallet and sending $GALA, the bad guy wouldn’t have to gain full control over the wallet to make a buck off the poor mark. Once they can grab you in DMs, they’ll start “tech support” on it, which will often end with you either sending $GALA to their address or linking your wallet to their dApp surprisingly quickly.
The key here is trust. Once someone has your trust, they can usually make you compromise one security measure or another using some tried and tested methods.
The phrase “con man” or “con artist” comes from “confidence man.” These are criminals that have always existed, though the term first came to prominence in the mid 19th century. Even back then, everyone understood that confidence alone can often be enough to win trust. These scammers sound convincing, because that’s their profession… to be confident and gain your trust.
Here we’ve got a closer look at the profile of one scammer on the prowl. They call themself a dev in their name. Well that settles that!
Notice that “Discord Owner” is in the profile description box, meaning they wrote it in themselves. Since you see it before the “Role” section when you scroll down, however, your mind can easily just associate that name with “Discord Owner” and then Admin and Mod underneath!
They have used emojis in the about me section to make their “Admin” and “Mod” text look more official, as if that were a standard tag to denote role.
As usual, it’s all very convincing until you get down to the stuff you can’t fake. This person has been a server member for a very short time… how likely is it that they are the server owner?
Finally, we come to their role and see a simple member role. Since this info is below the lies above… will a person be more likely to disregard the information they see first or second?
When taken in isolation like this, many of these tactics seem so obvious. A scammer doesn’t have to succeed every time to make off like a bandit though. During the hustle of everyday life, there’s surely a moment or two when you let your guard down. That’s payday for the scammers.
This scammer rolls a lot of the concepts we’ve discussed into one effort. Their name isn’t particularly impersonator, but they’ve included the hexadecimal ETH prefix for a small air of authority.
They see that the victim is having trouble connecting a wallet. As we discussed above, this is a prime moment for these predators to strike.
Realistically, this scammer knows that this user is likely trying to connect the wrong address… time won’t help.
At first, the scammer is just helpful. They don’t try to immediately push too hard, even mentioning that it may just need more time.
After being given a moment to consider the helpful stranger’s advice, the mark comes straight back to the scammer and asks for their help directly. Here again, we see the scammer build trust… they don’t immediately jump on the opportunity to strike but instead tell them they should talk to an admin.
When an admin fails to respond untagged after a few minutes, the scammer is quick to jump in and mention that they’ll send the mark the right way if they’d only DM them. Once the victim has reached out via DM, they’ll likely be sent a link to another user… the impersonator admin. They could also be sent a fake help desk link as we’ve seen above.
We have to stress again… absolutely anyone can fall victim to these kinds of tactics!!! People have used these kinds of cons for generations because they work! The best way to make sure that they don’t work on you is to learn about them and know better.
Did You Know? Victor Lustig famously sold the Eiffel Tower to scrap dealers in 1925… despite not being affiliated with the French Government. Later, he pulled off the exact same swindle a second time. Don’t ever think you’re immune to a good scammer!
Staying Safe and Secure
We’re being a bit drastic because this is a serious issue. Realistically, are there scammers everywhere throughout the web3 world and you should just be suspicious of everyone all the time?
No. That’s not how this goes at all. Scammers are a part of life… wherever there is opportunity for them to make a buck at someone else’s expense, there they’ll be. Once you learn how they exploit people’s trust, however, their methods are much less likely to work on you.
It’s not just about protecting yourself though. These scammers continue to escalate and find new ways to trick unsuspecting people because there ARE people who are unsuspecting. No one should spend their entire existence paranoid that a scammer is coming to get them, but someone without any of the knowledge that we’ve discussed here probably should until they learn what they need to protect themselves.
When everyone knows how these people operate, they cease to operate. Scammers abound in web3 right now because people are not informed. New technology doesn’t only bring new opportunities for the world to culturally, economically and socially advance… it always brings an all you can eat feast to those willing to prey on the uninformed.
Guarding Yourself and Your Community
Education is the answer. There are so many assumptions people have become accustomed to making in the web2 world, where we surrender our trust to corporations in digital spaces.
In the web3 world, you maintain control over your own digital footprint. That responsibility means there’s no corporate office keeping you safe anymore… To some degree, everyone needs to be responsible for themselves and know what they are doing and why.
This is not cause to bemoan that the digital villains will always be around… this is a time to celebrate! All we have to do to get rid of this web3 riffraff is empower each other with knowledge and the tools to protect ourselves. Do your own research (more on that in a future edition!) and share what you learn with your community.
Community is important. Have people you can turn to and ask for a second opinion. Have people who will watch your back and share important information and knowledge. Have a community you trust… without having to trust some faceless corporation with ownership of all your stuff.
When you get change back at the grocery store, do you tell them to hang onto it until next time? No! You put that money in your wallet where you can ensure that your property stays protected. This is the exact same in the world of blockchain. Your wallet allows you to safely store digital items like currencies and NFTs in a private place where you always have control over your property.
Welcome to our 3rd installment of The Guardian Papers – the series where we discuss how best to defend yourself from threats in the digital frontier of blockchain technology.
The revolutionary concepts of blockchain have the potential to create a better world and offer new and exciting opportunities for all its early pioneers. Just as opportunities exist for those noble individuals who champion this fledgling community, however, the villains that lurk in the shadows will also capitalize on weaknesses whenever they can.
The best defense for all of us against the thieves, scammers and general malcontents in this space is to propagate the knowledge and skills that can empower our entire community to feel empowered to defend themselves. Then we can look out for each other, serving as sentinels against all threats that may harm any citizen of the digital world.
What is a Blockchain Wallet?
The idea of a wallet seems simple enough. It’s the place where you put your money. There are certainly nuances that should go into a more formal definition, but that function is consistent with any wallet– from that leather tri-fold in your pocket to that slick hardware wallet that protects your valuable coins, tokens and NFTs.
Unlike those scraps of paper and shiny bits that people may put in a traditional wallet, however, in the crypto world your digital assets exist on the blockchain and can’t be folded up and taken with you. The blockchain itself records the history and protects the security of your transactions, and a wallet gives you your own private parking spot on the chain itself.
A place to put your stuff on the blockchain only fills half the purpose of your wallet though. As we’ve previously discussed in regards to private keys, you need your keys to be able access your assets. What good is a wallet that doesn’t open, no matter how well it protects your money? In addition to offering you an address to store your assets on the blockchain, a wallet must also offer you keys to securely access your digital hoard.
Caption: With a properly secured wallet, you can soar through the blockchain world with confidence!
What’s the Difference Between Wallet Options?
Your wallet offers you the security of having a blockchain address with public keys so you can receive and store your assets, as well as private keys so that you can securely access them.
Beyond those two points, however, there is a wide variety between different wallets and their functionality. Often people will use multiple wallets throughout their financial infrastructure for different types of assets and situations.
Supported Assets
There are many different blockchains out there, and each coin and token functions on a specific blockchain. There are certainly exceptions to this rule when dealing with more complex topics like bridges, wrapping and layer 2 solutions – but no wallet is going to support every chain and asset that exists.
The wallet provided as part of your Gala Games account is based in GalaChain and can support transactions throughout the entire Gala Ecosystem. It is also compatible with the Ethereum Network, and can bridge between the two chains using the Gala platform and hold any Ethereum assets, such as ERC-20 tokens.
It’s important to note that you can’t just send any asset to any wallet. You’ll notice that your Gala Inventory shows a different address for Ethereum and GalaChain. These are not interchangeable! Attempting to send your assets from Galachain to a blockchain address that doesn’t support them could easily result in your treasures being lost in the void of digital space.
Occasionally, you could wind up with more assets in your wallet than you realize. You’ll often need to set up support for a token on a particular wallet. In these cases, even though your items are in your wallet, you won’t be able to see them through your wallet until you follow the wallet’s procedure to add the token.
Hot vs Cold
Whether a wallet is “hot” or “cold” refers to if it has any connection to an external network. A hot wallet is any wallet that is stored on a device connected to the internet or any other network that allows it to potentially be accessed from outside the device itself. This covers most of the widely used wallets out there.
While you may only transmit public keys to sign transactions, your private keys can still be vulnerable to sophisticated attacks from outside forces. Hot wallets can certainly be secure, but also require that you pay very close attention to device security and protection and who you connect your wallet with.
Cold wallets aren’t connected to anything on any network. Your loot exists on the blockchain itself, but cold wallets store the keys to it safely offline where they can’t be accessed unless villains happen to get their hands on not only the physical device itself, but also acquire any needed passwords, PINs, seed phrases, or biometrics to open the vault. These can be set up on any unconnected device, but also includes standalone, dedicated hardware wallets that sign transactions offline within the device itself to access funds.
Features and Opportunities
Many wallets offer specific features and functionality that may make them preferable to use compared to other wallets. You may decide, for instance, that using a multi-chain wallet like Metamask is a better fit for you than another option because its browser extension is convenient to use and it can be used to hold any ERC-20 token, and it supports a ton of other networks.
You may opt instead for a more involved software wallet that offers more onboard analytics and data so that you can use it much more as a one-stop-shop for your asset management.
Just like with the management of physical assets, sometimes what works best for you has more to do with things like location and efficiency. Though the idea of location is a little different in the digital world, thinking of different blockchains as bordering countries may be a useful comparison.
There are usually ways to send your assets from their native chain to another, but it is usually far less convenient than transacting within their ecosystem within the chain. This may mean that a wallet with access to an address on a certain chain could prove more useful to you than another based on what your plans are with your digital treasures.
When Is a Wallet not a Wallet?
Your wallet and the keys that access it are your personal sovereignty in the blockchain world. There are many different types of wallets out there, but it is always important to remember that if you do not control it, it’s not your wallet.
Blockchain technology was founded on the pursuit of trustless systems. While that manifests as a spectrum across different platforms and ecosystems, if it’snot your keys, it’s not your crypto!
While having assets intertwined in curated ecosystems like centralized exchanges happens sometimes, the private keys to these coins and tokens are held by the company who runs the exchange.
A centralized exchange may have a native wallet that allows you control over your keys, but anything on the exchange itself is simply a representation of your share of ownership over the exchange’s wallet. This is often functionally the same… but in a pinch, a corporation is less worried about your interests than their own.
Reinforce Your Wallet
Your wallet is your personal treasure trove in the blockchain world, so you need to fortify it as best as possible. As we’ve discussed previously, this starts with protecting your private keys. If your most valuable treasures are stored in your own private vault, how fervently should you protect that one key?
Protecting your wallet isn’t just about keeping the bad guys out, but also ensuring that you can always get in. Recovery phrases should always be stored offline– preferably in non-digital, non-perishable formats. Getting fancy with spy-like security can be fun, but what good is your super-secure hard drive storing your recovery phrase when you spill your coffee on it?
We’ve covered a lot already in The Guardian Papers, but we’re not through yet. If you’ve missed anything that we’ve covered in our past installments, catch up below:
In our next few installments, we’ll be diving into the mind of a digital villain and breaking down some of the most common scams in the crypto world and their variations. It’s easy to think that you’ll never be fooled by those kinds of shenanigans – countless blockchain warriors have thought the same. Many have fallen to these same tactics.
More knowledge about how these enemies of personal, on-chain sovereignty can only improve your arsenal to both defend yourself and to fight back by helping to educate your fellow citizens of this new world. If you’d like to get started exploring how to get more out of your wallet, you can check out our support article on how to import your Gala Wallet into Metamask so that you can seamlessly tie your GalaChain assets into your profile on multiple chains. While you’re there, check out some other topics. Buffing your knowledge buffs your security, and none of us can let our guard down until everyone is informed enough to be secure!
