The evolution of technology means that even the Internet itself will continue to evolve. From Web 1.0 to Web 2.0, we are now just getting started on the next iteration of the Internet – Web 3.0.
But even in its development stages, Web 3 already has some security challenges that hackers are taking advantage of.
Read on to hear about some of the latest Web 3 hacking horror stories and to learn how to stay safe in the coming Web 3.0 era.
Web 3 hacks are becoming more sophisticated
While the decentralized applications (dapps) we can access now are already somewhat Web 3, we aren’t really in a Web 3 version of the Internet yet. There is a lot of work that still needs to be done before Web 3 becomes fully functional.
Security is arguably the biggest challenge as regular media reports of Web 3 hacks highlight.
Web 3 can only be successful if the current security challenges are solved, making it nearly impossible for hackers to steal user funds.
A recent Twitter thread shared by thomasg.eth – the Founder of Arrow, a decentralized autonomous organization (DAO) working to build open-source Vertical Takeoff And Landing Airplane (VTOL) aircraft and air taxi protocol – who almost lost all his ethereum (ETH) in what he called a social engineering scam, shows how Web 3 scams are perpetrated.
It started with a user called ‘heckshine’ who reached out to thomasg.eth on Discord showing their interest in Arrow and offering to help. Heckshine then introduced Thomas to Linh, who is said to be passionate about VTOLs and working on a metaverse project. After multiple exchanges, Linh then mentioned that they launched their staking app and offered to send thomasg.eth two different non-fungible tokens (NFTs).
Things then got tricky because while Thomas asked to have the NFT sent to his hot wallet, Linh wanted to send it to his primary wallet. When Thomas asked to read through the contract before the NFT were sent to his main wallet, Linh started getting pushy. Thomas then realized that the tokens he approved were not Armstrong ETH, but rather Aave‘s aWETH and that on his main address, almost all of his ETH was sitting in Aave. His saving grace was that he had opted to move the NFT to a new ETH address.
And Thomas isn’t the only one. Todd Kramer, an NFT collector, lost 16 of his Bored Ape Yacht Club (BAYC) and other linked NFTs in what he sais was a hacking incident.
Unlike Thomas, Kramer lost his NFTs due to a phishing attack that happened when he clicked on a link that resembled an NFT dapp. It’s estimated that the NFTs that were stolen were worth around USD 2.2m. Luckily for him, he was able to recover some of them.
Unfortunately, these stories are becoming more and more common as hacks are getting more and more sophisticated.
How to stay safe in the budding world of Web 3: 5 tips
Let’s take a look at some of the methods you can use to protect yourself when diving into the budding world of Web 3 applications.
1. Don’t connect your wallet to just any dapp
Web 3 is still in its infancy and there is a lot that still needs to be figured out. If you are using Web 3, the first security measure you should take is to not connect your primary wallet to just any decentralized application.
If you have to connect your wallet to a dapp, make sure that it’s the right dapp to avoid losing your funds.
2. Don’t click on links shared on Telegram or Discord
While you can use Telegram and Discord to chat and connect with like-minded individuals, you still don’t entirely know what people’s true intentions on those networks are. And just like you’ve been advised to not click on random links shared on the Internet unless you can verify their source, the same rule applies to the links shared on both Discord and Telegram.
Always be careful when clicking on links to open dapps as links can easily be redirected. Ensure that the particular link you are accessing is the one shared by the particular dapp on their social pages.
3. Avoid sharing too much personal information online
Sharing too much information online can make you vulnerable to social engineering attacks. Never share personal information unless you know exactly why it’s needed and how it will be used.
Additionally, don’t share sensitive information such as transactional data linked to your primary wallet.
4. Verify that people you are talking to online are who they claim to be
Unfortunately, it’s not easy controlling who can reach out to you online. People can hide their real motives for wanting to connect with you but those motives are not necessarily innocent. That said, should anyone reach out to you online, you need to verify whether the person they purport to be is actually who they are.
It’s easy for scammers to open accounts impersonating others and use those accounts to swindle innocent users.
One of the ways to verify if whomever you are talking to is who they claim to be (especially when working in anonymous teams) is to reach out to the actual person via other channels. This way, you will know whether you are talking to the actual person they claim to be or an impersonator.
5. Use different credentials for different sites
Using one credential across different social or web pages is never a good idea. Consider using a password manager. Good password managers will not only create strong passwords but unique ones for that matter. This way, should you end up getting hacked on one account, all your other accounts will be safe.
Although Web 3 is in its infancy stage, it does look like we could be heading to this new version of the Internet within the next decade. However, before everyday users can actually use the “decentralized Internet,” security issues will need to be fixed. Otherwise, Web 3 may not come to fruition.