EN

Translate:

Rachel Siegel
Home
Novice Guides
DeFi Hub
  • Start The Course
  • Decentralized Exchanges
  • Liquidity Pools & Staking
  • Impermanent Loss
  • Smart Contract Approvals
  • High TVL Yield
  • Using EVM Networks
  • Portfolio Trackers
  • Non Fungible Tokens (NFT)
  • Marketcap & FDV
  • Research Tools
  • Navigating Risk
CryptoFinally
  • Social & Web Links
  • Contact
Rachel Siegel
Home
Novice Guides
DeFi Hub
  • Start The Course
  • Decentralized Exchanges
  • Liquidity Pools & Staking
  • Impermanent Loss
  • Smart Contract Approvals
  • High TVL Yield
  • Using EVM Networks
  • Portfolio Trackers
  • Non Fungible Tokens (NFT)
  • Marketcap & FDV
  • Research Tools
  • Navigating Risk
CryptoFinally
  • Social & Web Links
  • Contact
More
  • Home
  • Novice Guides
  • DeFi Hub
    • Start The Course
    • Decentralized Exchanges
    • Liquidity Pools & Staking
    • Impermanent Loss
    • Smart Contract Approvals
    • High TVL Yield
    • Using EVM Networks
    • Portfolio Trackers
    • Non Fungible Tokens (NFT)
    • Marketcap & FDV
    • Research Tools
    • Navigating Risk
  • CryptoFinally
    • Social & Web Links
    • Contact

EN

  • Home
  • Novice Guides
  • DeFi Hub
    • Start The Course
    • Decentralized Exchanges
    • Liquidity Pools & Staking
    • Impermanent Loss
    • Smart Contract Approvals
    • High TVL Yield
    • Using EVM Networks
    • Portfolio Trackers
    • Non Fungible Tokens (NFT)
    • Marketcap & FDV
    • Research Tools
    • Navigating Risk
  • CryptoFinally
    • Social & Web Links
    • Contact
DeFi Hub

Navigating Risk

Phishing Attempts & Private Keys

Your private keys¹ and seed phrase² are the keys to your wallet and anybody who has these keys can get in, these are for your eyes and your eyes only. No customer support will ever ask you for your private key or seed phrase. 


Be aware of social engineering and phishing attempts to obtain your private information or download malware into your devices, avoid clicking links from unreliable sources, bookmark trusted sites and never download files from strangers. Only use reputable exchanges and products to mitigate risk of scams and trojan attack vectors.


  • ¹Private Keys are address agnostic, meaning they allow access into a single generated wallet address, single chain or EVM compatible.


  • ²Seed Phrase refers to the private keys to your wallet, every chain and address generated on a Metamask or hardware wallet.


Public vs Private Keys, By KnowYourCrook 

Every crypto account has two 256-bit keys associated with it, one public and one private. Because they are so long (64 characters), a shorter hash of each key is typically used to make things user friendly.


  • The hash of the public key (0x… on most chains) is known as the account address, and allows funds to be transferred INTO the account
  • The hash of the private key (a string of 12-24 words) is known as the seed phrase, and allows funds to be transferred OUT OF the account


Again, your private key/seed phrase allows funds to be transferred OUT of your account. This will never be required for tech support, software updates, “validating your wallet”, airdrop claiming, etc.

Links & Resources

Phishing Attempts & Scams

  • Common Scams on Mobile Devices, Binance Academy


  • How to Prevent Scammers from Draining a Wallet, DappRadar


DeFi Risk

  • How to Stay Protected in Web3, OpenSea


  • Five Tips for Managing Your Risks in DeFi, Coinmarketcap Academy

Smart Contract Exploit

A contract exploit is when code is compromised by an existing vulnerability. Warning signs for unsafe contracts include unlocked liquidity, unlimited mint functions, and other issues in the code. Security audits will show an analysis of these functions and are often publicly available. 


It's important to understand how exploits happen and know how to defensively protect yourself from the impact of potential exploit. 


Read more in Smart Contract Approvals.


  • Mitigate potential exploit by using multiple wallets, revoking approvals and avoiding contract interactions with unreliable protocols. 


  • Use a hardware wallet like Trezor or Ledger to increase security.

Links & Resources

  • What is Smart Contract Risk?, Coinmarketcap Academy


  • Conducting Due Diligence on DeFi Protocols, Defi Pulse


  • What are the Risks of DeFi?, Future Learn


MALICIOUS SITES: IMPOSTERS, HONEYPOTS & DRAINERS

Malicious Sites: Imposters, Honeypots & Drainers, By KnowYourCrook


Three types of websites to be on the lookout for when interacting with the DeFi ecosystem:


Imposter sites:

Imposter sites try to mimic legitimate sites, copying their front end and UI to look like the original site and trick people into believing they’re real. DEXs and bridges are often targets of imposter sites.


  • Always bookmark frequently used sites.


  • Double check the URL any time you engage with a Dapp.


Honeypots:

Honeypots are sites in which you can deposit funds, but never withdraw or retrieve (despite what the UI might say). Most often, these appear to be exchanges or investment sites.


  • Research a site before putting money in: how long has it been active, who is talking about it online, how did you learn about the site are all good questions to ask.


Wallet Drainers:

Drainers are sites with a malicious smart contract designed to transfer any or all funds and NFTs out of your wallet if you connect to it. These are most often disguised as free NFT mints, or airdrops.


  • If a site has you connect a wallet, pay attention to the details of what you’re asked to sign and the permissions requested to 'connect'. 


  • ‘Set Approval for All’, unlimited spend, or obfuscated (unreadable) permissions are a red flag that should be avoided during any wallet connection.

Links & Resources

Wallet Safety

  • Keeping Your Wallets Safe, KnowYourCrook


  • 4 Tips on Blockchain Cybersecurity: Stay Safe in Crypto, DappRadar


Wallet Risk

  • Hack vs Scam vs Attack vs Exploit: Understanding the Risks in Crypto and How To Stay Safe, Coinmarketcap Academy

Volatility

Be aware of potential volatility when buying tokens on DEXs, providing liquidity and staking in protocols. Price volatility is directly related to impermanent loss incurred in liquidity pools. Use single sided asset pairings and highly correlated pairs to avoid impermanent loss, avoid staking with high volatility tokens.


  • What are Rug Pulls in Crypto & How to Avoid Them, Coingecko Learn


Low market cap tokens do not guarantee a higher rate of return, or additional security against downward volatility. The spin button will randomly generate a coin listed on Coingecko, as a reminder that there will always be more coins, and it is impossible to reliably make a 1:1 comparison for future price movement.

Links & Resources

  • Risk Management: What Is It and Why Should I Use It?, Coinmarketcap Academy


  • Financial Risk Explained, Binance Academy


  • How to Manage Risk and Trade Responsibly, Binance


Click the button

Black Swan Events

A black swan refers to an unpredictable, low probability event that results in catastrophic consequences, the term was popularized by Nassim Taleb in The Black Swan: The Impact of the Highly Improbable. Taleb's interpretation of black swan theory as it applies to any event contains three components: Rarity, Results in Severe Consequences, Rationalized Post-Occurrence.  


An example of a recent black swan event in the crypto industry is the depegging³ of UST and collapse of Terra Luna, resulting in a $60 billion dollar wipeout on the market. Black swan events are often not isolated to the event that causes them, but continue to create ripple effects in aftermath. In the months following the collapse of UST and Terra Luna, we saw the subsequent collapse of CeFi⁴ lending platforms Voyager and Celsius, as well as the fall of Su Zhu & Kyle Davies' Three Arrows Capital. It is important to keep in mind that contagion⁵ often follows black swan events in crypto. Popularized methods of mitigating risk for black swan events include portfolio, protocol and wallet diversification, don't put all your eggs in one basket.


  • ³Depegging refers to when a token deviates from its intended price peg. Meaning, the tokenomics tie to the price of an external asset, when the token price deviates from the price of the external asset, it is depegging. Tokens with price pegs include stablecoins, which are intended to hold a 1:1 ratio with the US Dollar, as well as other tokenized assets, such as gold. In this example, UST was a stablecoin, with a $1 peg. 
  • ⁴CeFi is Centralized Finance, essentially, the concept of DeFi with yield returns and lending services, but with funds held through a third party custodian. At of the time of writing, every trusted CeFi product has gone bankrupt; due to this we won't go too far into them. 
  • ⁵Contagion is a spread of market disturbances, this is the ripple effect of downside on financial markets in response to a macroeconomic shock - an unexpected event that has a large scale impact on the economy, or in this case a black swan. 

Links & Resources

Black Swan

  •  Black Swan Theory, Wallstreet Prep


DeFi vs CeFi

  • DeFi vs. CeFi: Comparing decentralized to centralized finance, Cointelegraph


UST Depegging & Contagion

  • Unstable Stablecoin: How Cryptos Crash Broke the Buck for Terra's UST, Forbes 


  • Crypto Broker Voyager Digital Files For Chapter 11 Bankruptcy, Forbes 


  • Bankrupt Crypto Lender Celsius Receives US Grand Jury Subpoena, Bloomberg 


  • 3AC Founders Su Zhu & Kyle Davies Have Vanished, Like Terra LUNA CEO, Be in Crypto

Regulation & Censorship

DeFi is a new branch of blockchain technology, as such it is subject to heavy scrutiny by regulators and subsequently, centralized entities. When interacting with DeFi it is important to be aware of potential regulatory changes and ways they may affect you. 


A recent example of sanctions and regulations on DeFi, directly impacting users, is the Tornado Cash sanctions by the Treasury Department and OFAC. Tornado Cash is a well known privacy mixer, used to facilitate private transactions; the primary purpose of Tornado cash is to obscure the sender from the recipient, breaking the trail from the origins of the assets. 


In 2022 the Treasury Department and OFAC issued sanctions on Tornado Cash and all wallets that had interacted with the protocol, resulting in several DeFi front ends⁶ (subsequently attempting to remain compliant) blacklisting wallets that had interacted with the Tornado Cash protocol. 


It is however important to note that while a front end can blacklist a user from an interface they can not blacklist a user from a decentralized protocol. Meaning, if there is more than one front end, a wallet will still have access to the protocol. This is not true when dealing with centralized entities, such as USDC Circle, who have the ability to blacklist with finality. 


  • ⁶DeFi front ends are front end interfaces used to interact with decentralized protocols. The DEX websites you visit are front ends, whereas the code is decentralized. Be aware of the potential for "Front End Exploit", in which the interface can be compromised; stay up to date on social media for team updates. 

Links & Resources

Coin Mixers

  • What are Coin Mixers and How do They Work?, Decrypt


Censorship

  • Trust, Intermediaries and Censorship, The Defiant 


Tornado Cash

  • Tornado Cash Sanctions By U.S. Treasury Draw Outrage, Suits From Community, Forbes

Congratulations!

You just finished a crash course in Decentralized Finance. 


You should be proud that you took the time out to learn something new.


These resources will remain free & publicly available, so return anytime :)

DeFi Hub Landing

All resources are intended for informational and educational purposes only.

  • Home
  • Novice Guides
  • Start The Course
  • Contact
  • Disclaimer
  • Scams

© CryptoFinally 2024. All rights reserved.

These resources are intended for general guidance and educational purposes only. I am not an investment or financial advisor, and make no representation regarding the advisability of investing. 


For convenience only, this website may provide links or pointers to third party sites. While all information is provided in good faith, I make no representations about any other websites that may be accessed from this website. If you choose to access any such sites, you do so at your own risk.


Decentralized Finance is subject to significant risk, including risk related to smart contracts. 

This website uses cookies.

By continuing to use this site, you accept our use of cookies.

Close