Navigating Risk

Your private keys¹ and seed phrase² are the keys to your wallet and anybody who has these keys can get in, these are for your eyes and your eyes only. No customer support will ever ask you for your private key or seed phrase. 

Be aware of social engineering and phishing attempts to obtain your private information or download malware into your devices, avoid clicking links from unreliable sources, bookmark trusted sites and never download files from strangers. Only use reputable exchanges and products to mitigate risk of scams and trojan attack vectors.

• ¹Private Keys are address agnostic, meaning they allow access into a single generated wallet address, single chain or EVM compatible.

• ²Seed Phrase refers to the private keys to your wallet, every chain and address generated on a Metamask or hardware wallet.

Public vs Private Keys, By KnowYourCrook 

Every crypto account has two 256-bit keys associated with it, one public and one private. Because they are so long (64 characters), a shorter hash of each key is typically used to make things user friendly.

• The hash of the public key (0x… on most chains) is known as the account address, and allows funds to be transferred INTO the account
• The hash of the private key (a string of 12-24 words) is known as the seed phrase, and allows funds to be transferred OUT OF the account

Again, your private key/seed phrase allows funds to be transferred OUT of your account. This will never be required for tech support, software updates, “validating your wallet”, airdrop claiming, etc.

Malicious Sites: Imposters, Honeypots & Drainers, By KnowYourCrook

Three types of websites to be on the lookout for when interacting with the DeFi ecosystem:

Imposter sites:

Imposter sites try to mimic legitimate sites, copying their front end and UI to look like the original site and trick people into believing they’re real. DEXs and bridges are often targets of imposter sites.

• Always bookmark frequently used sites.

• Double check the URL any time you engage with a Dapp.

Honeypots:

Honeypots are sites in which you can deposit funds, but never withdraw or retrieve (despite what the UI might say). Most often, these appear to be exchanges or investment sites.

• Research a site before putting money in: how long has it been active, who is talking about it online, how did you learn about the site are all good questions to ask.

Wallet Drainers:

Drainers are sites with a malicious smart contract designed to transfer any or all funds and NFTs out of your wallet if you connect to it. These are most often disguised as free NFT mints, or airdrops.

• If a site has you connect a wallet, pay attention to the details of what you’re asked to sign and the permissions requested to 'connect'. 

• ‘Set Approval for All’, unlimited spend, or obfuscated (unreadable) permissions are a red flag that should be avoided during any wallet connection.

A black swan refers to an unpredictable, low probability event that results in catastrophic consequences, the term was popularized by Nassim Taleb in The Black Swan: The Impact of the Highly Improbable. Taleb's interpretation of black swan theory as it applies to any event contains three components: Rarity, Results in Severe Consequences, Rationalized Post-Occurrence.  

An example of a recent black swan event in the crypto industry is the depegging³ of UST and collapse of Terra Luna, resulting in a $60 billion dollar wipeout on the market. Black swan events are often not isolated to the event that causes them, but continue to create ripple effects in aftermath. In the months following the collapse of UST and Terra Luna, we saw the subsequent collapse of CeFi⁴ lending platforms Voyager and Celsius, as well as the fall of Su Zhu & Kyle Davies' Three Arrows Capital. It is important to keep in mind that contagion⁵ often follows black swan events in crypto. Popularized methods of mitigating risk for black swan events include portfolio, protocol and wallet diversification, don't put all your eggs in one basket.

• ³Depegging refers to when a token deviates from its intended price peg. Meaning, the tokenomics tie to the price of an external asset, when the token price deviates from the price of the external asset, it is depegging. Tokens with price pegs include stablecoins, which are intended to hold a 1:1 ratio with the US Dollar, as well as other tokenized assets, such as gold. In this example, UST was a stablecoin, with a $1 peg. 
• ⁴CeFi is Centralized Finance, essentially, the concept of DeFi with yield returns and lending services, but with funds held through a third party custodian. At of the time of writing, every trusted CeFi product has gone bankrupt; due to this we won't go too far into them. 
• ⁵Contagion is a spread of market disturbances, this is the ripple effect of downside on financial markets in response to a macroeconomic shock - an unexpected event that has a large scale impact on the economy, or in this case a black swan. 

DeFi is a new branch of blockchain technology, as such it is subject to heavy scrutiny by regulators and subsequently, centralized entities. When interacting with DeFi it is important to be aware of potential regulatory changes and ways they may affect you. 

A recent example of sanctions and regulations on DeFi, directly impacting users, is the Tornado Cash sanctions by the Treasury Department and OFAC. Tornado Cash is a well known privacy mixer, used to facilitate private transactions; the primary purpose of Tornado cash is to obscure the sender from the recipient, breaking the trail from the origins of the assets. 

In 2022 the Treasury Department and OFAC issued sanctions on Tornado Cash and all wallets that had interacted with the protocol, resulting in several DeFi front ends⁶ (subsequently attempting to remain compliant) blacklisting wallets that had interacted with the Tornado Cash protocol. 

It is however important to note that while a front end can blacklist a user from an interface they can not blacklist a user from a decentralized protocol. Meaning, if there is more than one front end, a wallet will still have access to the protocol. This is not true when dealing with centralized entities, such as USDC Circle, who have the ability to blacklist with finality. 

• ⁶DeFi front ends are front end interfaces used to interact with decentralized protocols. The DEX websites you visit are front ends, whereas the code is decentralized. Be aware of the potential for "Front End Exploit", in which the interface can be compromised; stay up to date on social media for team updates.