ASSET TOKENIZATION ON BITCOIN
STAYING SAFE
Finally, a subject we’ve touched upon previously: security. This is something you definitely don’t want to leave up to chance. In the pursuit of token security it’s important you know what to look out for, which is what the final part of this module is all about.
Wallet recovery
When setting up your STOKR compatible wallet, it will provide you with a list of words chosen from a dictionary at random. Your private key is generated from this list of words, which is referred to as a seed phrase or recovery phrase by SideSwap respectively. This seed/recovery phrase serves as your backup plan if something happened to your wallet. Say you spilled tea over the laptop with your SideSwap on it,or completely lost your Ledger Nano S. By typing these words into a new wallet, it can regenerate your private key and thus you can gain access to your funds again.
While this phrase can be a real life-saver, it needs protection just like the private key does. The same rule applies: Never EVER share your seed/recovery phrase with anyone! Furthermore, you should never store any copies of your phrase digitally. In fact, it has specifically been designed to be easily written down on a sheet of paper. Think of your recovery sheet as the equivalent of the future value of your tokens in hard cash. Hide it well, put it in a safe or even a bank box. Make sure that only you have access to it.
Now let’s take a bit of a dark turn, shall we? You should consider what happens to your crypto-wealth in case something happened to you. Unlike the blockchain, we are all mortal beings after all. So how can we make sure that our tokens aren’t forever lost when we inevitably die? Keeping your recovery sheet in a bank box is a strong option here. Your last will, sealed by a notary can also serve as a way of disclosing a hiding spot or code to a safe in which your recovery sheet is hidden.
In any case, make sure that you don’t forget where your recovery sheet is and that it is safe from thieves or accidental discovery. You should also avoid the possibility of your wallet and recovery sheet being destroyed in the same event, like for instance a fire.
While this phrase can be a real life-saver, it needs protection just like the private key does. The same rule applies: Never EVER share your seed/recovery phrase with anyone! Furthermore, you should never store any copies of your phrase digitally. In fact, it has specifically been designed to be easily written down on a sheet of paper. Think of your recovery sheet as the equivalent of the future value of your tokens in hard cash. Hide it well, put it in a safe or even a bank box. Make sure that only you have access to it.
Now let’s take a bit of a dark turn, shall we? You should consider what happens to your crypto-wealth in case something happened to you. Unlike the blockchain, we are all mortal beings after all. So how can we make sure that our tokens aren’t forever lost when we inevitably die? Keeping your recovery sheet in a bank box is a strong option here. Your last will, sealed by a notary can also serve as a way of disclosing a hiding spot or code to a safe in which your recovery sheet is hidden.
In any case, make sure that you don’t forget where your recovery sheet is and that it is safe from thieves or accidental discovery. You should also avoid the possibility of your wallet and recovery sheet being destroyed in the same event, like for instance a fire.
Beware of social engineering
We already went over the private key and seed/recovery phrase being pieces of information that should never, ever, be shared with anyone. However, using tactics broadly referred to as social engineering, people are being tricked into giving up such sensitive information every day. In order to protect yourself from scammers, it is very important that you are aware of their methods.
a. Fake emails
First, we have to talk about phishing attacks. You probably know the drill. You receive an email that appears to come from a trusted entity, often a bank or website like Amazon. It tells you to verify some information by clicking a link, which takes you to a webpage that also appears to belong to the same organisation. However, any information you enter on that website is sent straight to the attackers. Often they try to evoke a sense of urgency or sometimes curiosity to elicit a quick reaction. In the crypto context, an exchange, wallet provider or even STOKR are entities that attackers might choose to impersonate.
Always check if the address that such emails are sent from really belong to the organisation in question. Because attackers are often unaware of the names of all the recipients, fake mails often use general terms, like “Dear Customer”, to address recipients. Other clues could be bad spelling or the email just not looking quite right. Don’t click the link if you notice any red flags. If you do click a link, check the web address of the page that opened. Is this really the website it is pretending to be, or is something fishy? Also check if its https is enabled, but don’t be fooled that you’re safe just because it is.
b. Fake messages
Also beware that phishing on mobile devices is on the rise. It appears that most people are less careful on their phones, compared to desktop devices. To target phones, attackers are also shifting from using email to instant messages and SMS. Remain vigilant. Always check if the senders are who they appear to be, and think twice before entering sensitive information on a webpage you got referred to via link.
c. Fake calls
Furthermore, also be vigilant when receiving any phone calls. Refrain from giving up any sensitive information to callers whose identity you can’t be sure of. And never give your seed/recovery phrase to anyone calling you. There is absolutely no legitimate reason to ask for it.
d. Fake wallets
Finally, attackers also build applications designed to look like wallets. Like the webpages that phishing emails send you to, these also send all information entered back to the attackers. Make sure you only download wallets from the official website of the creators, and think twice before entering your seed/recovery phrase or public key anywhere.
a. Fake emails
First, we have to talk about phishing attacks. You probably know the drill. You receive an email that appears to come from a trusted entity, often a bank or website like Amazon. It tells you to verify some information by clicking a link, which takes you to a webpage that also appears to belong to the same organisation. However, any information you enter on that website is sent straight to the attackers. Often they try to evoke a sense of urgency or sometimes curiosity to elicit a quick reaction. In the crypto context, an exchange, wallet provider or even STOKR are entities that attackers might choose to impersonate.
Always check if the address that such emails are sent from really belong to the organisation in question. Because attackers are often unaware of the names of all the recipients, fake mails often use general terms, like “Dear Customer”, to address recipients. Other clues could be bad spelling or the email just not looking quite right. Don’t click the link if you notice any red flags. If you do click a link, check the web address of the page that opened. Is this really the website it is pretending to be, or is something fishy? Also check if its https is enabled, but don’t be fooled that you’re safe just because it is.
b. Fake messages
Also beware that phishing on mobile devices is on the rise. It appears that most people are less careful on their phones, compared to desktop devices. To target phones, attackers are also shifting from using email to instant messages and SMS. Remain vigilant. Always check if the senders are who they appear to be, and think twice before entering sensitive information on a webpage you got referred to via link.
c. Fake calls
Furthermore, also be vigilant when receiving any phone calls. Refrain from giving up any sensitive information to callers whose identity you can’t be sure of. And never give your seed/recovery phrase to anyone calling you. There is absolutely no legitimate reason to ask for it.
d. Fake wallets
Finally, attackers also build applications designed to look like wallets. Like the webpages that phishing emails send you to, these also send all information entered back to the attackers. Make sure you only download wallets from the official website of the creators, and think twice before entering your seed/recovery phrase or public key anywhere.
Token recovery
Don’t get scared. We understand that the thought of losing your investment can be quite painful. Therefore, fear not. In case you lose the security tokens issued on STOKR because of any non-reversible action (seed/recovery phrase). You can always request Token recovery from STOKR. We will discuss this in the next module.
