NuFi: How to Protect Your Digital Assets and Secure your Funds
At NuFi, we provide a non-custodial wealth management platform for digital assets.
In 2021, scammers worldwide stole a record $14 billion worth of cryptocurrency — a five-fold increase on the previous year. At NuFi, we understand that security is of utmost importance for our users; in this article, we run through the most common types of theft, fraud, and scams in the crypto space, and the precautions you should take to protect your investment.
The NuFi team would like to highlight some measures that will keep your crypto investments safe:
Mnemonic/Seed Phrase Safety
NEVER SHARE YOUR MNEMONIC/SEED PHRASE!
This is important and the first rule of safeguarding your crypto investments. Giving out your mnemonic/seed phrase is essentially giving someone access to your crypto funds.
It is strongly recommended that you store your mnemonic/seed phrase offline, for example on a piece of paper that is stored securely. This is to prevent your mnemonic/seed phrase from being compromised if an online location is hacked. Do not take pictures of your mnemonic/seed phrase either. Note this applies to hot wallets and hardware wallets. If you have created a seed phase never share it.
Think of it like this — sharing your mnemonic/seed phrase can be compared to sharing details of how to access the funds in your bank account.
Social Media Scams
Receiving Direct Messages (DMs)
Beware of DMs relating to cryptocurrency on social media. Do not open any links that may be in these messages.
On social media channels (Discord and Telegram in particular), scammers often impersonate project admins, trying to trick you to steal your funds. NuFi staff will never DM you first on any of our social media platforms, so if you receive a message that appears to be from us, it is a scam. Ensure to report these messages and block the sender.
In general, we advise not to open, accept, or respond to direct messages regarding cryptocurrency on social media. If what they are offering seems too good to be true, it is most likely a scam.
A common tactic involves a scammer promising to send you crypto on receipt of you sending them crypto. In return, the scammer promises to send you more crypto than you initially sent. Do not engage with anyone making such offers — you will lose your funds. Where possible, block and report them.
An example of this is commonly found on YouTube, for instance, a video claiming Charles Hoskinson is offering a giveaway of 2000 ADA, under the condition you send 1000 ADA to a specific wallet. Participating in such ‘giveaways’ is a guaranteed way to lose your funds — DON’T DO IT.
Another common scam involves requesting you to send funds to a specific wallet to ‘test’ a transaction. This is yet another way in which scammers will fleece your crypto.
Do not participate or engage with anyone who is offering such returns — you will lose your crypto! As previously mentioned, if something seems too good to be true, it is most likely a scam.
Avoid using public Wi-Fi at all costs, especially on devices that you carry out any crypto-related activity on. It is also recommended to disable Near Field Connection and Bluetooth on any devices when out in public.
In many cases, public Wi-Fi is not secure and therefore provides a prime opportunity for scammers to steal data and implement malware onto devices connected to it. In such cases, a scammer can intercept the connection between the user’s device and the internet, causing the user to access a rogue website impersonating a legitimate website. Once the user enters their credentials on the rogue website, the scammer can subsequently steal these credentials and use them to log in to the legitimate website. Malware such as keyloggers can also be installed on devices connected to public Wi-Fi, which will record all keystrokes made on the device. This includes passwords when logging in to websites.
Imagine a scenario where someone had stored their mnemonic/seed phrase on their device, then connected to a public Wi-Fi via this device. Picture a scammer coming along, accessing the device via the public Wi-Fi, and stealing their seed phrase. Now imagine the scammer creating a rogue crypto wallet website, which the user accesses and tries to log in to. The scammer has essentially stolen the users’ log-in credentials for the legitimate website and has access to their seed phrase. Their crypto could be stolen in minutes, without them suspecting anything.
Therefore, avoid using public Wi-Fi.
Ensure you are using https://nu.fi/
Many scammers create websites that have a very similar (but not identical) name as the website you wish to access. Think ‘nu.fii’ as opposed to ‘nu.fi’. Such a scam occurred recently on a popular wallet website, where many users accessed a rogue version of the website due to a slight difference in spelling in the website name. Sadly, many lost funds due to entering their mnemonic/seed phrase on the rogue website, thus giving the scammers their mnemonic/seed phrase to use on the legit website. It is recommended to create a bookmark of the sites you use, to prevent accidentally accessing a rogue website.
So, always ensure you are using the correct website.
Where possible, store your crypto on non-custodial (preferentially hardware) wallets, as opposed to exchanges.
If an exchange goes down or is hacked, you have no control of your funds within them. Remember, not your keys, not your crypto!
If you do need to use an exchange, be sure to enable 2-Factor Authentication.
This adds a layer of security that helps to ensure it is you when carrying out certain tasks, such as logging in or making transactions. For example, when 2-Factor Authentication is enabled on Binance, when sending crypto from Binance account to an external wallet, you will be required to input a code sent to your mobile device, as well as a code sent to your email address, before the transaction can be processed.
How NuFi keeps you safe
NuFi provides a non-custodial wallet with Cardano (ADA) and Solana (SOL) integration. Flow blockchain (FLOW) will follow in early 2022 and more blockchains will come soon after. NuFi continues to build a multi-chain, multi-account wealth management platform with hardware wallet support (Ledger, Trezor).
Non-custodial means that you alone control your wallet’s private keys, giving you (and only you) unconditional ownership and control of your assets at all times. With a non-custodial wallet like NuFi, there’s no middleman who could restrict access to your wallet or the crypto stored in it.
Compatible with Hardware Wallets
NuFi wallet allows you to pair and use both Ledger and Trezor Hardware Wallets, for an added layer of security.
When making transactions on NuFi hot wallet accounts, your password will be required before the transaction can be made.
If you are logged in to the wallet but have been inactive for a period of 15 minutes, you will automatically be logged out. You will need to enter the wallet password to log back in again.
Always ensure that when you have finished, you log out of your NuFi wallet.
Profile Stored Locally
Your NuFi profile details are stored locally on your device. We do not store your wallet’s keys on our servers.
Connect with Us
The coming year will be exciting!
Come join us on our Discord server is where these diverse interests meet, and a great place to discuss, socialize, learn, get help and give feedback. We will announce new features (plus competitions, questions to users and more) on Twitter and Reddit.
The NuFi Team