Skip to main content

Security

Delegator Security

The launch of any public blockchain is an incredibly exciting time, and it's definitely one that malicious actors may try to take advantage of for their own personal gain. Owning and having access to cryptocurrency can make you a valuable target for an attacker, but there are many things you can do to improve your personal security and reduce or eliminate security risks.

Social Engineering

Social engineering has existed for about as long as human beings have been on the planet, and in the technical era, it usually takes in the form of phishing or spearphishing . Both of these attacks are wildly successful forms of trickery that are responsible for over 95% of account security breaches, and they don't just happen via email: these days, opportunistic and targeted phishing attempts take place anywhere that you have an inbox . It doesn't matter if you're using Signal, Telegram, SMS, Twitter, or just checking your DMs on forums or social networks, attackers have a plethora of opportunities to gain foothold in your digital life in effort to separate you from valuable information and assets that you most definitely don't want to lose. If a deal pops up that sounds too good to be true , or a message shows up asking for information that should never, ever be shared with someone else, you can always verify it before engaging with it by navigating to our official website or an official GotaBit communication channel on your own.

Key Management

The best way to minimize the risk of theft or loss of GTB is to have a strong storage and backup strategy for your private keys. The safest way to store your keys is offline, either in a cryptocurrency wallet or on a device that you never connect to the internet. The best backup strategy for your k yes is to ensure that you have multiple copies of them stored in safe places, and to take specific measures to protect at least one copy of your keys from any kind of natural disaster that is a likely possibility in your part of the world.

To protect your GTB, do not share your 12 words with anyone. The only person who should ever need to know them is you. You do not need to share your private keys if you're delegating GTB to a validator on the network or to use custodial services. If anyone asks for your key material,

Software Vulnerabilities

To protect yourself and ensure you're using the safest code is to use the latest version of software available, and to update immediately (or as soon as you can) after a security advisory is released. This is important for your laptops, mobile devices, cryptocurrency wallets, and anything else that may be linked to your identity or your cryptocurrency.

To protect your GTB, you should only download software directly from official sources, and make sure that you're always using the latest, most secure version of gotabitd when you're doing anything that involves your 12 words. The latest versions of Tendermint, and gotabitd will always be available from our official Github repositories.

Verifying Transactions

Be skeptical of technical advice, especially advice that comes from people you do not know in forums and on group chat channels. Familiarize yourself with important commands, especially those that will help you carry out high-risk actions, and consult our official documentation to make sure that you're not being tricked into doing something that will harm you or your validator.

When sending transactions or doing anything that may spend coins, you should always verify those transactions before hitting send. While address strings are long, it is important to visually comparing them in blocks of 4 characters at a time to ensure that you are sending them to the right place rather than into oblivion.

Account Security

One of the most important things you can do to protect your cryptocurrency and eliminate risk is to harden all of your critical online accounts. Attackers will try to gain foothold wherever they can, and will use that foothold to pivot from one place to another. Unprotected accounts like email, social media, your Github account For people who hold cryptocurrency, there are two specific account security actions that can be taken to eliminate specific risks that come with being part of the blockchain world. First, it is important to enable 2-factor authentication everywhere you can, and to make sure that you are using a code generator or U2F hardware key as a second factor. Second, be mindful of account recovery methods used to regain access to your most important accounts and make sure that you do not use SMS as a recovery method. If you haven't done so yet, start using an authenticator app or a hardware key immediately for your personal email account and wherever else you manage your tokens, especially if you use online exchanges.

Supply Chain Attacks

Whether you're buying a hardware or a hardware wallet, it is important to purchase whatever you need directly from the supplier or from a trusted source. This is the only way to completely eliminate the risk of a compromised device or chip from stealing your private keys, especially since there are reports of compromised wallets being sold on Amazon and through other popular online marketplaces.