Delegator Security
Launching a public blockchain is a fascinating period, and it's undoubtedly one that malicious actors may attempt to exploit for their own gain. You may be a valuable target for an attacker if you own and have access to cryptocurrencies. Still, there are numerous things you can take to strengthen your personal security and reduce or eliminate security threats.
Social Engineering
Social engineering (opens in a new tab) has existed for about as long as human beings have been on the planet, and in the technological era, it usually takes in the form of phishing (opens in a new tab) or spearphishing (opens in a new tab) . Both of these attacks are wildly successful forms of trickery that are responsible for over 95% of account security breaches, and they don't just happen via email: these days, opportunistic and targeted phishing attempts take place anywhere that you have an inbox (opens in a new tab) . It doesn't matter if you're using Signal, Telegram, SMS, Twitter, or just checking your DMs on forums or social networks; attackers have a plethora of opportunities (opens in a new tab) to gain foothold in your digital life in effort to separate you from valuable information and assets that you most definitely don't want to lose. Suppose a deal pops up that sounds too good to be true (opens in a new tab), or a message shows up asking for information that should never, ever be shared with someone else. In that case, you can always verify it before engaging with it by navigating to our official website or an official AIOZ Network communication channel on your own.
- Be skeptical of unexpected attachments or emails that ask you to visit a suspicious or unfamiliar website in the context of blockchains or cryptocurrency. An attacker may attempt to lure you to a compromised site (opens in a new tab) designed to steal sensitive information from your computer. If you're a Gmail user, test your resilience against the latest email-based phishing tactics here (opens in a new tab) .
- No member of the AIOZ team will ever send an email requesting account credentials or your 12 words, and we will always use our official Twitter, Medium, and Github accounts to engage with the AIOZ community directly.
If you receive an email or tweet that sounds too good to be true, it is likely to be a scam.
Key Management
The best way to minimize the risk of theft or loss of AIOZ is to have substantial storage and backup strategy for your private keys. The safest way to store your keys is offline, either in a cryptocurrency wallet or on a device that you never connect to the internet. The best backup strategy for your k yes is to ensure that you have multiple copies of them stored in safe places, and to take specific measures to protect at least one copy of your keys from any kind of natural disaster that is a likely possibility in your part of the world.
To protect your AIOZ, do not share your 12 words with anyone. The only person who should ever need to know them is you. You do not need to share your private keys if you're delegating AIOZ to a validator on the network or using custodial services. If anyone asks for your key material,
Software Vulnerabilities
To protect yourself and ensure you're using the safest code, use the latest version of the software and update immediately (or as soon as possible) after a security advisory is released. This is important for your laptops, mobile devices, cryptocurrency wallets, and anything else that may be linked to your identity or your cryptocurrency.
To protect your AIOZ, you should only download software directly from official sources. Make sure that you're always using the latest, most secure version of aiozd
when doing anything involving your 12 words. The latest versions of aiozd
will always be available from our official Github repositories.
No one from the AIOZ team will ever send an email asking you to download a software attachment after sending out a security advisory or making a patch available.
Verifying Transactions
Be skeptical of technical advice, especially advice that comes from people you do not know in forums and on group chat channels. Please familiarize yourself with essential commands, especially those that will help you carry out high-risk actions, and consult our official documentation to ensure that you're not being tricked into doing something that will harm you or your validator.
When sending transactions or doing anything that may spend coins, you should always verify those transactions before hitting send. While address strings are long, it is important to visually compare them in blocks of 4 characters at a time to ensure that you send them to the right place rather than oblivion.
Account Security
One of the most important things you can do to protect your cryptocurrency and eliminate risk is to harden all of your critical online accounts. Attackers will try to gain a foothold wherever they can and use that foothold to pivot from one place to another. Unprotected accounts like email, social media, your Github account, the AIOZ Forum and anything in between could allow an attacker to gain foothold in your online life.
For people who hold cryptocurrency, there are two specific account security actions that can be taken to eliminate specific risks that come with being part of the blockchain world.
-
First, it is important to enable 2-factor authentication everywhere you can, and to make sure that you are using a code generator or U2F hardware key (opens in a new tab) as a second factor.
-
Second, be mindful of account recovery methods used to regain access to your most important accounts and make sure that you do not use SMS as a recovery method. If you haven't done so yet, start using an authenticator app or a hardware key immediately for your personal email account and wherever else you manage your tokens, especially if you use online exchanges.
Supply Chain Attacks
Whether you're buying hardware or a hardware wallet, purchasing whatever you need directly from the supplier or from a trusted source is important. This is the only way to completely eliminate the risk of a compromised device or chip stealing your private keys, especially since there are reports of compromised wallets being sold on Amazon and other popular online marketplaces.
Disclaimer
Please note that this is highly experimental software. In these early days, we can expect to have issues, updates, and bugs. The existing tools require advanced technical skills and involve risks outside the AIOZ team's control (see also the risk section in the AIOZ Network Contribution Terms). Any use of this open-source Apache 2.0 licensed software is done at your own risk and on a "AS IS" basis, without warranties or conditions of any kind. All liability of the AIOZ team for damages arising in connection to the software is excluded. Please exercise extreme caution!`