To make Midas as secure as it can be, we also need every user to do their part in protecting their account! In this article, we are going to discuss some general security tips, then progress to crypto-specific security, and finally cover some common scams and how to identify them. The beauty of security is that it is beneficial for everyone – when you keep your information secure, you allow Midas to continue offering you the highest rates of any platform.
Before we begin, allow me to introduce myself. My name is Jesse Phillips and I have been a Midas user since December 2021. It is simply unbelievable how quickly the platform has grown since then! Unfortunately, that also means the number of potential scams have increased. I have been blessed with the opportunity to become a Midas Mentor on Discord (Pontiac#6986) along with the chance to contribute to the community by writing this article. At my day job, I work in Network Security for a chain of banks in the US. Thus, it was only natural for me to express interest in keeping everyone as secure as possible! Through this course, I hope to help you learn more about keeping your information safe and ease some concerns new users of Midas may have.
General security tips
Let’s begin by looking over some general cybersecurity tips. No matter how technologically literate you may be, it’s never a good idea to assume you won’t be compromised. After all, the scams we see wouldn’t exist if users didn’t fall for them. I like to see cybersecurity as a constant battle between good and evil – it is never ending and thus you need to be aware of your presence on the internet to avoid falling victim!
If someone were to access your computer, how easily could they drain your crypto accounts? While keeping your software up to date with the latest security patches is essential, the unfortunate reality is that many accounts are compromised because of written-down and/or weak passwords. Be diligent with your passwords and do not use the same one on multiple sites, especially multiple crypto exchange accounts that are linked to your payment information. There are many good password managers to choose from that will help you keep up with this without becoming a headache. If not using a password manager, change your passwords often, at least once every 90 days. A personal favorite password scheme is taking a phrase, shortening it to the first letter of each word, and adding special characters to it. For example, Midas Investments Offers The Highest Rates Of Anyone can become something like Miothroa028#. Lastly, set up 2FA if you do not use it! While no single solution is perfect, almost every service offers 2FA and it would be irresponsible to not take advantage of it.
Next, let’s look at another incredibly common attack vector: emails! Phishing attempts will always be present and it requires you to pay close attention. If an attacker were to impersonate the Midas team and email you to ask about your balances, account info, etc. ask yourself why they would want to know this? Wouldn’t they have some of this info already? What will happen if I click this big shiny button in the email to sign into my Midas account? While this example would be a fairly obvious phishing attempt, you should always remain alert. If you receive an email from the Midas team that you are suspicious of, reach out to the support team and ask if the email came from them. Check the sender’s address and compare it to previous emails you’ve received from Midas – does it match?
Crypto security tips
Now that we’ve covered the basics, let’s take a look at some best practices specifically for crypto. According to the Midas FAQ, the team aims to keep less than 10% of user funds at any given time in a hot wallet that handles withdrawals. Do you use a cold wallet for funds not stored on Midas or are considering using one? Leaving coins sitting on an exchange has inherent risks, and surely you have heard the saying, “not your keys, not your crypto”. By moving your coins into cold storage, you gain complete control over them and do not have to worry about your favorite exchange being hacked. There are many cold wallets available and I strongly recommend reading reviews on each of them to determine what is best for you! Ledger and Trezor are among the most popular.
As mentioned previously, use 2FA! If you’d rather not use a cold wallet or intend to trade on a short timeframe, setting up 2FA on the exchange you use is a must. 2FA alone cannot always prevent one from accessing your account, but not using it makes you even more vulnerable and could be the difference between keeping your coins, or losing everything. Remember to export any authentication codes if changing devices! Additionally, consider using biometric authentication if your device supports it. This completes the trifecta: something you have, something you know and something you are. While we’d like to think that our favorite services will be able to resist being compromised, pay special attention to any texts sent to you containing a code required for signing into a site. Exchanges like Binance provide you with a login code that you can cross-check with your texts and emails to verify it was them who sent you the info. Just because you are used to entering an SMS code to log into a service doesn’t mean you should blindly assume it is from the usual sender!
Never share the balances you hold on Midas or any other platform. While it’s great to share your gains, doing so can paint a giant target on your back and can even pose a risk to the Midas platform as the platform becomes an attack vector. One of the biggest selling points of crypto is that it can be anonymous – why change that? The crypto space is an often dangerous place, and only more so when someone knows the value of your holdings. The Midas FAQ contains valuable information on what the team does to keep your funds safe, but it all begins with you!
Scams and how to identify them
Let’s take a look at some of the most common scams that happen in crypto. Nearly all of them are easily preventable once you are aware of them, and Midas takes great interest in keeping your funds secure. After all, Midas can’t give you the highest rates if you have nothing to receive interest on!
YouTube giveaway scam: this scam generally involves a celebrity sending you double the amount of crypto you send them. Naturally, anything you send them is lost forever. The scammer will upload a real video (or sets up a live stream to make it look more authentic) of said celebrity (Michael Saylor, Elon Musk, Cathie Wood, etc) speaking about crypto at some public event, and at times what they are saying is scarily close to sounding like a giveaway. There are quite a few obvious red flags in this situation, but the scam wouldn’t exist if people didn’t fall for it. If Elon Musk, the world’s richest man, was giving away crypto, surely mainstream news would be reporting on it and Elon would at least tweet something about it. And given his vast wealth, why would he expect you to send crypto to him first?
Airdrop scam: Who doesn’t love getting free tokens? Unfortunately, airdrops in my opinion are the phishing email of the crypto world. If you get an airdrop for a token you’ve never heard of or weren’t expecting, don’t interact with it! With this scam, you are usually instructed to send the tokens to some website to be able to sell or swap them. Do not do this! This scam targets those who are new to crypto or those who simply haven’t done enough research. You will lose the “free” airdrop, and could even lose everything in your wallet. It is important to understand that the coins given to you in these airdrops were never worth anything, they were simply used to lure you in. Any legitimate project will clearly communicate when they are doing airdrops – if you’ve received coins out of nowhere, ignore it and do not interact with it.
Initial Coin Offering (ICO) scam: You’ve been offered the opportunity of a lifetime – buying a new coin for cheaper than anyone else! Perhaps the team behind the project is implementing revolutionary technology that no other project has. They’ve emailed you newsletters, paid someone to advertise for them, doxxed themselves (are they really who they say they are?) and assured you that this coin will go to the moon. There’s only one catch: the coin isn’t actually circulating yet, and they want you to make an early deposit to reserve your spot for getting this coin at a discount. Unfortunately, you are either losing your deposit or will simply get rug pulled shortly after buying into the coin. While there are many legitimate projects out there that may engage in a similar practice, you need to be very diligent and research the teams behind them. Does anyone on the project have related prior experience? Does it seem like the technology they are touting can actually be implemented by them? How do members of the team react to being questioned?
Fake apps: Let’s face it: malicious apps make it past the security of the Apple App Store and Google Play Store all the time. However, you should never download apps outside of these platforms unless you are aware of what to look for. For beginners, it is highly recommended to stick with well known exchanges and wallets. Take Coinbase for example, the world’s first publicly-traded cryptocurrency exchange company. Or Binance, the world’s largest cryptocurrency exchange. While these platforms could be hacked and lose users’ funds as a result, malicious apps will generally steal everything from you and it could even spill outside of crypto and into identity theft. Take for example the Cardano wallet listed below – there are multiple red flags here. The “Cardano Group” isn’t an official group, and they certainly wouldn’t have “FREE” in their name. It has low ratings, few downloads, and the description likely contains broken English and promises of riches. Any crypto sent to this wallet would be lost forever.
Impersonation of the Midas team: We are lucky to have such a great team behind Midas, especially our Community Manager, Anya. It is for this reason that you should always be suspicious of any direct messages you may receive from someone who claims to be from the Midas team. Unfortunately, as the TVL and user base of Midas grows, this will only become more common. They will never message you to ask about your balances or send you links to update sections of your account. All official communication is handled by a member of the team in the appropriate channels. If in doubt, message the member of the team who messaged you directly from the server list – ask them to confirm if they actually sent you a message! Be sure to share the messages you receive from a fake account with them as well. The accounts will be banned and in some cases an announcement will be made to alert other users!
