| sidebar_position | 8 |
|---|
Security is paramount in Web3. This guide covers essential security practices for protecting your wallet, assets, and privacy when using Ethereal Offering.
Your seed phrase (12-24 words) is the master key to your wallet.
β DO:
- Write it down on paper (never digital)
- Store in a secure location (safe, safety deposit box)
- Make multiple copies (different locations)
- Use a metal backup (fireproof, waterproof)
- Memorize it (if possible)
- Test recovery (on a separate device)
β DON'T:
- Take a photo of it
- Store in cloud (Google Drive, iCloud, etc.)
- Email or text it
- Share with anyone (even "support")
- Store in password manager
- Write it on your computer
If someone gets your seed phrase, they own your wallet. Forever.
Recommended for large amounts:
Ledger Nano X/S:
- Stores keys offline
- Requires physical confirmation
- Supports Ethereum, Bitcoin, etc.
- ~$79-$149
Trezor Model T/One:
- Open-source firmware
- Touchscreen (Model T)
- Multi-currency support
- ~$69-$219
How to use:
- Buy from official website only
- Set up with new seed phrase
- Connect to MetaMask
- Confirm transactions on device
- Keys never leave device
If using MetaMask, Rainbow, etc.:
β Best Practices:
- Use strong password (20+ characters)
- Enable biometric lock (Face ID, Touch ID)
- Lock wallet when not in use
- Use separate wallet for large amounts
- Keep browser updated
- Use antivirus software
- Don't install sketchy extensions
β Avoid:
- Weak passwords ("password123")
- Leaving wallet unlocked
- Using same wallet for everything
- Outdated browser
- Pirated software
- Too many browser extensions
1. Phishing Websites
How it works:
- Fake website looks like real one
- You connect wallet
- Malicious contract drains your funds
How to avoid:
- Bookmark official site
- Check URL carefully (etherealoffering.org)
- Look for HTTPS and lock icon
- Verify contract addresses
- Use hardware wallet for large transactions
2. Fake Support
How it works:
- Scammer DMs you pretending to be support
- Asks for seed phrase or private key
- Steals your funds
How to avoid:
- We will NEVER DM you first
- We will NEVER ask for seed phrase
- We will NEVER ask for private keys
- Block and report suspicious DMs
- Only ask for help in public channels
3. Airdrop Scams
How it works:
- "Free tokens" sent to your wallet
- You try to sell them
- Malicious contract drains your wallet
How to avoid:
- Don't interact with unknown tokens
- Don't approve unknown contracts
- Use token allowance checker
- Revoke suspicious approvals
4. Impersonation
How it works:
- Scammer creates fake Twitter/Discord
- Announces fake giveaway
- Asks you to "verify" wallet
- Drains your funds
How to avoid:
- Verify official accounts (checkmark)
- Check follower count
- Look for typos in username
- Never "verify" your wallet
- No legitimate giveaway asks for seed phrase
π© Warning signs:
- Unsolicited DMs
- Urgency ("Act now!")
- Too good to be true
- Asking for seed phrase
- Asking for private key
- Asking to "verify" wallet
- Misspelled URLs
- No HTTPS
- Unverified contracts
If it feels wrong, it probably is. Trust your gut.
Always review:
- Contract Address - Is it the official contract?
- Function - What is the transaction doing?
- Value - How much ETH are you sending?
- Gas Fee - Is it reasonable?
- Token Approvals - What are you approving?
Example MetaMask Review:
Contract: 0x1234...abcd (Sacred Altar)
Function: makeOffering
Value: 0.01 ETH (donation)
Gas: 0.002 ETH (~$4)
Approving: 100 ETHO
Questions to ask:
- Is this the right contract? β
- Do I want to make an offering? β
- Is 0.01 ETH donation correct? β
- Is gas fee reasonable? β
- Am I okay approving 100 ETHO? β
If anything looks wrong, REJECT the transaction.
Verify on Etherscan:
- Go to etherscan.io
- Paste transaction hash
- Check status (Success β or Failed β)
- Review events (OfferingMade, Transfer, etc.)
- Verify amounts
Example:
Status: Success β
From: 0xYourAddress
To: 0xSacredAltar
Value: 0.01 ETH
Tokens Transferred:
- 100 ETHO (burned)
- 1 POB NFT (minted)
- 50 MDAO (received)
Pseudonymity vs Anonymity:
Pseudonymous (default):
- Wallet address is public
- Transactions are visible
- But not linked to real identity
Anonymous (advanced):
- Use Aleo privacy layer (future)
- Zero-knowledge proofs
- Transactions hidden
Tips for privacy:
- Use separate wallet for recovery activities
- Don't doxx yourself (link wallet to real name)
- Be careful what you share publicly
- Use VPN when connecting
- Consider Tor for extra privacy
What we collect:
- Wallet address (public)
- Transaction history (on-chain)
- IP address (server logs)
What we DON'T collect:
- Real name
- Email (unless you provide)
- Location (unless you share)
- Seed phrase (never!)
- Private keys (never!)
Your data rights:
- Request data deletion
- Opt out of analytics
- Use privacy tools
- Control what you share
Our contracts are audited by:
- [Audit Firm 1] - Report: [Link]
- [Audit Firm 2] - Report: [Link]
What audits check:
- Code vulnerabilities
- Logic errors
- Gas optimization
- Best practices
- Known attack vectors
Audits are not guarantees - bugs can still exist.
Report bugs, earn rewards:
| Severity | Reward | Example |
|---|---|---|
| Critical | $10,000 | Drain treasury |
| High | $5,000 | Steal user funds |
| Medium | $1,000 | Bypass access control |
| Low | $100 | Gas optimization |
How to report:
- Email: security@psanctuary.org
- Include: Description, steps to reproduce, impact
- Wait for response (24-48 hours)
- Receive reward (if valid)
Rules:
- Don't exploit the bug
- Don't share publicly before fix
- Give us time to patch
- Be professional
Our upgrade policy:
Immutable Contracts:
- Token contracts (PSILO, MDAO, ETHO, etc.)
- Cannot be changed
- Permanent code
Upgradeable Contracts:
- Governance
- Treasury
- AMM Router
- Can be upgraded via DAO vote
Upgrade process:
- Proposal submitted
- Community review (7 days)
- DAO vote (3 days)
- If approved, upgrade executed
- Announcement to community
Immediate actions:
- Transfer assets to new wallet (if possible)
- Revoke approvals on compromised wallet
- Change passwords on all accounts
- Scan for malware on your device
- Report to community (warn others)
Prevention:
- Keep seed phrase secure
- Use hardware wallet
- Don't click suspicious links
- Keep software updated
Unfortunately:
- Your funds are permanently lost
- No one can recover them
- Not even us
- This is the nature of decentralization
Prevention:
- Multiple backups
- Different locations
- Metal backup
- Test recovery
Report immediately:
- Don't exploit it
- Email security@psanctuary.org
- Include details (description, steps, impact)
- Wait for response
- Receive bug bounty (if valid)
We appreciate responsible disclosure.
- Lock wallet when not in use
- Check for suspicious transactions
- Review token approvals
- Update software if needed
- Review wallet activity
- Check for phishing emails
- Scan for malware
- Backup important data
- Review all token approvals
- Check seed phrase backup
- Update passwords
- Review security settings
- Full security audit
- Test seed phrase recovery
- Review all accounts
- Update emergency contacts
Revoke token approvals:
- Revoke.cash - Check and revoke approvals
- Etherscan Token Approvals - Official checker
How to use:
- Connect wallet
- View all approvals
- Revoke suspicious ones
- Confirm transaction
Preview transactions before signing:
How to use:
- Paste transaction data
- Run simulation
- Review results
- Decide to sign or reject
Monitor your wallet:
Features:
- View all assets
- Track transactions
- Monitor approvals
- Get alerts
- MetaMask Security Guide - Official guide
- Ledger Academy - Hardware wallet education
- Ethereum.org Security - Official Ethereum guide
- Discord #security - Ask questions
- Forum Security Category - Discuss security
- Email: security@psanctuary.org
Security is a practice, not a product.
- Stay vigilant
- Trust but verify
- Question everything
- Protect your keys
- Help others stay safe
We're all in this together. Let's keep our community safe. πβ¨
"Not your keys, not your coins. Not your seed phrase, not your wallet. Security is sovereignty."