A cikin kasuwar crypto, babu abin da ke da zafi kuma yake da cin rai kamar ka wayi gari ka tsinci walat Ιinka wayam, ba tare da cikakken sanin abunda ya faru ba. Sau da yawa idan irin haka ta faru muna zargin cewa "hackers" ne masu amfani da wata babbar fasaha ta zamani suka sace mana kudi. Amma gaskiyar magana ita ce: yawancin lokuta mu da kanmu muke damka musu makullin dukiyar mu ba tare da mun sani ba.
Bayan gudanar da bincike mai zurfi a kan manyan matsalolin tsaro na sirri (OpSec - Operations Security) guda 47 da suka faru da masu zuba jari daban-daban, an gano wani abu mai ban tsoro. Kashi 100% na mutanen da aka yi wa fashi sun tafka kuskure guda daya tilo.
Menene wannan kuskuren? Kuma ta yaya zaka kare kanka? Karanta wannan rahoton har karshe domin tseratar da dukiyar ka.
Menene Wannan Sanannen Kuskuren?
Kuskure mafi girma da kowa ya tafi a kansa shi ne: Dogaro da Tsarin Tsaro na Yanar Gizo (Digital Security) Ba Tare da Kariya ta Zahiri Ba (Physical/Human OpSec).
A takaice, kusan duka mutane 47 da aka farmakarwa asusu sun dauka cewa tunda suna da "2FA" (Tabbatar da tsarin lamba biyu) ko kuma suna amfani da hadaddiyar kalmar sirri (password), to kudinsu yana nan lafiya. Sun manta cewa barayin crypto ba garkuwar blockchain suke fasa wa ba; shashancin dan adam suke amfani da shi.
Ga manyan hanyoyi guda uku da wannan kuskuren ya bayyana a cikin binciken:
1. Adana "Seed Phrase" a Muhallin Dijital
Kashi mafi yawa na wadanda aka taba asusunsu sun yi kuskuren daukar hoton Seed Phrase (kalmomin sirri guda 12 ko 24) a wayoyinsu, ko tura shi a Google Drive, iCloud, Email, ko a sashen "Saved Messages" na Telegram ko WhatsApp.
Hadarin: Da zarar an yi wa wayarka ko asusunka na Google/Apple kutse, barayin sun riga sun mallaki walat dinka kenan.
2. Sanya Hannu a Kan Kwangilar Bogi (Phishing & Smart Contract Approval)
Sakamakon hanzari ko kwadayin samun kyautar kudi (Airdrop), da yawa sun danganta walat dinsu da shafukan bogi. Sun amince da bukatar "Sign" ko "Approve" ba tare da sun karanta ainihin abin da yarjejeniyar (smart contract) ke nema ba.
Enjoying this analysis?
Subscribe to get more deep dives directly in your inbox.
Hadarin: Wannan yana baiwa barayin damar kwashe duka abin da ke cikin walat din ba tare da sun san kalmomin sirrinka ba.
3. "SIM Swap" (Sace Lambar Waya)
Wadanda suka dogara da lambar waya wajen karbar lambar sirri ta SMS (SMS-based 2FA) sun tsinci kansu a tarkon barayi inda barayin ke blocking na layin wayar mutum, su komar da shi kan wani sabon SIM.
Hadarin: Daga nan, barayin za su karbi duka lambobin tabbatarwa (OTPs) na canjin kalmar sirri zuwa asusunku na Binance ko wasu ma'amalolin kudi.
Dabaru Na Musamman
Idan kana son dukiyarka ta dore a cikin wannan kasuwar, dole ne ka canza dabi'unka na tsaro tun kafin lokaci ya kure maka. Salon yadda kwararru ke yi:
Koma Amfani da Hardware Wallet (Cold Wallet): Idan jarinka ya kai na wani babban adadi, kada ka bar kudadenka a walat din waya (Hot Wallet) kamar Trust Wallet ko MetaMask kadai. Yi amfani da na'urori kamar Ledger ko Trezor.
Goge Seed Phrase Daga Kan Wayar Salula: Kada ka taba bari kalmomin sirrinka su taba intanet. Rubuta su a jikin takarda ko karfe (metal plate), sannan ka boye su a guri mai tsaro a cikin gidanka inda kai kadai ka sani.
Ζauracewa SMS 2FA: Canza dukkan tsarin tsaronka zuwa manhajoji kamar Google Authenticator ko YubiKey. SMS ba shi da tsaro a duniyar crypto.
Duban Tsanaki Kafin Sanyawa Kowane Shafi Hannu (Revoke Approvals): Lokaci bayan lokaci, yi amfani da shafuka irinsu Revoke.cash domin cire dukkan wasu izini (allowances) da ka baiwa wasu shafukan da ba ka amfani da su.
A duniyar cryptocurrency, kai ne bankin kanka. Wannan yana nufin kana da duka ikon sarrafa kudinka, amma kuma duka nauyin tsaron kudin yana kanka ne. Idan ka yi sakaci da dokokin OpSec, babu wani banki ko hukuma da zata dawo maka da kudadenka.
Kada ka zama mutum na 48 a cikin wannan jerin na wadanda suka tafka asara. Gyara kayanka baya zama sauke mu raba!