Delegator Security Notice

The launch of any public blockchain is an exciting event and it's definitely one that malicious actors may try to take advantage of for their own personal gain. Owning and having access to cryptocurrency makes you a prime target for an attacker, but there are many things you can do to improve your personal security and reduce or eliminate security risks.

Social Engineering

Social engineering is a concept that has existed for a long time. In the technical sphere, it usually takes the form of phishing or spearphishing. These two types of attacks are wildly successful forms of social engineering attacks that are responsible for over 95% of account security breaches, and they don't just happen via email. These days, opportunistic and targeted phishing attempts take place virtualy anywhere. It doesn't matter if you're accessing your Emails, Telegram, SMS, Twitter, or just checking your DMs on forums or social networks, attackers have a plethora of methods to gain a foothold in your digital life in an effort to steal valuable information and assets that you most definitely don't want to lose. If a deal prevents itself that sounds too good to be true, or a message shows up asking for information that should never be shared with someone else, you can always verify it before engaging it by navigating to our official website or an official FunctionX communication channel on your own.

  • Be skeptical of unexpected attachments, or emails that asks you to visit a suspicious or unfamiliar website in the context of blockchains or cryptocurrency. An attacker may attempt to lure you to a compromised site designed to steal sensitive information from your computer. If you're a Gmail user, test your resilience against the latest email-based phishing tactics here.

  • Do your due diligence before purchasing FX. The FunctionX team will not be selling FX at launch, so if you see social media posts or emails advertising a token sale from us, they are not real and should be dismissed immediately. If you are looking to purchase FX, make sure that you've researched the seller or exchange to confirm that the tokens are coming from a trustworthy source.

  • No one from the FunctionX team will ever send an email asking for you to share any kind of account credentials or your 24-word mnemonic with us, and we will always use our official Website, Twitter, Medium, Forum, telegram and Github accounts to relay any important news and updates directly to the FunctionX community.

Bottom line is this, if you receive an email or tweet that sounds too good to be true, is likely to be a scam.

Key Management

The best way to minimize the risk of theft or loss of FX is to have a secure storage and backup strategy for your private keys. The safest way to store your keys is offline, either in a hardware wallet or on a device that you will never connect to the internet. The best backup strategy for your keys is to ensure that you have multiple copies of them stored in safe places. Your backup strategy should also account for the possibility that you may lose your keys in a disaster.

To protect your FX, do not share your 24 words with anyone. The only person who should ever need to know them is you. You do not need to share your private keys if you're delegating FX to a validator on the network or to use custodial services. If anyone asks for your keys, you should dismiss them immediately. The FunctionX team would never require you to provide us with your private keys under any circumstances.

Software Vulnerabilities

To protect yourself and ensure you're using the safest code is to ensure your software is updated to the latest version. It is important to update your software immediately (or as soon as you can) after a security advisory is released. Do also ensure that all your devices be it laptops, mobile devices, hardware wallets, are up to date with the latest software. Outdated software run a much higher risk of being hacked.

The latest versions of fxcored, Tendermint, and the Cosmos-SDK, will always be available from our official Github repositories.

No one from FunctionX team will ever send you an email that asks for you to download a software attachment after sending out a security advisory or making a patch available.

Verifying Transactions

Be skeptical of technical advice, especially advice that comes from people you do not know in forums and on group chat channels. Familiarize yourself with important commands, especially those that will help you carry out high-risk actions, and consult our official documentation to make sure that you're not being tricked into doing something that will adversely affect you or your cryptocurrency holdings.

When sending transactions or doing anything that incurs fees, you should always verify those transactions before carrying out the transaction. It is important to ensure that your transactions are sent to the right address. Address strings are long, one trick is to compare them in blocks of 4 characters at a time.

Account Security

One of the most important things you can do to protect your cryptocurrency and eliminate risks is to secure all of your critical online accounts. Attackers will try to gain a foothold in your online accounts wherever they can, and will use that foothold to pivot to your other online accounts. Unprotected accounts like email, social media, your Github account, the FunctionX Forum and any other forms of online accounts are all potential avenues that an attacker could gain a foothold of and impersonate your digital identity.

For people who hold cryptocurrencies, there are two account security actions that can be taken to eliminate risks that come with being part of the blockchain world.

  • First, it is important to enable 2-factor authentication (2FA) anywhere and everywhere you can, and to make sure that you are using a code generator or U2F hardware key as a second factor.

  • Second, be mindful of account recovery methods used to regain access to your most important accounts and make sure that you do not use SMS as a recovery method. If you haven't done so yet, start using an authenticator app or a hardware key immediately for your personal email account and wherever else you manage your tokens, especially if you use online exchanges.

Supply Chain Attacks

When you're buying any form of hardware especially a hardware wallet, it is important to purchase whatever you need directly from the supplier or a trusted source. This is the only way to completely eliminate the risk of your device or chip from being compromised. Compromised devices can allow attackers to steal your private keys. There are reports of compromised wallets being sold on Amazon and through other popular online marketplaces.

Disclaimer

Please note that fxcore is a highly experimental software. In the early days of production and development, we can expect to have issues, updates, and bugs. The existing tools require advanced technical skills and involve risks which are outside of the control of the FunctionX team. Any use of this open source Apache 2.0 licensed software will be at your own risk and on an "AS IS" basis, without warranties or conditions of any kind. Any liability pertaining to the FunctionX team for damages arising from the use of this software will be excluded. Please exercise extreme caution!

Last updated