Does the metaverse exist? Is it a technology utopia, a critical utopia, or a full blown dystopia? Whatever you decide, there is no denying the Winklvoss twins are playing a prominent roll in digital Gotham.
⌐◨-◨
In Ben Mezrich’s book Bitcoin Billionaires the Winklevii, scorned by Zuckerberg, find out about Bitcoin while in Ibiza, buy a bunch of it with their Facebook settlement money and become orange coin whales.
⌐◨-◨
However, what really stuck out about their story was the lengths in which the Winklevii go to protect their BTC. These twins are OpSec masters. As we remember it, they use offline laptops in windowless rooms creating secret recovery phrases, which they scatter across three different time zones in America, inside safety deposit boxes at three completely separate banks to keep their private keys safe.
⌐◨-◨
At the time, it was exhausting just reading about the paranoid extremes the twins deployed to protect their magic internet beans, but now we get it. Escalating daily social engineering scams like the most recent Open Sea hack, and BAYC owners tweeting about having their apes stolen, the way Canada handled the Freedom Convoy, and the seeing the long lines at Russian ATM machines, and the daily barrage of CBDCs launches dominating our feed these days, all make 2022 seem like a good time to chat about self-sovereignty, going bankless, storing digital assets.
⌐◨-◨
What we really need is a modern day Batman on these digital streets taking out the scammers, fraudsters, and corruption on a nightly basis, but until then, the best we can all do is read, learn, and participate in the digital asset ecosystem at whatever level you are currently comfortable with.
💰+ 🔑 Not Your Keys, Not Your Coins
Traditionally, unless you kept cash under your mattress, or hoarded gold bars in your house, we all trusted a third party with our valuables, usually a bank.
This arrangement appeared to work well for a long time. However, in September 2008 we remember frantically calling our brokerage firm to find out if they had “broken the buck”. It turns out our “money” which by 2008 was mostly digits on a screen, that was kept in presumably ultra safe money market accounts, was at risk. Some brokerage firms reported in 2008 their customers only had .97 cents for every $1 they had the day before. Chilling right?
This served as a wake up call for everyone. Over the coming months and years runs on banks happened in places like Iceland, Greece, and other countries. Basically, the world’s financial system was exposed for not keeping our assets safe.
As scary as 2008 was, it did inspire Satoshi and others who seriously commited to building potential solutions, which in turn has birthed the digital asset world we now starting to at least partially live in.
Things is, like most technological advances, we are so early the user interfaces and experiences aren’t exactly Jony Ive-esque.
Furthermore, because most of us have spent the last decade plus tapping away at beautifully designed apps and aimlessly scrolling, we have little patience for non-intuitive designs and functionality — we all just want to push-button-get-thing.
Simultaneously, the world is in the early innings of a centralized vs. decentralized tug of war. Of course, the hope is that we end up with the best of both worlds, however, it is probably best to take the time to learn about how to buy, sell and store digital assets yourself. That way, as products and services start to blur the lines between centralization and decentralization through amazing user experiences each one of us can do our own risk reward analysis.
This rabbit hole goes deep, but here are a few quick onboarding paths to DYOR on.
As always, non of this is financial or security advice. Just information.
There are three pillars to interacting with Web 3 and taking control of your digital assets: Exchanges, Wallets, and Communities.
Centralized Exchanges
Coinbase, Gemini, Kraken
Without a doubt the most popular onramp to digital assets is the centralized exchange. Maybe you saw the bouncing QR code during the Super Bowl, or Matt Damon convinced you it was time to dabble in the crypto world, either way, you probably ended up signing up for a centralized digital exchange.
Central exchanges are organized similarly to brokerage or bank accounts. Once the account is open you can fund your account via EFT bank transfers, or, to a limited extent, your credit card.
Decentralized Exchanges
Uniswap, SushiSwap, etc
This is where the magic starts. Decentralized exchanges mean you are going peer-to-peer with only software in between.
Automated market makers (AMMs) offer one type of exchange, that allows you to exchange one token for another.
It works a lot like those currency kiosks at the airport — while it is quick and convenient, you probably aren’t going to get the best exchange rate, and sometimes that is perfectly fine.
Digital Wallets
Hot Wallet: (seed phrase based) MetaMask, Rainbow, etc.
Social Recovery Wallet: Argent, etc.
Cold Wallet: Ledger, Trezor.
These are your hub, and to hackers, this is their attack vector. There are hot wallets, cold wallets, and multi-sig wallets — they all store your private keys so you can transact.
With each wallet you are given a public key, in the case of an ETH wallet it is 64 random hex characters. This public key you can freely give away without worry, it is how someone can pay you. The private key that comes with the wallet however, should never be given to anyone.
Wallets protect your private key in different ways, Metamask uses a seed phrase set up, where Argent uses a social recovery system.
Cold wallets, like a Ledger, store your private keys offline, instead of in a browser extension, and this is the most secure way to store your keys.
Since wallets are a top vulnerability, it makes sense to set up multiple wallets as you get more active with digital assets.
At minimum, a hot wallet/cold wallet set up is a good start. One for minting and defi exploration, the other is your storage vault that mainly stays disconnected.
There are higher levels of security here, like setting a up a multi-sig safe, or going full blown Winklevoss.
For a good start on digital wallet security, especially focused on the NFT space, Giancarlo Buys Tokens has what we think is the best basic security setup video out there.
NFT Exchanges
OpenSea, LooksRare, Nifty Gateway, etc.
If you want to explore the wold of NFTs you might decide to sign up for an OpenSea account. OpenSea works with multiple digital asset wallet, but at the moment the most popular wallet is MetaMask. This means you use your MetaMask wallet to log into OpenSea, and sign their terms and services. In the case of OpenSea, this means they have now taken a sort of escrow position of any assets you buy or sell via their service. OpenSea has their own set of smart contracts, which unless you are a Solidity expert, means you are going to trust the OpenSea contract as you buy, sell and move NFTs, much like you trust E*Bay to connect buyers and sellers.
The thing OpenSea users need to keep in mind is that much like early E*Bay there aren’t many options if a seller stiffs you, or if you are compromised in some way on their platform. It isn’t like when you can call American Express and have them reverse a transaction. It is caveat emptor all the way.
⚠️ Fear Index
Connecting your wallet to…anything 😱
Let’s face it, even just simple typing your password into anything is a risk. However, as long as you are certain you are connecting to sites you know and trust, you are somewhat mitigating your risk. Who to trust? That is the big question, and it is up to you. One fallback, if you think you have connected to a Dapp you don’t trust any longer, you can go to Revoke.Cash or Etherscan and revoke token approvals.
Doing DeFi Transactions 😱 😱
As with most things, the big risk here is you. Are you on the correct website? Is the smart contract safe? Do you know the token you are trading for? Does it exist, have you triple checked?
If you stick with Uniswap, or SushiSwap, to exchange and stake your tokens you are far more likely to be hit with things like impermanent loss than outright theft of funds, however, anything is possible and it is best to approach every transaction from a place of caution and suspicion.
Participating in the NFT ecosystem 😱 😱 😱 😱
The majority of hacks and thefts here are definitely via social engineering, however, the attacks are getting far more sophisticated that just asking for your seed phrase on Discord.
So many digital signatures are required in this space — minting NFTs from project websites, buying & selling NFTs on OpenSea and other marketplaces, getting access to token gated discords, entering raffles and giveaways — and the software we use does not always communicate what the smart contract says in a user readable way.
Besides, you could do everything right from a security perspective and still get slow rugged by a team that doesn’t fulfill their pre-mint promises, or worse, convinces you to give them funds for something that will never exist. One easy tell? Did key team members immediately purchase new NFT assets from OpenSea right after their project minted out? If so, best to just write that one off as a sunk cost.
This isn’t to say to avoid the NFT ecosystem — participating and learning how to navigate this world can be extremely rewarding — it simply means this goes beyond buyer beware, so remember that going in, this digital Mos Eisley.
🗝️ Every Subculture Spews An Argot
AMM
Automated market maker. Examples are Uniswap and SushiSwap. In Web 3 AMMs are usually Dapps that you attach your wallet to and exchange one token for another, peer-to-peer.
Dapp
Decentralized Application. Applications that are running peer-to-peer blockchain instead of through a centralized database. Basically, any website that has a “connect your wallet” link is a Dapp.
Seed Phrase
A series of words generated by your digital assets wallet to create, or recreate your private key.
Private Key
A long string of letters and numbers used to create digital signatures that allow you to manage your digital assets.
⏲ Back in the 90s…
Ok fine it was 2001. Anyway, right around the turn of the century two things happened: computer viruses where everywhere and Anna Kournikova became famous.
Some enterprising evil genius combined the two unleashing AnnaKournikova.jpg.vbs.
Purportedly, you got an email from someone in your Microsoft Outlook address book urging you to check out an image of the star tennis player.
When you clicked on the attachment you unleashed a virus on your office email server, and since IT could easily trace the file back to the person who opened it, you also probably had a very embarrassing conversation with your boss.
Here is a clip of Jon Stewart and Stephen Colbert explaining the incident in 2001.
Fast forward to 2022 & you realize everything has changed, but nothing has changed.
⏲ Back in the 90s…(for real this time)
In 1997 the world’s economy hit a rough patch when Asian markets collapsed. After years of Western “hot money”, aka “investment dollars” flooding into Asian countries while those same countries kept their rates artificially high, the bubble burst. This caused a recession in many parts of Asia.
Macro maven Raoul Pal (another great potential Gotham City name) tweeted out that today’s Euro/Russian environment might just rhyme with 1997…
🎵 Music To Set The Mood
Send us your GMs won’t ya?