Как правило, если вы их не знаете, не отвечайте.
- Будьте осторожны со всеми, кто посылает вам личные сообщения
- Сотрудники Autonomys никогда не начнут писать вам первыми. Мы всегда будем просить пользователя отправить нам сообщение в общедоступном канале.
- Никому не сообщайте фразы для восстановления, приватные ключи или пароли
- Не переходите по ссылкам или не загружайте файлы, отправленные вам в личном сообщении
- Никогда не пересылайте средства кому-то неизвестному
Если вы сталкиваетесь с подозрительной активностью или нуждаетесь в помощи с безопасностью кошелька, используйте эти ресурсы для немедленной помощи или настройки безопасного хранения криптовалютных активов.
Лучшие практики безопасности
Следующее руководство по безопасности построено на сфокусированных разделах, чтобы помочь вам защитить криптовалютные активы, избегайте мошенничества, защитите вашу инфраструктуру и поддерживайте вашу конфиденциальность. Эти методы необходимы для любого участника экосистемы Autonomys, независимо от того, занимаетесь ли вы фармингом, стейкингом или просто храните токены AI3. Каждый раздел опирается на основополагающие принципы безопасности при решении уникальных задач современного криптовалютного ландшафта.
- Безопасность кошелька
- Scam Protection
- Infrastructure Security
- Privacy & OPSEC
Protecting Your Crypto Assets
Strong Password Requirements
По мере того, как AI становится общедоступным, требования к паролю развиваются:
- Минимум 16 символов (пароли из 12 символов могут быть взломаны за несколько часов)
- Используйте парольные фразы: 4–6 случайных слов надежнее, чем сложные символы.
- Пример слабого:
S0methin9C00l!
- Пример сильного:
coffee-helicopter-mountain-telescope-47
- Никогда не используйте пароли повторно для любых сервисов
Password Managers - Essential for Security
Рекомендуемые менеджеры паролей:
- 1Password - Cross-platform, excellent security record
- Bitwarden - Open-source, self-hostable option
- KeePass - Offline, completely private
Avoid: LastPass (security breaches), browser-based managers for crypto
Hardware 2FA Keys
Essential protection: Hardware security keys provide the strongest protection:
- YubiKey 5 Series - USB-A, USB-C, NFC options
- Google Titan Keys - Budget-friendly alternative
- Nitrokey - Open-source hardware option
Why hardware keys matter: SMS and app-based 2FA can be bypassed through SIM swapping and malware
Cold Storage is Critical
There is no official support for AI3 on any of these wallets at this time, but we will update as hardware wallet support is confirmed.
Never store significant amounts in hot wallets. Hardware wallets are essential:
Tier 1 (Recommended):
- Ledger Nano X/S Plus - Wide ecosystem support
- Trezor Model T/One - Open-source firmware
- GridPlus Lattice1 - Advanced security features
Security practices:
- Purchase only from official vendors
- Verify authenticity upon receipt
- Never enter seed phrase into any software
- Store seed phrase in fireproof/waterproof safe
Seed Phrase Best Practices
Physical storage only:
- Use metal seed phrase storage (fireproof/waterproof)
- Never store digitally (photos, cloud, etc.)
- Split storage across multiple secure locations
- Consider Shamir's Secret Sharing for large amounts
Recommended products:
- Billfodl/Cryptosteel for metal storage
- Distributed storage across bank safety deposit boxes
Recognizing and Avoiding Scams
Discord/Telegram Scams
Common tactics:
- Fake support accounts with similar names/avatars
- "Urgent validation" messages claiming account issues
- Fake airdrop/reward notifications
- Tech support impersonation for wallet "fixes"
Red flags:
- Unsolicited DMs about your account
- Requests for screen sharing or remote access
- Pressure to act quickly
- Links to lookalike websites
Website and App Scams
Always verify URLs:
- Bookmark official sites
- Check SSL certificates
- Be suspicious of URL shorteners
- Verify app signatures before installing
Common fake domains:
- autonomys.network (Official)
- autonomys.com (Fake)
- autonomys.io (Fake)
- autonomy.network (Fake)
Deepfake and AI Scams
New threats:
- Deepfake video calls impersonating team members
- AI-generated voice cloning for phone scams
- ChatGPT-powered phishing with perfect grammar
- Fake AI trading bots promising guaranteed returns
Protection strategies:
- Verify identity through multiple channels
- Use predetermined code words for sensitive discussions
- Be skeptical of "too good to be true" AI opportunities
DeFi and Yield Farming Scams
Common scam patterns:
- Fake yield farming pools with impossibly high APY
- Rug pulls disguised as legitimate protocols
- Influencer pump and dumps on social media
- Fake audit reports for malicious contracts
Due diligence checklist:
- Research team backgrounds and previous projects
- Verify smart contract audits from reputable firms
- Check tokenomics and vesting schedules
- Start with small test amounts
Securing Your Systems
Ubuntu 24.04 LTS Hardening
Base system security:
# Update system
sudo apt update && sudo apt upgrade -y
# Enable automatic security updates
sudo apt install unattended-upgrades
sudo dpkg-reconfigure -plow unattended-upgrades
# Install essential security tools
sudo apt install fail2ban ufw
Key improvements in Ubuntu 24.04:
- Enhanced AppArmor profiles
- Improved secure boot support
- Better container security
SSH Hardening
Modern SSH configuration (/etc/ssh/sshd_config
):
# Disable password authentication completely
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no
# Use strong key exchange algorithms
KexAlgorithms [email protected],diffie-hellman-group16-sha512
# Disable root login
PermitRootLogin no
# Limit connection attempts
MaxAuthTries 3
MaxSessions 2
# Use non-standard port
Port 2222
Generate Ed25519 keys (stronger than RSA):
ssh-keygen -t ed25519 -f ~/.ssh/autonomys_server
UFW Firewall Setup
Essential firewall rules:
# Reset to defaults
sudo ufw --force reset
# Default policies
sudo ufw default deny incoming
sudo ufw default allow outgoing
# SSH (use your custom port)
sudo ufw allow 2222/tcp comment 'SSH'
# Autonomys node ports
sudo ufw allow 30333/tcp comment 'Node Consensus'
sudo ufw allow 30433/tcp comment 'Node DSN'
sudo ufw allow 30533/tcp comment 'Farmer'
# Enable firewall
sudo ufw enable
Note: The ports shown above are the standard Autonomys network ports. For detailed information about port forwarding, firewall configuration, and scenarios with multiple nodes, refer to the comprehensive Port Forwarding & Firewall guide.
Docker Security Best Practices
Secure Docker configuration:
# Run containers as non-root user
docker run --user 1000:1000 autonomys/node
Operational Security
VPN and Network Security
Reliable VPN providers:
- Mullvad - Anonymous payments, no logs
- IVPN - Privacy-focused, open source
- ProtonVPN - Secure Core architecture
Avoid: Free VPNs, providers with data retention laws
Additional network security:
- Use DNS over HTTPS (DoH) or DNS over TLS (DoT)
- Consider Tor for maximum anonymity
- Avoid public WiFi for crypto transactions
Secure Browsing Setup
Recommended browser configuration:
- Firefox with privacy hardening
- Brave with built-in ad/tracker blocking
- Tor Browser for maximum privacy
Essential extensions:
- uBlock Origin - Ad and tracker blocking
- ClearURLs - Remove tracking parameters
- Decentraleyes - Protect against tracking
Avoid: Chrome for crypto activities (Google tracking)
Social Media Security
Platform-specific risks:
- Twitter/X: Account takeovers, fake verification
- Discord: Server impersonation, DM scams
- Telegram: Fake channels, impersonation bots
- Reddit: Subreddit takeovers, fake AMAs
Protection strategies:
- Use separate accounts for crypto activities
- Never post about holdings or profits
- Verify official accounts through multiple sources
- Be suspicious of financial advice from strangers
Personal Data Protection
Email security:
- ProtonMail or Tutanota for crypto communications
- Use aliases for different services
- Enable email encryption when possible
File storage:
- Encrypt sensitive files locally
- Signal for secure messaging
Device security:
- Full disk encryption (FileVault, BitLocker, LUKS)
- Regular security updates