Bridges in the crypto space can be useful but they can also be dangerous—learn how to stay safe in DeFi and avoid common pitfalls
Hello again, folks! It’s Shitcoin Sherpa here, with some tips to help you cross the bridges without falling off along the way.
Bridges are a great thing. At the moment, they’re generally an attempt to move tokens, dapps, NFTs, or value from one chain to another – usually to avoid high gas fees (I’m looking at you, Ethereum).
I discussed this a bit in my first article for WW, on “bridging the gap” & crossing over to Polygon/Matic (Ethereum Layer 2), so I won’t go into the “how” as much here.
This is beautiful, because it essentially allows fee arbitrage, that is, migrating trading & liquidity pools to chains or layers with lower fees or better opportunities in terms of price, volume, or liquidity.
I could go on for pages about different fundamental correlations you can make based on ease of migration, simplicity of contract code on the new chain/layer, etc – but the long & short of it is: these are exciting times, and we haven’t even begun to scratch the surface in terms of innovation. Opportunities for finding your own niche & carving out your fortune will abound, I can assure you of that.
That said, let’s discuss the pitfalls you may encounter when using these bridges.
By far the most common pitfall with bridges is mistaking a chain-specific tokenized version of one asset for another version of that same asset. Is that confusing? Of course it is! Let me give you an example, and honestly the most common example, at that:
Related: What is DeFi
You have USDT (Tether) on the Ethereum network, and you send it to Binance or Solana or what-have-you via their bridge.
That is usually either automatically swapped for the chain-specific USDT token, which is not the same as the Ethereum version. Some chains & wallets handle all of this for you, but I have heard that Binance “Smart” Chain, specifically, doesn’t always. You can very easily exchange for one chain’s version of USDT & then withdraw that to the wrong network’s wallet.
One way of alleviating this & many other headaches is to partition your accounts. That is, have a different wallet address for interacting with different networks or doing specific things. Have an address for NFTs. Have one that you use for interacting with BSC, and another for Solana, and maybe a third for Polygon/Matic.
It is ridiculously easy to set up a new address in Metamask & most other web3 wallets, so take advantage of it! In metamask you just click the colored circle logo in the top-right corner to access the menu, and then click ‘create account’. Save & store your seed, and additionally EXPORT, SECURE & SAVE THE PRIVATE KEY FOR EACH ADDRESS.
I say this because while the MetaMask seed phrase should enable you to restore the wallet, and then each address – I have seen cases where some addresses do not restore properly, and the only way to protect yourself from that happening is to make sure you have each private key stored & secure. Do not rely on any one piece of software to keep your funds safe.
With that done, the only thing to do is to make a habit of using that wallet for its specific purpose. This keeps you in mind of what chain you’re transacting on, and should help remind you to double-check every single time as to which chain’s tethers & peg tokens you’re depositing & withdrawing.
Additionally, this helps segregate your funds so that hopefully any losses or hacks (short of your metamask seed phrase being compromised) should be restricted to that one address. In crypto, so often the best practice is to keep your eggs in separate baskets. Even the best of us make mistakes or overlook red flags from time to time – just worry about limiting the damage done, if it happens to you.
Yes, I totally read the Terms & Conditions.
Another pitfall people face is giving sites more access than they intended to. This doesn’t just happen with bridges, but the abundance of bridges does open up a lot of easy copypasta scams across chains. You especially see this on Binance Smart Chain, because completely copying an Ethereum contract & dapp is essentially too easy for scammers to resist.
Related: Quick Look at Binance Smart Chain
But another way they get you is by requesting more access to your metamask wallet than you probably intended to give them.
Normally when you connect to a dapp, you see something along these lines:
But they can request all sorts of things; not just viewing your address. They may request to make changes, like adding a new network to Metamask (like BSC, Polygon, etc.), or it may be much more nefarious. Regardless, the access request isn’t that long, and if reading one paragraph keeps your funds safe – more than worth it, right?
Just be aware of who has access. Oftentimes sensitive information is stored in session data/cookies, and there have definitely been examples of access gone wrong, man-in-the-middle attacks, hacks & phishing lookalikes a’la Etherdelta, Cryptobridge, and other early decentralized exchanges. Most recently, Uniswap-lookalike phishing sites began popping up everywhere.
As using decentralized exchanges becomes more & more commonplace, we all need to make sure we aren’t being flippant about the access we give to these sites.
Sometimes the biggest part of keeping your fundamental health in-check is taking a few extra moments to secure your bags. Until next week, this has been Sherpa reminding you that financial sovereignty implies responsibility for your funds. Being your own bank means securing your own vault: don’t leave yourself an open target for a crypto heist.