Navigating Web3 Safely: 10 Essential Tips for Nonprofits
The rapidly advancing world of technology can be overwhelming for the average nonprofit. As many nonprofits struggle to keep up with technological innovations, connect with younger donors, and future proof their mission for the next generation, Web3 stands as a promising solution to help them accomplish all of the above. Diving into the world of Web3 is not just about staying current; it's about harnessing the potential of blockchain, cryptocurrencies, and decentralized systems for social good – presenting real and exciting use cases for nonprofits to grow their impact.
However, this new frontier also comes with its own unique set of risks, and as such, it’s crucial for nonprofits to approach Web3 with a well-informed and cautious mindset. To help get you started on safely navigating the world of Web3, this article provides ten safety tips for nonprofits venturing into the world of Web3.
It’s important to recognize that this list is by no means exhaustive, and I myself am not a Web3 security expert, so it’s important to do your own research, understand the safety and security issues that exist in the space, and consult with security experts when you feel appropriate.
Okay, let’s dive in!
1. NEVER Share Your Private Keys with Anyone
Let’s start with the most obvious one – never, and I mean NEVER, share your private keys with anyone. In the world of Web3, your private keys are akin to the keys to your safe. They are the ultimate access to your digital assets and must be guarded zealously. Never share these keys with anyone, regardless of the circumstances. Educate your team about the importance of private key security, and ensure you have sound policies in place for managing your private keys safely. Loss or theft of private keys can lead to the irretrievable loss of assets, a risk no nonprofit can afford to take.
2. Start Small by Partnering with a Reputable Web3 Philanthropy Platform
Venturing into Web3 doesn't mean going all in from the start, and it also doesn’t mean going in alone. Begin by collaborating with a well-established Web3 philanthropy platform, such as Endaoment, Giveth, The Giving Block, Givepact, or Crypto for Charity. This approach allows your nonprofit to leverage the expertise and infrastructure of platforms that have already established trust and security in the space, without you having to learn all the ins and outs of the technology yourself. It can also help connect you with a network of other nonprofits and donors in the space, making it easier to grow your presence in Web3. Such partnerships can provide a smoother transition into Web3, helping you learn the ropes without the risks of going it alone.
3. Vet Partnerships Closely
There are many incredible opportunities to form mutually beneficial partnerships with Web3 projects, but it's vital to exercise due diligence before agreeing to any partnerships. Thoroughly research potential partners’ backgrounds, track records, and reputations in the Web3 community. How long have they been around? Do they have a strong social media presence? Has their project received a smart contract audit by a reputable organization like Certik or Fairyproof? Have they partnered with other nonprofit organizations with positive outcomes? Is their team doxed? These are all questions you should be asking as you determine whether to partner with a Web3 project.
4. Have Sound Policies and Procedures in Place
As with any new venture, entering Web3 requires well-defined policies and procedures to guide your organization’s activities. Some basic policies that you may want to consider implementing include, but are not limited to:
Digital Asset Management – Covers where you will hold any digital assets, whether you will instantly convert donations to cash, how you will manage your portfolio, etc.
Security Protocols – Covers the secure storage of your organization’s private keys, using multi-signature wallets, who has access to your organization’s wallet, and regularly reviewing and revoking the smart contracts that your wallet has interacted with.
Emergency Response Plans – Covers the steps to take in the event of a security breach, loss of funds, or other emergencies related to your Web3 engagements.
It’s important that you consult with your Board, as well as your financial, legal, and I.T. departments, to develop a robust range of policies. It’s equally important to regularly update and review these policies to identify vulnerabilities or gaps, and to ensure they keep pace with the rapidly changing Web3 environment and any new threats that may emerge. Clear guidelines will not only protect your organization, but will also instill confidence in your donors and stakeholders.
5. Carefully Consider How to Custody your Assets
In the initial stages of accepting cryptocurrency donations and engaging with the Web3 community, it will be important to carefully consider how you would like to store and secure your digital assets. If, like many nonprofits, you decide to instantly convert your crypto donations to fiat via a third-party platform, and don’t wish to hold any digital assets, then this isn’t as important for you.
However, if you are planning to hold digital assets, there are many considerations to navigate with your team. First, you will need to decide whether to hold your funds on an exchange, hot wallet, or cold wallet. More information on each can be found here. While cold wallets, also known as hardware wallets, come with many security benefits over exchanges or hot wallets and you true control over your funds, some nonprofits may worry about securing their own private keys, so it is really up to the preference and comfort level of each organization. Second, you will want to decide who has access to your assets and ensure strict control procedures are in place to limit access. You will also want to conduct regular audits of your portfolio of assets, ensuring there are no discrepancies or suspicious transactions. It is also advisable to consider implementing a multi-signature wallet, which we will highlight next.
6. Implement Multi-Signature Wallets for Transactions
Utilize multi-signature wallets for your Nonprofit’s transactions to ensure no single individual has full control over your funds. These wallets require multiple approvals from different team members before transactions can be executed, adding an extra layer of security. This approach minimizes the risks of unauthorized transactions, decentralizes power away from one individual, and ensures a higher level of scrutiny over every transaction.
For a deeper dive into multi-signature wallets, check out this article from Ledger Academy.
7. Educate Your Team about Web3 Risks and Best Practices
It only takes one small mistake from a member of your team to result in a loss of funds or trust. As such, it’s important to invest time in educating your team about the potential risks and best practices of operating in this space. This can include training on identifying phishing scams, understanding smart contract risks, and recognizing reliable sources of Web3 information. An informed team is your first line of defense against security threats.
8. Monitor and Manage Smart Contract Risks
Smart contracts are a cornerstone of Web3, automating transactions and agreements. However, they are not immune to risks. Ensure that any smart contract you engage with is thoroughly vetted for security vulnerabilities. One way to do this is to determine if the smart contracts have been audited by a reputable organization like Certik or Fairyproof, and if the project has addressed any concerns that were raised during the audits. For nonprofits who are new to Web3, assessing smart contract risks can be daunting, so it can be helpful to engage expert advice to analyze and monitor the smart contracts you depend on.
Furthermore, if you are regularly engaging with smart contracts, it is good “smart contract hygiene” to regularly review the smart contracts you have granted permission to, and revoke permissions on a regular basis. A great tool for this is Revoke, which allows you to simply input your wallet address, see the smart contracts you have granted permissions to, including the amount of funds at risk with each permission, and revoke the permissions.
9. Stay Informed about Regulatory Changes
The regulatory landscape for Web3 is still in its infancy and can change rapidly. The regulations in place also vary drastically by jurisdiction, making it confusing when operating in the global world of Web3. It’s important to stay informed about the latest regulatory developments and compliance requirements and engage your legal consultants as necessary. This is crucial for maintaining the legal integrity of your operations and avoiding inadvertent legal pitfalls.
10. Build a Community of Trust
Lastly, it can be extremely valuable to foster a community in Web3 centered around trust and transparency. Engage with other nonprofits and entities in the Web3 space to share insights, experiences, and best practices, attend community events and conferences, and continuously build your network with reputable Web3 projects and leaders. A strong community can provide support, advice, and warnings about emerging threats, making it an invaluable resource.
It can also be valuable to connect with Web3-focused security companies, such as Boring Security, to help educate you on Web3 safety and security, and to consult with you on best practices to remain safe in the space.
Conclusion
While this may all seem daunting, the opportunities for nonprofits that come with Web3 are incredible and can help future proof your mission and scale your organization’s impact. As nonprofits embark on their Web3 journey, it's imperative to approach this new domain with caution, preparation, and a strong emphasis on security. This includes starting small, partnering with reputable Web3 philanthropy platforms, establishing robust policies and procedures, and educating yourself and your team on the risks and opportunities in space.
Looking for support on your journey? Don’t hesitate to reach out to us, we’d be happy to help!
Enjoy the article? Here is some similar content to check out:
Send a tip in ETH: cryptoaltruism.eth
Like what you’re reading? Consider contributing to Crypto Altruism so we can continue putting out great content that shines a light on the good being done in the crypto and blockchain community.
FOLLOW US ON SOCIAL MEDIA: