WEB3 WALLET SAFETY BEGINNER TO ADVANCED
A brief intro to wallet security (from beginner to advanced).
Let’s start with the basics.
Your private key & seed-phrase is for you and you only.
Many scammers will host fake giveaways, phishing sites, malicious code and more to try and steal this from you.
Practicing perfect security practices all the time is difficult. Even just doing half of these habits consistently will improve your wallet security 10x. 👇
Where should you NOT store your private key?
It is recommended NOT to keep your seed-phrase stored simply as a text file on your computer. Do NOT take a screenshot of your seedphrase.
Screenshots tend to be backed-up and a hacker could find them in your services such as iCloud or Google Photos.
Let’s walk through some compromising scenarios:
a) Your computer gets lost/stolen, then you lose access to all your wallets forever (assuming you didn’t have a backup)
b) You accidentally download a malicious file which and a hacker steals your private keys
These two examples display the importance of storing your seed-phrase safely.
Where should you store your seed-phrase?
This is a controversial subject, but here’s a few options.
- Keep a physical copy of the seed-phrase (double-check it several times) [Medium Level of Security]
- Split up the 12–25 word seed-phrase on two pieces of paper and store them in two separate safety deposit boxes at two different banks. [Strong Level of Security]
- Write down all of your seed-phrase except the last word. This requires you to memorize the last word. [Excellent Level of Security]
Purchase a Cold Wallet:
- Buy a cold wallet like a Ledger. Only purchase directly from the manufacturer website like Ledger.com.
Benefits of a Cold Wallet Include:
- Private Key never leaves the hardware device
- Never connected to the internet therefore (meaning never connected to a dApp or things like MetaMask)
- Add hardware interactions for approvals of a transaction.
Use an Antivirus:
A top-notch option is Malwarebytes, specifically the premium version which provides proactive protection and active monitoring. As a rule of thumb, be extra careful downloading pirated software, movies, etc. It may open up the possibility of you getting hacked, especially (but not limited to) if you keep your private keys on your computer.
This is why everyone recommends a cold wallet. Ledger is a great option, but make sure you buy it directly from their website. If you buy one on eBay for example, you must assume it is malicious.
Use a password manager and do not re-use passwords:
Bitwarden/KeePassXC are great options, but any reputable extension will work here.
The problem with re-using passwords is that if your password gets leaked in a database breach, hackers will attempt to login to other services using that same password.
ALWAYS USE 2FA:
For centralized exchanges, this is a must. We’ve witnessed many hacks that could have been prevented entirely if the user would have just added 2FA, such as Google Authenticator, Authy, or YubiKey.
NEVER USE SMS BASED 2FA ← Extremely Insecure!
Do not post screenshots with your phone provider in them:
This more-so applies to public high net-worth individuals, but SIM Swaps are a very dangerous and highly used exploit in crypto.
SIM swaps seem to be getting more common, so we can only hope cell phone companies are getting better about this.
But always crop your screenshots & erase any sensitive info.
Check your wallet approvals in the Wallet Guard Security Dashboard:
Wallet approvals are a scammers best friend. Approvals are often exploited by malicious transactions and signatures in order to steal your assets. Most of the time, people forget they even had open approvals on assets in their wallet. The Wallet Guard Security Dashboard shows all your open approvals and assets at risk in one interface for your wallets and lets you revoke them directly in the dashboard to improve your wallet health.
Millions of dollars worth of assets are stolen from these open approvals tied to phishing attacks. They are also easily preventable by using our Security Dashboard.
In the end, even just using half of these tips will make your wallets 10x more secure. It’s all about good habits, especially when a mistake could get you compromised.
If this is your first time coming across Wallet Guard we offer a free open-source browser extension designed to combat scams and phishing.
Our extension acts as a security companion to your existing wallet of choice. Check us out at https://walletguard.app.