Crypto Security 101: Securing your Wallet
Today I would like to discuss some tips for helping to keep your crypto wallet secured and to lower your overall risk of getting hacked. It’s very unfortunate to see people talk about how they got hacked and it’s not fun to deal with. Below are my tips for securing your wallet. I won’t go into too much detail, but I will state my reasons why I believe these are good tips. This guide is more geared for someone new to crypto.
Never give out your seed phrase
This is probably the most important first tip to read. Never give out your seed phrase, no one needs your seed phrase but you. This phrase contains the private keys to your wallet and allows access to the funds stored there. If someone has your seed phrase, it’s game over.
Get a hardware wallet
By getting a hardware wallet and using that as your main wallet you lower your attack footprint because your private keys are stored on that physical device. If your computer were to get hacked while your private key were stored there, your wallet can be compromised. However, having a hardware wallet and being able to approve/reject transactions as well as unplug it gives you the control to keep your private keys off your computer. While it’s not exactly 100% going to keep you secure, it drastically lowers your chances of suffering from a hack. If you have a soft wallet just stored in MetaMask, you can still migrate the seed and private keys over to a Ledger or Trezor, however after doing so you must delete your private keys that were previously stored on your browser, not doing this step defeats the purpose. There are plenty of other guides online to walk you through this process. This won’t help you if your wallet is already compromised so keep that in mind.
Think before you connect to a dAPP
Do a very thorough job at researching a project before ever connecting to their dAPP. Watch youtube videos, read what others are saying, just doing some searching on the internet and see how legit a project is. The moment you just connect your wallet to a dAPP without thinking you are allowing permission for the dAPP to access funds inside your wallet which they could potentially just drain your wallet funds.
Disconnect all dAPP sites when done for the day
When you are done for the day with doing any crypto transactions, always go back in MetaMask and disconnect all of your sites, even ones you know to be legit. Even legitimate projects always run the risk of their smart contracts getting hacked and messing with user’s wallets while they have a connection. In addition to this, also “Lock” your MetaMask wallet when not in use.
If joined to a community discord/telegram, turn off DMs
You should just turn off your server DMs in discord/telegram. Phishing is the most common attack scammers will use to convince someone they have a problem and by having them connect to their dAPP or providing their seed, they will help them. Do not believe these scammers. If you need help from a mod you should conditionally or temporarily allow access so you can speak to a mod, otherwise keep those DMs closed.
Never, ever interact with tokens you are not familiar with that are in your wallet
Never touch or do anything with these random airdropped tokens that get sent to your wallet. You will often see these tokens on BSCscan/Etherscan/snowtrace/ftmscan if you look up your wallet and see which tokens are stored there. Unfortunately, there currently are not any methods to safely remove these tokens so they are stuck in your wallet. Interacting with these tokens and swapping or doing anything with them puts you at risk of having all your funds in your wallet drained or worse. Typically, unless airdrops are specifically built into a reputable crypto project such as DRIP or Elephant Money, air drops are scams.
Revoke old/unknown/suspicious contracts
In BSCscan/Etherscan/snowtrace/ftmscan, you can go into your token approvals and revoke contracts. It’s always a good idea to go in here and revoke old or unused or suspicious contracts, it only costs typically a few cents in gas but it’s worth it. By not doing so, you could run the risk of a contract draining your funds from your wallet. You will notice that quite a few of the contracts out there have an unlimited spend limit, that is quite dangerous in a hacker’s hands.
I hope these tips helped you understand the importance of securing your wallet and following good secure practices when working with crypto.
If you found this guide helpful, as it did take some time to create. I’m always accepting donations of AVAX/BNB/FTM/ETH to help on my own crypto journey. Never required, but thank you in advance!!
I also have a DRIP team, feel free to join if you’re ready.