Crypto Security 101

This is a security best practice guideline, which the intention is to help minimize any issues while handling private keys and using wallets to interact with blockchains. Any wallets that can connect to the internet can also be targeted and stolen. The first and most important security rule is:

Never share your seed phrase with anyone

Never share your seed phrase with anyone

Don’t keep your seed phrase unprotected

What do I mean when I say “unprotected”? If you’re storing your seed phrase digitally, it’s best to follow these steps:

• Your computer disk should be encrypted;

• Your seed phrase should not be stored in an unprotected note or a document.

• Either put your seed phrase in a 2FA-protected note, or incorporate it in a digital file such as a video or 3D model with a pattern that only you’ll be able to decipher.

• If you’re storing your seed phrase physically, make sure to back it up in several places, keep it hidden in your home but make sure you can actually remember where you put it for safekeeping. Additionally, it would be a good practice to invest in a fireproof safe to keep your seed phrase protected — it might be a good idea to put the paper in the waterproof bag as well — in case of a disaster.

Create strong passwords for your wallet & any accounts associated with it

And I mean any accounts, Exchange markets accounts, NFT markets accounts, anything. What is considered a strong password? It should be long (min 10 characters), best — auto generated to avoid any kind of structure that can be hacked through social engineering. It should have special characters, upper and lower case letters, and numbers.

Always check the address you’re sending your money / assets to

Once you confirm the transaction, there’s no way to revert it, so double-check the address you’re sending stuff too. These are the four most important steps which you absolutely should follow to keep your wallet secure. But, your protection ideally should go even further.

Use a password manager with a very strong master password

A password manager will help you generate unique passwords and will keep them all at hand should you need them. That will save you the additional trouble of reusing one password in multiple places and the potential for any social engineering attempt to guess your password.

Do not, I repeat, do not leave your wallet unlocked in browser

There are many websites that can attack your wallet through the links you follow and through public info of your recent transactions. Any tab open in your browser with your wallet unlocked potentially can know your wallet address. The thieves can try to pose for various notifications from your wallet, there might be a virus on your computer that might try to exploit your wallet, etc.

The most perfect scenario would be to avoid using your wallet in your main browser altogether, and for you to only deal with it in a dedicated browser which is never set to default one for opening links. I know it sounds pretty paranoid but these issues are real. Read more about some of these issues here.

Encrypt your PC drive and use strong passwords for it and your user

A standard Windows 10 pin is just 4 numbers, which are easy to track and memorize. An unencrypted PC drive gives the thieves the ability to access all of your information without any special software. Stay on the safe side, encrypt the disk and use strong, unique passwords for it and users on your computer.

Avoid using public Wi-Fi, and if it cannot be helped, use VPN to protect yourself

Ideally, the device that has access to your wallet should only be connected to the internet through the networks that you have control over, protected with a high security protocol. If there’s no other way but to use a public network, close your browser before joining, then connect to VPN and only afterwards launch your browser. Try to avoid unlocking your wallet in public even if you’re connecting through your phone hotspot. Consider also, having a good paid anti-virus on your computer (I recommend Bitdefender), and using a ad-blocker, like uBlock Origin.

Do not click any unknown email, Discord, chat, etc, links

If you’ve received a message from an unknown address, or from a known address but that message seems out of character, do not click any links in the message. Even if they look familiar, they can use special characters to pose for the real website. If you need to check, go to that website typing the address yourself and check if the website has the information you’re looking for. If a message seems like an obvious spam/scam, don’t engage with the author for your own safety, best is to block the sender forever.

Stay alert

New scams and schemes are invented every day, for your safety avoid mentioning the amount of money you keep in your wallets, the wallet systems that you use, in short — don’t disclose any personal information to people to avoid them or someone who witnessed the conversation targeting you with a personal attack.

Additional links to check out:

Basic Safety and Security Tips for Metamask To Be Your Own Bank With MetaMask, You Need To Master These Password Best Practices I hope this document was helpful, and you were able to either confirm you’ve secured your accounts or upgrade your security system so that your wallet is now safe!