DeFi 101: Securing Your Assets
The worst thing that can happen to you while investing in crypto is your funds being stolen. Everything you worked really hard for — gone, because a stranger took it away from you. It is critical you do everything in your power to prevent that. This is the Lossless protect your crypto assets beginners guide.
This guide follows the journey of a person in crypto chronologically. You might have already passed the initial phases and that is fine. We will get to where you currently are as well.
Accounts and Wallets
The first step of almost every crypto investor is the creation of some type of account on a centralized exchange. This account is then typically used to purchase some $BTC or $ETH. There are three key steps you must take.
Step one — always triple-check the web URL you are on when creating or accessing your account. There are many fully realistic fake imitations of sites like Binance.com and Coinbase.com.
The next thing to always do is to use two-factor authentication. It is highly recommended to use Google Authenticator, as SMS is not as safe. Criminals are able to get a second SIM Card from you, at your telecom provider. Here is a report by the European Union, explaining this phenomenon.
The final thing to always do is to create a new email specifically for all your crypto activities. Assure that the password for this email is different from the passwords of all your crypto accounts and other emails. Protonmail is a good option for creating this e-mail. It preserves your privacy.
When creating a wallet, you will receive a public key and a private key. The public key is your wallet address, you can send this to anyone that is planning to transfer you tokens. Your private key gives access to move tokens out of your wallet and must be kept safe.
A seed phrase is also provided: these are typically 16 random words that can be used to unlock the wallet, in case you lose your private key. Seeds phrases are applicable for hot (online) and cold (physical) wallets. We will get to know more about storing your tokens in a second.
Trading of Tokens
Trading can be done on centralized (CEX) and decentralized (DEX) exchanges. Each one of them has its unique set of security challenges. Our piece about the difference between the two can be found here.
Let’s start with the first. Centralized exchanges can be hacked and funds can be stolen. This has happened many times in the past. The Mt. Gox hack even resulted in a multi-year bear market. This risk can be largely mitigated by creating an account with an accomplished exchange such as Coinbase or FTX. Other security methods for centralized exchanges are provided above.
Decentralized exchanges directly engage with your hot or cold wallets. This means that you expose the funds in your wallet to the code of the DEX. It is critical you interact with quality decentralized exchanges with properly audited code. DefiSafety is a good auditor publishing their security reviews of protocols transparently online.
You will still need to approve transactions from going through, therefore it’s wise to set a limit on what you can spend per transaction. This will prevent a malicious protocol from taking all your funds with one transaction.
Since you are trading online, it is advised to use a proper VPN. Mullvad VPN or Nord VPN is a great one to use, as they have the protection of your privacy as the number one priority. Using a good Firewall is also important.
Another great thing to implement, once your crypto portfolio starts growing and you have the opportunity, is to have a separate laptop for crypto trading. This will allow you to install minimal software on the device and log in to as few accounts as possible, providing additional security.
Storing of Tokens
Long-term storage is best in a hardware wallet. This allows you to have the tokens completely offline, making it much harder to compromise for criminals. You can use wallets like the Ledger or Trezor.
When creating a cold wallet, you will receive a seed phrase and you can determine the access code to interact with your hardware wallet. It is especially critical to remember your seed phrase, as you can always purchase a new device and use that seed phrase to access your tokens. The device only has the function to approve transactions physically.
A hardware wallet is a must-have for any long-term holder. The key security question is about storing your seed phrase. The safest way is to divide the 16 words into three chucks and print those chucks on a piece of stainless steel. This assures it survives most natural disasters.
You can then put these steel plates in several locations with people you trust or in places you trust. This makes it very difficult for someone to access them all and steal your crypto. There are manufacturers like Hodlinox or you can even buy them on Amazon.
There are some centralized institutions taking care of token storage, but this always introduces counterparty risk. Institutions often don’t have a choice and need to work with custodial service providers. As a retail investor, you are privileged, because you have a choice.
Finally, there are the scams. People imitate celebrities such as Elon Musk, fake websites, phishing emails, and intentionally malicious code. It is always super important to triple-check anything before you interact with it. When you copy-paste a wallet address, there can even be malicious software that could influence your copy-paste clipboard. So we highly recommend questioning and checking your actions multiple times to be 100% sure.
Lossless is the world’s first DeFi hack mitigation tool for token creators. Apart from Lossless’ known cyber security solutions and renowned professionals, the community also plays a role. With a tangible reward system, community members are also encouraged to explore new ways to detect hacks and fraudulent transactions.
Lossless protocol halts counterfeit transactions through various methods of fraud identification and automatically reverses any stolen tokens back to the original owner. Its solutions to the impending problems of cyber theft within the blockchain space are thorough and applicable within many protocols.