Digital wallets — or rather the holes in their security — are in the news again. It seems that barely a week passes without some major breach that compromises the private keys of millions. Whether you have been personally affected or would like to study the mistakes of others, it is never too late to learn a thing or two from past exploits.
Our latest installment of DeFi 101 provides some tips for better crypto wallet security. Being cautious with your crypto might not be particularly fashionable at the moment. Nevertheless, good security practices can help ensure that your hard-earned crypto remains in your hands and also provide you with some peace of mind — an undervalued commodity in these uncertain times.
Hot to touch
Unlike in traditional banking, there is no way to recover your digital currencies after they leave your wallet. In this sense, the security of your crypto assets is entirely in your own hands — you are your own bank — and it is only proactive security measures that are effective. Wallet apps are undoubtedly convenient for storing your funds. Nevertheless, bear in mind that some are safer than others. Do not judge the security they provide by the slickness of their user interface. It is the inside that counts.
The worst offenders are wallet apps that keep your seed phrases or private keys on centralized servers. Even if they are encrypted, there is always a risk that — if the private keys are managed by the wallet app source code — a new update could be released that sends all private keys to a rogue developer. Naturally, without knowing how private keys are handled behind the scenes, your best bet is to stick with battle-hardened wallets whose reputations have stood the test of time.
Additionally, it is not a good idea to store large amounts of crypto on exchanges since you do not control the private keys. If the exchange is compromised, user crypto assets are typically the first to disappear. It is thus a good practice to only keep the amount you need for trading.
But even the most secure wallet will not compensate for reckless user behavior. It should go without saying that you should not Ctrl+C your seed phrases or private keys on your device. Once they are stored in your clipboard, they become accessible by other applications and websites that could steal this information. That is why secure wallets automatically prevent you from copying them.
You should also avoid sending your seed phrase via email and be a little suspicious of wallets that offer this functionality. It might seem convenient, but you simply cannot know for sure if this is done in a secure way. It is also recommended to avoid storing such information digitally — especially on the cloud. Better to store your private keys and seed phrases offline, the old-fashioned way.
It should go without saying that you should also not be accessing your wallet over public WiFi, do not auto-save your password, and always have multi-factor authentication (2FA) enabled. It is also a good practice to distribute your savings across multiple wallets, keeping a substantial share of your crypto wealth in cold storage (i.e., not connected to the internet). Such precautions minimize the risk of your crypto wealth being compromised.
When using a web-based wallet, make sure to double-check the URL locks. The website should always start with HTTPS, not HTTP, and there should be a small lock icon next to the URL, assuring you that your browsing is encrypted. When making a payment, you should also triple-check the address before sending the funds through. Some malicious programs can override your clipboard, replacing the intended destination address with the attacker’s. To be extra safe, you can transfer a small amount first and only then send the whole payment.
And remember that some risks are not only confined to the digital world. The so-called “$5 wrench attacks” appear to be on the rise as of late. Even with state-of-the-art digital security of your storage solutions, someone may simply steal your private keys by physically threatening your life with, say, a $5 wrench. That means that you should never brag or flaunt your crypto wealth and never disclose how much crypto you own or what its market value is.
Restoring trust in web3 security. Lossless incorporates a new layer of blockchain transaction security, protecting projects and their communities from malicious exploits and associated financial loss.
Lossless protocol implements an additional layer of blockchain transaction security for ERC-20 standard tokens, mitigating the financial impact of smart contract exploits and private key theft. Lossless protocol utilizes community-driven threat identification tools and a unique stake-based reporting system to identify suspicious transactions, providing real-time protection.