Every week I hear about someone getting ripped off. Hackers and exploiters are all over the place. But there are some steps you can take today to help protect yourself.
I see this stuff on YouTube, Twitter, and hear about it in the various crypto communities I’m a part of in the space.
In crypto, there is no such thing as 100% safe. But if you’re willing to put in minimal effort, you can protect yourself against attacks and theft. Here’s how you can get started.
Table of contents
MetaMask and Other Hot Wallets
Metamask is a cryptocurrency wallet that allows you to store, receive, and send digital assets. It also allows you to access decentralized applications on any blockchain with MetaMask integration. At this point, that’s most blockchains. Metamask is the most popular cryptocurrency wallet and has over 10 million users.
The wallet is available as a browser extension for Google Chrome, Mozilla Firefox, and Brave. It is also available as a mobile app for Android and iOS devices. Metamask is a non-custodial wallet, which means that you are the only one who has access to your private keys.
This makes it more secure than custodial wallets, but it also means that you need to be extra careful not to lose your private keys. Metamask is a convenient way to store and use cryptocurrencies and DApps. It is easy to use and provides security and privacy.
It’s great. It’s wonderful. Pretty much everyone is using it. And this makes it hacker bait. Here’s how you can do a better job of keeping thieves out of your wallet.
Stop Using Public Wifi
The vast majority of stories I hear about a hot wallet being hacked involve someone who likes to mess around with crypto on their phone and uses public wifi. It is hands down the biggest no-no I can think of.
Given the popularity of this product, hackers worldwide are looking for an “easy in” to your wallet. Using public wifi is like handing over all of your funds on a silver platter. I’d hate to see any of you end up like this guy:
Or even worse, this guy:
Time for a thread 🧵that I never imagined I would ever have to do, but here it is.
— JonnyReid (@TheJonnyReid) May 22, 2022
My @MetaMask wallets got hacked and drained throughout the night as i slept.
Below I am going to explain the events that took place this week (18th May 2022) by the time I woke at 8 am
Never Tell Anyone Your Seed Phrase
No one needs your seed phrase for any reason except you. You may be one of those folks that say, “Yeah, bro. No duh. I would never give anyone my seed phrase.”
Until you do.
Hackers pose as admins of crypto communities, run fake contests on social media, and airdrop scam tokens to your wallet. There are even fake MetaMask websites and fake emails from hackers posing as MetaMask support.
Don’t fall for any of it. I take a “stay in my lane” approach when it comes to crypto. I don’t touch scam tokens in my wallet. I don’t respond to any shady discord messages. I have all of my defi projects bookmarked on my browser, so I don’t have to Google them and click on a duplicate website that hackers run.
All of them want your seed phrase. And the only way they can get it is if you give it to them.
Use Better Passwords
It’s crazy that we still have this issue in 2022. But “password1234” didn’t cut it 20 years ago, and it definitely isn’t going to cut it now.
Your password is the first line of defense for your crypto funds. Doesn’t it make sense to spend some time coming up with a decent one? On top of that, I also recommend changing your password multiple times a year.
Because why not? It’s only going to make you safer, provided it’s a decent password. One other suggestion is not to use a password that you use anywhere else. Make it crypto only. There are multiple reasons for this.
The first is protection. But the second is that if your MetaMask gets hacked, you know other accounts are likely ok. On the flip side, if you use some sort of online password holder and it's compromised, they could get your password to everything you have.
Write it down, or better yet, memorize it.
Get a Cold Wallet
Two popular brands produce cold wallets. The first is Ledger. The second is Trezor. I honestly don’t know if one is better than the other. But Ledger seems to be the most popular, with more than four million users.
Now a bit about cold wallets, also known as hardware wallets.
A cold wallet is a cryptocurrency wallet that stores the user's private keys in an offline environment. Cold wallets are considered to be more secure than hot wallets, which hold private keys online. Ledger and Trezor are cold wallets that use hardware devices to store the user's private keys.
The wallet connects to a computer or mobile device to access the user's cryptocurrency holdings. Ledger devices are considered very secure, as they use multiple layers of security, including a PIN code and a recover seed.
I use a Ledger Nano X, and I’ve yet to have any problems.
For a hacker to steal your crypto, it has to break your MetaMask, break the cold wallet, and physically get the cold wallet in their hands and find a way to break your pin code. I don’t know if it’s impossible, but my Ledger adds several layers of protection to my funds.
I don’t know about the Nano S, but I know my Nano X has a 24-word seedphrase, whereas MetaMask only uses a 12-word seedphrase.
Of the two Ledgers available, there are a couple of differences. The first is the price. The original version, the Nano S, will run you about $60, and the Nano X costs $150.
The Nano S can only hold 4-5 “DApps”. Basically, individual blockchains. So if you just want to buy Bitcoin or ETH and hold it forever, the Nano S is fine. But if you're going to spread your funds over several chains, I highly recommend the Nano X.
Pro Tip: Any blockchain that runs on the Ethereum Virtual Machine will be connected to the Ethereum Blockchain. So if you play around on different chains, but they’re all EVM compatible, the Nano S will work fine for you.
Smart Contract Risk
One thing that MetaMask and a cold wallet combined cannot protect you from is smart contract risk. When you allow your wallet to connect to a new decentralized application, you give this DApp access to your wallet. This is why research is so important in the crypto space.
Research is the first step to protecting yourself. I don’t recommend investing in anything that hasn’t had a proper audit. A crypto audit is when a legitimate company goes through the code of a protocol and looks for ways the code can be exploited.
While a good audit is a solid start, audit companies can drop the ball. Grim Finance was exploited for tens of millions of dollars just a few months after an audit by a reputable company. The company, Solidity, blamed a new hire for missing the vulnerability.
You're now susceptible to smart contract risk after researching a project and putting your money in. Even if it’s a bluechip project. One method for preventing a total wipeout from your wallet is removing connected sites you are not using.
To do this, open your MetaMask wallet and click on the three little dots. Then click on connected sites and click Disconnect for anything that seems shady or you aren’t currently using.
Something else you can do is get your hands on some type of crypto insurance. Different projects have different types of coverage for different scenarios.
Get an idea of your security gaps, and then look for that kind of coverage. Check out more info about that with the piece I wrote on Nexus Financial.
How the Hardcore Degens Do It
I’ve talked to a few people in my communities, and several of them do this to maximize their safety in crypto.
The first thing they do is buy a cheap laptop. This computer is used for crypto and only crypto. Many of these folks opt to use a VPN as well for anonymity.
Then, they purchase multiple cold wallets. Cold wallet A is used on Browser A for all their long-term holdings. Cold wallet B is used on Browser B and is only used for high-risk plays. This practice protects their biggest, high-conviction bags from being stolen by a higher-risk protocol.
These guys use quality passwords and rotate them. They never use public wifi, and this computer is turned on, crypto business is handled, and then they turn the machine off.
While this may sound like overkill, if you have a six or seven-figure portfolio, it’s worth it to go through all of this, and it will cost you less than a thousand bucks. You can tack on defi insurance on top for maximum safety.
Conclusion
Even if you go through everything in the above recommendations from the most hardcore safety guys in crypto, you’re still at risk. There is always a chance you’ll make a mistake, or a hacker or bad project will get the best of you.
However, you can’t live your whole life being afraid of what could happen. Instead, do the best you can to stay safe with some or all of the safety precautions I’ve mentioned in this post, and you’ll minimize your risk exponentially.
Thanks for stopping by. If there is something you think I’ve missed, please leave a comment below.