Protect Yourself From Hacks and Security Threats
Everyone has heard the stories - millions of dollars in crypto, lost on an old hard drive, or valuable NFTs getting stolen because someone was tricked into giving away their seed phrase. Those cautionary tales can make it intimidating to hold your own assets. But, with some care, you have the power to protect yourself and your assets. Here are eight tips to keep your self-custody wallet safe.
Remember: Secure Your Recovery Phrase
The most fundamental action you can take to keep your self-custody wallet safe is to make sure your recovery phrase, or seed phrase, is secure. There are many different ways to protect your recovery phrase. If someone ever accesses your recovery phrase, you first need to transfer your assets to a new self-custody wallet - immediately. But if you act according to the following secure and safe practices, you’ll be one step ahead of most threats.
1. Don't Share Your Recovery Phrase
Your recovery phrase is your business. No reputable provider, NFT community, moderator, or support technician will ever ask you for it. If someone does, you should know there is something wrong. Stay safe by refusing to ever transmit your recovery phrase to anyone - on or offline.
2. Keep Your Recovery Phrase Safe Offline
It may come as a surprise that many cryptocurrency users secure their recovery phrase offline in written format.
But hackers can access all of your files, including your recovery phrase, in the following ways:
Unsecured networks: All of your data is at risk when you connect to an unsecured network like public WiFi. In order to protect and secure your self-custody wallet, only conduct transactions on a secure network.
Malware: This is software that is designed to harm a computer, such as a virus or Trojan Horse. These types of malware can be spread through email attachments, download links, or infected websites.
Malware is often downloaded from fake emails or links that were clicked on from Google ads. Be wary of downloading software from anywhere but the official app store for your device, or the software creator's website.
Outdated software: Malware also looks for vulnerabilities to execute within legitimate software. So avoiding software updates isn’t an excellent strategy to avoid malware - it’s important to keep your software updated to remain safe and secure. Just make sure to do so through official channels like the app store or company website. Running outdated software puts you at risk of hackers accessing known vulnerabilities that have already been discovered and patched by the developers who maintain the software you use daily.
When you're looking for software updates, keep your self-custody wallet safe by only downloading updates through the official channels.
Your recovery phrase is the key to your financial freedom - so protect it. An easy way to do this is by storing it offline. However, there are several concerns you should take into account to protect the recovery phrase of your self-custody wallet offline - similar to how you would be careful about storing any other important or valuable documents. This means considering things like:
And although it might be worth considering - they don't necessarily have to involve the purchase of an expensive, fireproof safe.
Waterproof document protectors or even camping accessories - there are thousands of safe ways you can secure your recovery phrase to keep it safe from water. For the purpose of secure camouflage, you don't even have to use a product made explicitly for document protection. For example, a waterproof bottle in your medicine cabinet can be enough to secure your recovery phrase from water (as long as everyone in your house knows not to throw it away).
Whether you write down your recovery phrase or save it on a USB drive, these solutions can keep it safe and secure.
USB backups - it's easy to secure your self-custody wallet using text files saved on USB disk drives. You can secure these disk drives by using safe deposit boxes in your local bank (this may be an ironic solution, but it's still viable) or by storing them in secure locations only you have access to.
Location, location, location - we all know people who have hidden things so well they forget where they've put them. It doesn't matter where you choose to hide the physical copy of your self-custody wallet recovery phrase. There's no point in finding a hiding place so safe and secure that you forget where it is.
3. Split It Up
One tested technique for keeping your self-custody wallet safe and secure is to split up your recovery phrase (four words each) and place them at different secure locations that only you, another trusted individual, or the designated executor of your will are aware of. This is also relevant if you decide to store the entire recovery phrase in one place.
4. Keep Those Passwords Up To Par
You don't need to have a self-custody wallet to know one of the most basic rules of online security: Don't use the same passwords for different sites. Ensure your password is hard to crack via a combination of uppercase, lowercase, numeric and special characters. And as we saw with the recent LastPass hack, it may be best to avoid keeping all your passwords in one centralized location.
5. Two-Factor (2FA) Authentication
Two-factor authentication (2FA) is a security measure that ensures only you, or whoever else you've authorized, can access your account. These systems require you to provide your password, as well as another pin, usually sent to your phone or managed in an app such as Google Authenticator. When you log into your account with your password, you'll then be asked for that pin - a combination of digits. This keeps your self-custody wallet safe and secure (for the most part) because even if someone knows your password, they'll need another level of access to get into your account.
6. Stay Clear of Social Engineering
It doesn't matter how well you protect the recovery phrase to your self-custody wallet if you're unaware of the tricks scammers use to steal your crypto assets.
These are only some of the setups that have drained millions from self-custody wallets by getting people to download malware or voluntarily give over their information via phishing or other forms of social engineering:
a prospective client asks an NFT artist to do some work for them and download a file
a game dev company asks someone to try out their game and download a file
a scammer pretends to represent a legitimate NFT community and asks targets to execute any sort of smart contract
a scammer sends someone an unsolicited NFT, so the victim taps on it and executes a smart contract draining their wallet
false websites are set up to look exactly like the real ones so the victim uses it and gets hacked
7. Keep It Separate, Keep it Safe
If possible, one of the most effective safeguards against these scams is to keep your main laptop or phone separate from the one you use to send crypto or NFTs.
If you can't use a second device for your self-custody wallet, another recommendation is to use separate self-custody wallets for different tasks.
Many people use one self-custody wallet to mint NFTs or interact with staking dapps. They then use another as a "vault" to store their valuable NFTs or the bulk of their cryptocurrency.
It's good practice to avoid interacting with any smart contract via a self-custody wallet holding all of your main goods.
Remain vigilant and remember: if something seems too good to be true, it probably is.
8. Be Mindful of Unknown Dapps
When you interact with a dapp, whether you're collecting NFTs, playing a game, or staking cryptocurrencies, you connect your wallet to that dapp. Remember to stay mindful of what dapps are connected to your wallet and remove them as needed or when notified of a security risk.
You've worked hard for your crypto assets, and you have the power to keep them safe and secure. So, remember:
Never share your recovery phrase.
Store it offline.
Consider splitting it up and saving it in multiple secure locations.
Use strong passwords that are different for each site.
Activate 2FA - two-factor authentication.
Stay vigilant and educated about possible scams.
Use a separate device for any crypto-related activities.
Use different wallets for trading and long-term storage.
Constantly review what dapps are connected to your wallet and remove connections as necessary.
Following these tips will keep your self-custody wallet safe and secure while making sure you enjoy all the benefits that the world of Web3 has to offer.