To keep your crypto secure, it's important to avoid common mistakes, scams, and take measures to keep them safe. As the value of your crypto wallet increases, security becomes even more crucial to prevent loss or theft. In this article, we provide useful tips to protect your crypto and identify common scams. Keep your digital assets protected and enjoy a peaceful and reliable crypto experience!
1. Avoid relying on centralized exchanges
A centralized exchange (CEX) is a platform that allows you to exchange fiat currencies (euros, dollars, pesos, etc.) for cryptocurrencies and engage in trading. Examples of popular exchanges include Binance, Kucoin, and Coinbase, among others.
When you have fiat currencies and want to buy specific cryptocurrencies (ETH, ATOM, BTC, etc.), it's common to use an exchange to convert your legal tender into those crypto assets. However, it's important to understand that if your cryptocurrencies are stored solely on the exchange, they are not truly yours. They remain under the control of the exchange, and if the exchange were to go bankrupt (as happened with FTX), you would lose access to your cryptocurrencies.
Our first advice is to use exchanges only for quick trades and keep only minimal amounts of cryptocurrencies on them that you're willing to lose.
2. Keep your seed phrase a secret
In the previous advice, we discussed the importance of not keeping your cryptocurrencies on an exchange. To achieve this, you'll need to use software like Metamask, Rabby, or Keplr that supports the blockchain you want to use.
With these software wallets, the first step is to generate a wallet where you can deposit your cryptocurrencies. You will be provided with a public address to receive them, along with a set of 12 (sometimes 12, 18, 24, or 36) words known as the seed or recovery phrase. Never share these words with anyone, as they are cryptographically paired with the public address to which you have sent your cryptocurrencies. Remember, if someone has your seed phrase, they will have access to your wallet, including the ability to drain its contents.
As the title of this section suggests, your seed phrase must remain a secret. Our advice is not to share it with anyone, not even close friends or family members, let alone strangers claiming to be support teams from MetaMask, Keplr, Coinbase, or any other service.
No legitimate support team will ever ask for your seed phrase, whether it's from Stakely or any other platform. Anyone requesting it is only trying to steal from you. This type of scam is prevalent on social media platforms like Twitter and Telegram, where they offer airdrops with exorbitant amounts of BTC or incredible investment opportunities that you can't afford to miss in exchange for your seed phrase. If something sounds too good to be true...run away!
Regardless of where it's requested, never give your seed phrase to anyone. While this may seem like basic advice to many, countless people still fall victim to these scams. That's why we can't stress it enough: don't share your seed phrase with anyone!
3. Choose hardware wallets over software wallets
Previously, we discussed the importance of not sharing your seed phrase with anyone. However, there's also the risk that, either due to carelessness or lack of knowledge, you might unintentionally install malicious software on your computer, which could extract the seed phrase from your software wallet and compromise your cryptocurrencies. While several conditions must align for this to happen, if you want to eliminate this risk entirely, we recommend using a hardware wallet. Ensure that you only download and install software compatible with your hardware wallet from verified websites.
A hardware wallet is a physical device that securely and independently stores the seed phrase, separate from your computer. This means that your seed phrase never leaves the device, and every time you perform a transaction, such as sending ETH to another address, the transaction is signed within the device itself. This ensures that your seed phrase is never compromised, even if your computer is infected. Examples of these devices include Ledger or Trezor.
When acquiring a hardware wallet, a common question is, "Can I still use the same address I used in Metamask? Can I input my 12 words into the device I purchased?" The answer is yes, you can use the same seed phrase on your Ledger or Trezor device. However, it's not the most recommended option, as your seed phrase may have been exposed previously. It's advisable to generate a new seed phrase within the hardware device to ensure a 100% secure and previously unexposed seed.
4. Protect your seed phrase, but don't lose it
We've emphasized the importance of not sharing your seed phrase and storing it outside your computer, such as in a Ledger or Trezor device. But what happens if you lose or damage your device? In that case, you would lose access to your cryptocurrencies. That's why it's crucial to write down the seed phrase as soon as it's generated on your Ledger or Trezor, so that if the device gets damaged, you can still access your crypto assets.
Keep in mind that, unlike the traditional world of Web2, in the decentralized world of Web3, you are responsible for safeguarding your assets. Metamask, Ledger, or other wallets are not like creating a Gmail account where you can contact a support team if you forget your password. You are the one protecting your crypto assets, so avoid losing or sharing your seed phrase with others. Although this may seem like a disadvantage, it actually provides security, as even if Metamask or other software disappears, you can still access your crypto assets using similar software and your seed phrase. This is not the case with Gmail, where if Google were to close tomorrow, you would have a period to save your emails, but eventually lose access.
Avoid writing down your seed phrase in a text file on your computer, in note-taking applications, or similar mediums. It's crucial to prevent your seed phrase from circulating on the internet or residing on your computer's hard drive. Opt for analog methods, such as paper or a notebook. There are also steel plates designed to store the seed phrase, or you can buy another Ledger as a backup and use the same seed phrase on both devices. Having multiple devices provides security in case you lose or damage your main Ledger.
The way you secure your seed phrase depends on your creativity and the trust you have in family members who can be entrusted with a Ledger (it's worth mentioning that Ledgers have an 8-digit PIN and allow a maximum of 3 attempts). Every personal situation is different, but having a copy of the seed phrase in another physical location will protect your crypto in the event of a disaster, such as a fire!
There's an interesting anecdote related to Vitalik Buterin, the creator of Ethereum, and the SHIBA INU tokens. The SHIBA INU team sent 50% of the total coin supply to Vitalik's public address without his consent. Before being able to access his wallet and sell some of these tokens to donate them to various causes, Vitalik had to spend approximately a month reconstructing his seed phrase, which was distributed across different locations and held by family members.
This story exemplifies the extreme security measures that some individuals, especially those with a public position and well-known assets like Vitalik, can adopt to protect their crypto assets. While it's not necessarily recommended to complicate the process to this extent for the majority of people, it was understandable in Vitalik's case.
5. Beware of signing transactions and unreliable contracts
The next issue we may face is interacting with a contract through the wallet where we hold 100% of our crypto assets. Sometimes, it's unavoidable, whether it's to claim an airdrop, perform a swap, or provide liquidity to a pool. It is crucial to ensure that we are interacting with trustworthy contracts and accessing the official website rather than a replica (phishing attempt).
A smart contract, introduced by Ethereum, allows for advanced operations beyond simple fund transfers, such as cryptocurrency exchanges, the creation of NFTs, or even custom tokens.
When interacting with a contract, it is crucial to verify its reliability. To do so:
- Copy the contract's address and check it on an explorer like Etherscan. If you find a "public tag," it is a good sign as it indicates that the explorer recognizes the contract as secure.
- Don't forget to review the number of transactions that have interacted with the contract: a contract with low activity could be a red flag.
- Check the contract to see if it is open-source code: while this does not guarantee complete security, it indicates that the code is public and can be reviewed. Malicious contracts often hide their code to steal funds from others.
Even if a contract is legitimate and 100% reliable, it is advisable to revoke the permissions we have granted if we do not plan to use it again for an extended period. To do this, we need to perform the opposite action of "Approve," which is "Disapprove." This allows us to remove the permissions we had given to the contract for specific actions. Websites like revoke.cash facilitate this process.
Furthermore, it is important to mention another example of a common scam related to contracts. Sometimes, you may find in your wallet or in other users' wallets tokens that have arrived without prior notice and have a website listed in their description. Attackers want you to access that website, connect your wallet, and interact with a contract that supposedly exchanges those tokens for a large amount of USDC. However, this will not happen as it is a fake token with no real value. By interacting with the malicious contract, you would be granting access to other tokens in your wallet, allowing the contract to use them. Therefore, it is essential to be cautious about what we are signing at all times.
6. Multiple Wallets are Better than One
An effective way to mitigate the risk mentioned in the previous point is to distribute your funds across different wallets. With the same seed, you can generate multiple wallets (practically infinite), and devices like Ledger also allow for multiple wallets.
Keeping this in mind, you could create three wallets with the same seed but different purposes and self-imposed rules. For example, in Wallet 1, you could store funds that you don't want to lose and only initiate outgoing transactions from this wallet to others when you need to make a change. Although this incurs transaction fees for each transfer, it provides greater security and peace of mind. It's worth mentioning that this applies to any blockchain.
This strategy of using multiple wallets for different purposes can help you manage your assets more securely, minimising the risks associated with interacting with contracts and concentrating funds in a single wallet.
7. Are Bridges Reliable?
Bridges allow tokens such as ETH, native to the Ethereum network, to coexist on other networks like Polygon or the BNB network while maintaining the same price. When a user wants to transfer a native token from Network A to Network B, bridges lock the token on their contract and mint an equivalent amount of a token on Network B. When the reverse process is done, the same amount is destroyed on Network B, and an equivalent amount of the native token is released on Network A.
This opens up many possibilities as it allows coins to exist outside their native network. However, there are considerations to keep in mind, such as what would happen if the bridge were hacked and someone could steal these locked tokens?
In such a case, the tokens on Network B issued by the bridge would lose a significant portion of their value since they were backed by the locked tokens on Network A, and their market value would be affected after the theft. Although this is unlikely, especially for well-known and audited bridges, it is still a risk to consider. Therefore, it is crucial to research and only use trusted bridges with a good reputation in the community. It's worth noting that some bridges have been hacked in the past.
Another less likely but still possible scenario is that Network B experiences a failure and prevents transactions, leaving the tokens unusable and locked on Network B for a certain period (or even indefinitely if the network doesn't recover). This should not happen with reliable networks, but our advice is not to transfer large amounts to newly created blockchains. Whenever possible and for significant sums, it is preferable to keep the tokens on their native networks, although sometimes, when we want to give them certain utility, using bridges is inevitable.
Let's recap!
Based on the information gathered so far, we have seen that it is better to secure all our crypto assets in a hardware wallet, keep nothing on exchanges, and ensure that our seed phrase is never exposed. Additionally, it is advisable to have backup copies of the seed phrase in secure locations, interact only with reliable contracts, and use bridges cautiously.
In conclusion, security in the world of cryptocurrencies is of utmost importance, and it is the responsibility of each individual to take necessary precautions to protect their assets. By following these recommendations, you can minimize risks and avoid falling victim to common scams.
Feel free to contact us via Telegram if you have any questions or suspicions. Furthermore, we will continue updating this article to make it a reliable and comprehensive resource for future reference. Security is an ongoing process – prevention is better than cure!