Crypto security is important

Exponentialcapital
6 min readApr 22, 2022

--

With great power comes great responsibility

Today we’re discussing one of the most important topics when it comes to long-term longevity in the DeFi space. DeFi offers what seems to be unlimited possibilities and is free from regulatory constraints.

However, with great power always comes great responsibility. Compared to centralized and traditional finance, there is no enforcement agency protecting investors from bad actors.

Meaning security and longevity fall on the burden of the investor. Below we will discuss different options to add extra levels of security to your beloved tokens.

Uncle Ben once said…

Hard Wallet vs Browser Wallet

As investors come from centralized exchanges over to decentralized exchanges like Uniswap, they will typically hold currencies in wallets like MetaMask (MM). When creating an MM wallet, it’s the responsibility of the investor to store a seed phrase for wallet recovery.

This already provides a layer of protection, however, alone it doesn’t isolate an investor from hacks and security issues. The most basic form of additional protection and due diligence is adding a hardware wallet as another layer of approval for a wallet.

The two most popular hardware wallet creators are Trezor and Ledger. We aren’t here to compare the two models but speak to the extra layer of protection they offer. It is recommended if you do purchase a hardware wallet to purchase directly from the producers’ website and not from Amazon or third-party sites to ensure the wallet has not been tampered with.

What a hardware wallet does for users who use wallets like MetaMask is add another level of approval security measure. Say your MM browser wallet becomes compromised and a bad party tries to send all of your coins to their wallet, if your MM wallet is linked to a hardware wallet it cannot be done without approval from the hardware wallet.

In comparison, if a user just had a MM wallet the coins would be sent off and they likely would never be returned. This is due to a single layer of protection with just a browser wallet compared to adding another layer with a hardware wallet.

In addition to just approving transactions, most hardware wallets can be used to store more common cryptocurrencies directly on the wallet like BTC, ETH and others. That way an investor doesn’t have to rely on either centralized or decentralized exchanges and wallets but take security into their own hands.

When it comes to storing your seed phrase, it is advised to not store the seed phrase in a word doc, notes or anywhere on your computer. If your computer becomes compromised, you don’t want the hackers to also have access to your private keys to drain your wallet. Instead, it is advised to have it stored outside your computer.

A common practice is to write it down several times and store it in a secure place. However, there are ways to take it a step further and secure it via an indescribable titanium plate, secure capsules, etc. That way if there ever were a fire or flood your seed phrase would still be secure compared to the paper. These extra layers of security can be found in the same places to purchase hardware wallets like Trezor and Ledger.

Wallet Approval Clean Up

A good practice is to go through weekly and see what Daaps, protocols, projects, or websites have access or approval rights to your wallet. This can be done through apps such as Debank or their new app, Rabby.

A good rule of thumb is unless you know the website/protocol and plan to interact with it in the future there is no need for them to have access to your wallet. Especially if you dabble in the memecoin market, it’s best to make sure to remove the unlimited spend feature contacts have once approved. This is because in this market for every solid project there is also a bad actor with intention of draining your wallet.

When you hit the “approve” on an exchange like MM for a coin it gives an unlimited spend approval contract and if the project is a malicious project, they can take all your tokens that you approved for that contact. This is why you only want to approve access to known projects you trust.

VPNs

VPNs are another security and privacy recommendation when it comes to using decentralized finance. They protect your privacy and if your computer becomes compromised, they cannot trace your IP address either. Having a VPN also provides another level of security as you are connected to a secure outside server instead of a potentially less secure network.

That’s in addition to protecting your privacy, which is the point of a VPN. A lot of the top of VPN companies also accept payment in cryptocurrencies, making sure you stay anonymous.

In no particular order here are some of the most common VPNs as a point of reference: NordVPN, Private VPN, Surfshark. A google search and some YouTube reviews can help solidly your choice in VPN.

Phishing Emails

Another security practice and scam to be wary of is phishing emails. One example is someone receiving an email from an email address pretending to be a reputable company and asking you to click on a link.

You may get an email pretending to be MetaMask, where an individual asks you to click on a link to resolve an issue or claim a reward. The link is malicious and has software to exploit your entire computer and wallet. MetaMask doesn’t require or need your email when you sign up so of course never click on a link from them.

Similar attempts can be made by companies like OpenSea or Coinbase, etc. Generally, those companies won’t email you and common practice would be to handle any support issues over the phone.

Also, double-check the email address for something like “MettaMask” with an extra T added in or poor grammar. These are common signs the email address is malicious.

Be careful of phishing emails

Summary

At EXPO, we understand how valuable your hard-earned ETH or other coins are. We also want to make sure you understand all the extra options out there to ensure you hold your valuable coins for as long as possible by following these easy extra steps.

Use a hardware wallet to act as an additional approval security add-on for any DeFi wallet transactions. Make sure your seed phrase is stored in a secure non-destructible option that is not stored via the cloud or on your computer.

Make it a practice of every so often checking in on the approvals on your MM wallet. Handle support issues over the phone and for privacy and added network security using a VPN. Last but not least, in the DeFi space, there are typically no free lunches.

It is advised to not accept any airdrops from any projects unless you see some sort of direct communication from their main Twitter or Telegram group stating otherwise. Same goes with unknown coins you might find in your wallet, do not attempt to sell them as they often will end up with your wallet drained.

Following all of the above doesn’t provide a 100% guarantee of safety, but it does add many extra layers of security for your coins and as always, it’s better safe than sorry. There are no FDIC or SEC parties to attempt to get your stolen coins back in the DeFi space.

If there are any certain topics you would like to see EXPO touch on, DM the Twitter account or pop into the Telegram link.

Links:

Expo Capital Website: https://www.exponentialcapital.finance/

Telegram: https://t.me/EXPOcapital

Twitter: @EXPO_Capital

--

--

Exponentialcapital
Exponentialcapital

Written by Exponentialcapital

Exponential Capital (EXPO) is a farm-trade-seed-as-a-service run by the community for the community. As we grow, so does your wallet.

No responses yet