Open in app

Sign in

Write

Sign in

How to Avoid Scams and Stay Safe in DeFi (Guide)

Secret Network
Secret Network Ecosystem
Published in
8 min readApr 7, 2022

--

Billions and billions of dollars are lost each year by crypto users who fall victim to scams. Unfortunately, if you don’t know what to look out for, it can happen to you in the blink of an eye.

We’d love to help you avoid the pain of having your funds stolen. That’s why we’ve put together the best practices to protect yourself and your wallet as you navigate the crypto and decentralized finance world.

What we’ll cover in this guide:

Ways to protect your private key and seed phrase

Let’s start with two of the most important things to keep secret in DeFi and crypto: your private key and seed phrase. Both give anyone access to your wallet — and thus your funds. That’s why it’s critical to manage these as safe as possible.

Here’s how to do so:

#1 Backup and store your seed phrase safely

One of the first things you should do when creating your wallet is to backup your seed phrase, as this is the only way to restore access to your funds if you lose or break your wallet.

The best way to backup your seed phrase is by writing it on a piece of paper or other physical media. You can store your physical seed phrase backup in multiple locations like a personal vault and a deposit box. You can also split your seed phrase into parts and store each one separately.

#2 Do not save your seed phrase and private key in cloud-based or unencrypted storage

Google Drive, DropBox, or your email are not reliable storage solutions. Neither should you use a Word document, TCT, or Notepad apps. Never copy and paste your seed phrase, as it will be exposed to your local memory. Never store it on any digital or unencrypted device like a thumb drive.

#3 Never give your seed phrase or private key to anyone

Support won’t need it; if they ask for it, you’re talking to scammers trying to hack your account. This rule applies to airdrops as well. Don’t do it if you need to share your private key or seed phrase to be eligible.

The only time you’ll need your seed phrase is when “restoring” a wallet to a new device (due to broken devices or upgrades) or when importing a wallet so you can see multiple accounts in one interface.

Wallet techniques to keep your assets safe

What wallet you use and how you use it can make all the difference for the safety of your assets. Here are tips on how to use (several) wallets to protect your crypto:

#4 Use different wallets for different activities

All wallets have their pros and cons. For example, hardware wallets are the most secure but don’t always easily connect with dApps and can’t serve as on-ramps.

The solution? Create different wallets for different purposes! Here’s how to go about this:

  • Use a hardware wallet for your long-term investments that you make as secure as possible and never save, copy, or use its seed phrase on a device connected to the internet. To maximize your security, create a private wallet that can’t be linked to your other wallets
  • Have a software wallet for interacting with dApps, yield farm, and actively trade. Your trade wallet is for using vetted projects but should not contain the majority of your funds
  • Create a different wallet with very little crypto in it — just enough to cover gas fees — to vet new dApps & services and participate in giveaways. If it gets compromised, quarantine it and create a new wallet

Note: if you hold high-value NFTs, we recommend creating an extra long-hold wallet for these NFTs because their non-fungibility can quickly reveal your identity.

#5 Take extra care when using software wallets

Software wallets are only as secure as your device and usage. Most wallets save the private key of your wallets on the device memory you are using, so it’s important not to use a device that you visit questionable websites with 🤔

If you’re using a mobile wallet, have a good security suite with antivirus/malware and a link checker. There are many good paid products and even free ones like Sophos Intercept X and apps on Google Play for link checking. Most free services also have premium options available.

#6 Be aware of what you are signing with your wallet

Most crypto transactions ask for a signature, but beware! There are malicious smart contracts, designed to appear like any other transaction, that steal your keys and give the scammer access to your wallet when signing. So check transaction details and do your own research (DYOR) on projects before trusting them!

#7 Keep in mind: not your keys, not your crypto

It’s an age-old adage in crypto, but it often sinks in too late. If you hold your crypto assets in a custodial wallet, like an exchange or lending platform, you risk losing your assets if the platform is hacked or goes bankrupt. That’s why it’s critical to, at any time, only hold a small portion of your portfolio on any of these platforms.

How to use Secret Tokens and Secret DeFi

Privacy is essential to keeping your financial details — and crypto — safe. Here’s why and how to use Secret’s privacy features to safeguard your assets while engaging in DeFi:

#8 Store your (long-hold) tokens and coins as Secret Tokens

When holding your assets on Secret Network — as Secret Tokens or Secret NFTs — you get to decide who can see the assets in your wallet. This feature keeps your assets hidden on the blockchain and protects you from phishing attacks.

Take the OpenSea phishing attack in February 2022, where hackers targeted Ethereum users. Since Ethereum is a public blockchain, bad actors could see what wallets held expensive NFTs. They then tracked interactions made with these wallets, recorded on-chain, to uncover the identities of their owners and perform targeted phishing attacks.

With Secret Network, we have built-in protection against such attacks. And even if someone hacks your wallet, they won’t be able to see (and steal) your funds if they don’t have the proper viewing keys.

#9 Use Secret DeFi apps for swaps, lending, and borrowing

While with DeFi apps on public-by-default blockchains, all your data is public. DeFi apps on Secret Network encrypt your sensitive data to ensure your financial information is safe.

You can, for example, use a lending app like Sienna that can check your eligibility for a loan while keeping your data encrypted — and thus hidden — on-chain.

Note: what data is kept private and made public can differ per Secret DeFi app, so check out the documentation of the specific DeFi app you want to use.

💡 Want to know more about Secret DeFi? Check out our Secret DeFi Learn page.

#10 Regenerate your viewing keys regularly

The great thing about viewing keys is that you can give others, like your accountant, viewing access to your funds if needed. But it also creates the risk of giving too many people access to your funds, even when it stops being necessary.

That’s why we advise you to regenerate your viewing keys regularly. Creating new keys revokes viewing access for anyone who holds the old key, ensuring as few people as necessary can access your funds and maximizing your security.

💡 To learn how to regenerate, e.g. create a new viewing key, check out this tutorial.

Methods to secure your devices and internet connection

The internet enables you to connect with anyone. However, it also allows scammers to connect with you — and if you’re not careful, drain your wallet. Here are some tips to make your internet use as safe as possible:

#6 Use a dedicated device

Use a dedicated device when trading with or accessing your more significant accounts. It doesn’t need to be expensive or of super high quality. For example, an old laptop is usually fine, as most blockchain dApps are not intensive on spec requirements.

What’s important is to remember that the fewer apps and data traffic on the device, the safer your funds are. So use this machine only for your DeFi activities and don’t share it with others.

#8 Use strong passwords and two-factor authentication (2FA)

Especially on custodial accounts like Coinbase or Binance!

Use a 2FA app like Yubikey, Authy, or Google authenticator instead of SMS. Use strong passwords with 12 or more characters, including symbols and numbers. The easiest way to create and store passwords is to use generators like 1Password and LastPass.

Consider setting your mobile account to only allow SIM card changes in-store to protect against SIM swap attacks. For more info on SIM swamp scams, check out this page.

#10 Use a VPN

This method is one of the easiest and most efficient ways to block a bad actor’s ability to track you. A VPN changes your IP address, making it look like you are accessing the internet from another location than where you actually are. VPNs are essential to basic online security and have many benefits.

There are free VPNs, but we recommend using a paid version like NordVPN as many free VPNs farm data to pay their bills, which counters the whole purpose of a VPN. An alternative is a decentralized VPN like Sentinel, built on Cosmos. It might take you more time to set up, but Sentinel works great with all things Secret.

Why (and how) to DYOR

In crypto, you are in control, and you have the responsibility for your assets. The best way to stay safe in crypto is to triple-check everything. “Don’t trust but verify!” — always.

#11 Double-check everything

One of the most common reasons people lose funds is user errors such as transfers to the wrong address or network. Check your address and network carefully, and fill out any necessary memo fields before making a transaction. If you’re making a high-value transfer, do a test transfer first with a small amount of crypto.

Read URLs and only click links from trusted sources. Phishing links can look a lot more believable than you’d think. Manually check the sender of any message to make sure they are the legitimate contact. Check website URL addresses to make sure they look correct. Example: make sure app.osmosis.zone is NOT *app.ozmosis.zone*.

#12 Be very careful when responding to DMs

Do NOT answer DMs that are asking for financial or personal details! Project devs and support never message first. Private sales and doubling events do not happen in Telegram or Discord! Nobody will send you 2 BTC if you send them 1 BTC. You’ll just lose your 1 BTC.

To sum it up

Here are our top tips to stay safe in DeFi:

  • Buy a hardware wallet to store your long-term holdings, create several backups of your seed phrase — on paper or engraved on flame-resistant steel — and keep them in safe areas such as a deposit box or a safe
  • Have a link checker and antivirus/malware protection installed and use a VPN. Only contact support via official channels and be very wary of fake Telegram/Twitter/etc. accounts. Your best bet is to search Google for the official website. Remember that support will never require your seed phrase or private key
  • Use separate wallets for your long-term investments. Use different wallets for dApps, yield farming, and vetting new tools

That’s it, folks. Stay safe, and stay SECRET!

Defi
Cryptocurrency
Blockchain
Scams To Avoid
Keplr Wallet

--

--

Secret Network
Secret Network Ecosystem

Written by Secret Network

1.3K Followers
Editor for

The Data Privacy Platform For Web3 — build and use blockchain applications that are both permissionless and privacy-preserving.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams