Entering the Monolith: best security practices to safeguard your crypto
The advent of cryptocurrencies has ushered in a monumental societal shift, but there are many risks to using the technology in its nascent stages. According to data from crypto analytics firm CipherTrace, over $681 million was lost in crypto hacks, thefts and fraud from January to July 2021; in many cases, the funds were never recovered. Crypto has been dubbed the “Wild West of finance”, but there are precautions you can take to make sure that you keep your assets safe. This guide details some of the most important security practices to follow if you use Monolith or own crypto. Read on to learn more.
Storing your Seed
Cryptocurrency wallets have a Seed, or “seed phrase”. This is a list of 12 or 24 numbers that can be used to unlock a wallet’s private key. It’s essential to keep the Seed and private key safe — anyone that has access to it can use it to get into your wallet.
If you lose a device such as your smartphone with the Monolith app installed or a hardware wallet, you can use the Seed to access your wallet on another phone or compatible wallet. This is another reason it’s important to keep the Seed safe — without it, you will not be able to recover your funds if you lose access to your wallet.
When you sign up to Monolith, one of the first steps in the onboarding process is to store your Seed in a safe place. You can find your Seed in the Monolith app by selecting the “Settings” tab followed by “Back up Seed” under the General menu, but you should always note down your Seed (taking care of the word order) too.
Monolith recommends writing down the Seed when you sign up to Monolith or get another new wallet and storing it in a safe place. Do not store your Seed on your computer or anywhere else online.
Some people take extra precautions such as splitting their Seed across multiple locations. For example, you could store four words from a 12-word seed phrase in three separate locations so that your phrase will not be compromised even if one of the locations is discovered. Some people also opt to store their Seed in a secure bank vault or store it on a durable material such as titanium or steel in case of a fire.
You should keep your Seed to yourself and make sure you never share it anywhere online. However, you may decide to alert a family member of the location so that they can still access in the event of your death.
Using wallets
Cryptocurrency wallets primarily fall under two categories: hot wallets and cold wallets.
Hot wallets are those that can be accessed online, while cold wallets are stored offline. The most popular example of a hardware wallet is MetaMask, while a cold wallet can take the form of paper or a USB-like hardware wallet device.
Hot wallets store their public key and private key online, and are generally considered less safe than cold storage options.
As cold storage wallets such as hardware devices are more secure, Monolith recommends using them as part of your crypto safeguarding process. Two of the most popular cold storage wallets are Ledger and Trezor.
If you are holding a significant amount of crypto, it’s a good idea to keep your funds in multiple wallets, with the majority stored in cold storage. Many crypto users like to keep the majority of their holdings offline as “savings”, with another wallet with funds allocated for activities such as yield farming. Additionally, you may choose to use your Monolith wallet specifically for spending with the Monolith Card.
Additionally, some users and projects holding larger portions of funds opt for multi-signature wallets that require approval from multiple people to confirm a transaction. Gnosis Safe is an example of a popular Ethereum-based multi-sig wallet.
As the full transaction history for crypto wallets gets recorded on a public ledger, Monolith recommends keeping any wallets holding significant amounts of your crypto funds private — do not share the address online.
Additionally, when you move funds between wallets, be careful not to expose your private cold storage wallet. You can use exchanges such as Coinbase to move funds between wallets to avoid creating a paper trail linking all of your addresses.
Monolith advises against storing any significant holdings on a cryptocurrency exchange or in hot wallets. Hackers use sophisticated attack methods to target hot wallets, and if you lose the funds, they’ll likely be gone forever.
As you can use MetaMask to access your Monolith wallet, it’s important to be aware of the risks of using hot wallets. Never share your Seed anywhere online, make sure you are accessing the correct app, and do not store significant amounts of funds on MetaMask. Finally, when you use MetaMask, use a strong password that you have not used anywhere else online.
Avoiding phishing attacks
Phishing attacks have become one of the most common attack vectors in the cryptocurrency space. Phishing is a form of social engineering in which attackers trick victims into giving up sensitive information such as passwords or seed phrases or install malware onto their device.
Attackers frequently pose as cryptocurrency exchanges, wallet companies, and projects like Monolith in an attempt to access their victims’ wallets and crypto funds.
Phishing attacks may include:
- Emails asking a victim to sign into their cryptocurrency exchange account.
- Fake website links with a different URL that looks similar to a legitimate website.
- Keyloggers that track everything that’s been typed on an infected device.
- Web script that mimics popup windows such as MetaMask notifications.
There are many precautions you can take to avoid becoming the victim of a phishing attack.
When searching for a website such as MetaMask, Ledger or Coinbase, make sure that you have the right link. Find the correct link on their official social media page rather than using a search engine — hackers often run sponsored advertisements so that they appear high in search results.
Check every link online thoroughly, and do not click on any links you do not recognise.
If you are contacted by someone you don’t know and they try to speak to you about crypto or another topic, do not click on any links or download any files they send.
One of the most common attacks in the crypto space involves attackers posing as a real person and contacting people the person knows to ask them to send funds. Always check who you are speaking to, and do not send funds to anyone online. If you think someone may be posing as someone you know, contact them to find out more.
Phishing attackers also frequently replicate hot wallets such as MetaMask. This is part of the reason it’s a good idea to avoid keeping large amounts of funds on a hot wallet. When using MetaMask, make sure that you have the correct application and read every notification thoroughly.
Interacting on-chain
There are many steps you can take to protect yourself when interacting on-chain.
When you are using a tool such as MetaMask, make sure you are not distracted by other activities. Close every other application and follow every step carefully. Read the popup windows thoroughly — do not click to confirm anything without checking first.
When you use MetaMask to access Web3, you will be asked for permission to spend an asset the first time you use it with a certain application. For example, if you want to swap DAI for ETH on ParaSwap, you will need to unlock the asset the first time you use the app. Make sure that you do not click on anything that gives permission to spend any other assets in your wallet. If you receive a notification that looks suspicious, close the window and log out immediately. You can check the status of your wallet and any transactions by searching on Etherscan or any other similar data analytics site.
A common attack in the crypto space involves “airdropping” tokens to a user’s wallet. In these scams, the user is required to log into a website to retrieve the “airdrop”, but the website will attempt to drain their funds if they log in. If you unexpectedly receive some tokens in your wallet, search for the name of the project on Twitter to see what the community says about it and check if the token is listed on CoinGecko or Etherscan. Do not log into any website you do not recognise with your crypto wallet.
When you have finished interacting on-chain, make sure that you always sign out of your wallet.
Using social media
If you hold crypto, it’s important to be vigilant on social media. As the space has grown, hackers have increasingly used sites like Discord, Telegram and Twitter to target victims.
If you hold a significant amount of crypto, you may choose to conceal your identity on social media. Many crypto users adopt aliases and avoid sharing photos of themselves online to preserve their privacy.
Moreover, you should avoid discussing any details surrounding your crypto holdings online. Do not disclose your holdings to anyone, and be careful not to share your address holding the majority of your crypto in any public posts.
Additionally, do not share personal information with anyone you speak to online even if they look familiar. Make sure that you always check their profile if you’re not sure who you are speaking to. Bots and hackers frequently target victims in crypto-related groups and servers on Discord and Telegram — block and report any suspicious accounts and be sure not to click on any links from anyone you don’t know.
It’s also important to remember that the blockchain makes everything public — if you open an account on an NFT marketplace such as OpenSea under a username you’ve used on other social media websites, be aware that it could make you easier to find.
Staying equipped
In addition to taking precautions when you are using crypto and logging onto the Internet, you may also consider buying extra equipment to protect your assets.
Monolith recommends buying a “clean” computer for crypto-related activities such as using exchanges, logging into MetaMask, and using the Ledger Live app. This means having a computer that you do not use for any other activities to reduce the risk of a vulnerability such as malware. If you buy a computer for your crypto activities, do not store any passwords or your Seed on the device — just use it for the activities you need.
For any significant amount of funds, you may consider purchasing a hardware wallet such as Ledger or Trezor. These are cold storage wallets that store the private key inside the device. To move any funds from a cold storage wallet, you need to have the physical device in-hand to confirm the transaction. This can reduce the risk of losing the funds in your wallet through a hack. Make sure that you buy a wallet and download any software such as an app directly from the source via the official website.
It’s important to look after your Seed as you may need it to recover your funds if you lose access to your wallet. To ensure that your Seed does not get destroyed in an event such as a fire, Monolith recommends a steel or titanium backup tool such as CryptoSteel to store your Seed.
Using Monolith
There are several extra precautions you should take when using Monolith.
We recommend topping up your Monolith Card with larger amounts to limit your gas fees. However, if you top up your account with a significant amount of funds, it could be a good idea to use some to top up the Monolith Card at the same time. This means that your funds will be in two places. Think carefully about how much to add to your wallet and card — do not add more than you need or use the wallet for your whole crypto portfolio if you have significant holdings.
When you top up the card, your funds will be converted from crypto to GBP or EUR. Funds on your VISA® card are safeguarded by Contis as a regulated e-money supplier. That means you have legal right to these funds no matter what happens to them. Like with all cards, you have an obligation to protect your pin and online security. VISA® fraud prevention should help avoid that, but there are risks as with all debit and credit cards.
If you’re a legacy user who joined us before April 2021, it’s also a good idea to activate your security features if you’re using your smart contract wallet. You can find the features on the “Settings” tab under “Contract Security.”
You may also want to consider activating the Biometric fingerprint scanner in the app settings. That way, only you will be able to access the app.
Finally, make sure that you keep your PIN safe. Use a PIN that you’ve not used elsewhere before.
Conclusion
In conclusion, crypto is very risky. While the space is still in its infancy, there are many ways that you could lose your assets. As the industry has grown in value, hacks and attacks have resulted in billions of dollars worth of losses. However, there are many steps you can take to be sure that you stay safe and protect yourself.
It’s crucial that you keep your Seed safe and equip yourself with the right tools. You should not keep all of your assets in one wallet, particularly if it’s a hot wallet connected to the Internet. Be careful when you are interacting on-chain and using social media, and always be wary of potential phishing attacks. Finally, make sure that you are careful with how you use the Monolith wallet: take advantage of the security features, and be careful when adding funds and topping up your card.
If you follow our recommendations, you’ll have a better chance at safeguarding your assets and enjoying all of the benefits of the decentralised revolution.
