The Ultimate Guide to DeFi Security

Published in
6 min readJan 6, 2022


Security ain’t sexy, but neither is losing your crypto bags to hackers.

This post is dedicated to all the ways to protect your funds across DeFi. Tips and tricks are divided into four sections.

  1. Wallet Hygiene
  2. Hardware Solutions
  3. Software Solutions
  4. Audits

Wallet Hygiene

These tips and tricks will be specific to how to manage your wallet, wallet activities, and wallet permissions.

Make sure you know what you’re approving

When you interact with a new contract, it’s very important to find out key info about the contract through the transaction information. Let’s look at an example below of Sushi requesting permission to access the LINK token in this wallet below.

At first, it looks like a regular permission access transaction. When approving transactions like this, exercise two practices:

  1. Check the contract age. Is it new or established? You can do this by clicking the contract link on Etherscan.
Click on the contract in MetaMask to get to Etherscan. Then, click the Contract link.
A screenshot of the contract with a creation transaction hash link available to click for more detail.
When you get into the contract, select the Creator Txn Hash.
A screenshot of the creator transaction hash showing the creation date of the smart contract.
You can see above that the LINK contract is 488 days old, which is considered established in this context.

2. Be mindful of how much you are approving. You can put a custom spend limited instead of the default spending limit by click Edit Permission.

Inside Edit Permission, you can switch to a Custom Spend Limit for the approval. Above, I’m making a limit of 1 LINK.

Manage your wallet approvals

  1. Manage infinite approvals using The website checks what sites you have infinite approval and you can remove them.
  2. Manage your connected sites via your wallet. In the settings of your wallet, you should be able to see the Connected Sites. Periodically review what sites your wallet is connected to and remove those you’re not comfortable with. The nice part is that you can always reconnect to the sites again if you want to.
A screenshot of Metamask’s settings dropdown options with Connected Sites as the fourth option.
Select the Connected Sites from the drop down options to view all wallet connections.

3. Lock your software (AKA hot) wallet when you’re not on it.

4. Manage your token approvals through Etherscan. From the More tab on a wallet address’s page, you can manage your wallet’s individual token approvals.

In the More dropdown, select Token Approvals. You can then Connect to Web3 on the top left corner and begin revoking approvals for individual tokens.

Simple Reminders:

  1. Log out your hot wallets from any devices that are not your own!
  2. NEVER share you seed phrase. Please. Just don’t do it. No matter what.
  3. In almost every case, write your seed phrase on paper and lock those somewhere safe. Do not keep pictures or online digital records of it.
  4. Do not trust random tokens or NFTs that appear in your wallet. If you did not approve of them, do not touch them.

Hardware Stuff

This section will talk about several hardware solutions you can utilize to protect yourself with direct and peripheral security tools.

Cold Storage Wallet

Hardware wallets, also known as “cold storage”, are great because they require hardware and physical approval, often via buttons on the device. Ledger and Trezor are great solutions for storing large amounts of crypto and high value NFTs.

USB Drives

Use a USB or external storage drive to store backup keys and information that is not online and not on your daily computer. Put this somewhere safe where you can access if you find yourself needing it later.


Yubikey is an awesome two-factor authentication (2FA) tool that you plug into your computer and will require 2FA on all your passwords. This will ensure no one can access your accounts with just your password.

Software Stuff

This section will share several software solutions that can increase your privacy and protection of your computer and network.

Virtual Private Network (VPN) Service

Protect your internet browsing and crypto activity using a VPN service, which will mask your IP address with other IP addresses across the globe. VPNs are not just good for crypto, but also for personal protection. There are enough trackers in the internet watching how you browse, and VPNs can keep your internet browsing private. Check out services like ExpressVPN or NordVPN.

Password Manager

Password managers make life really easy because they generate very strong passwords for each login, and you’ll get notified if one of the passwords gets compromised. That way, you can quickly change it to another secure password. If you can afford this solution, it’s a no brainer for security. Check out services like LastPass or Dashlane.

Encrypt your Files

Encryption gives your local files that extra security in the case that you have someone access your personal computer. Mac has the Vault tool that quickly encrypts your entire computer’s storage, and it is one of the easiest. Otherwise, you can check out a free encryption tool like Veracrypt, or a service like NordLocker.

App Authenticators

If you don’t want to get a Yubikey, there are 2FA solutions through authenticator applications like Google Authenticator or Microsoft Authenticator. I personally use an app authenticator for nearly every password and love this solution for quickly protecting new accounts I make.

If you want to have your authenticator account backed up in an encrypted cloud and not store seeds for yourself, check out Authy. It’s one of the most convenient and popular solutions.


Audits are simple exercises you can use to periodically check how you’re doing on security. Think of these as maintanence strategies you can use when you want to see how you’re protected.

Cloud Storage Apps

Check your cloud storage apps like Dropbox or Google Photos and make sure you’re not auto-uploading screenshots, specifically of any that may be valuable information. In general, it’s a good idea not to put your photos on cloud solutions (some people like the convenience — others consider it a “peak indifference” trap).

Check What Passwords Have 2FA

Look at the passwords that do and do not. Look at your most valuable passwords like crypto accounts, bank accounts, social media accounts, etc. and make sure they have 2FA. In general, you want to put 2FA on everything you can.

Google Yourself

Google yourself, and remove any information that you no longer want online. This is something that is very important, especially for those that do not want to get doxxed in crypto. Google both your name, and your sudoname if applicable. If you want them to be separate, ensure that the contents on your google searches are not linked.




| USC Grad Student | Blockchain@USC researcher | writing ✍️ | musician 🎸