How to Keep Your Crypto Wallet Safe in 2023
Written by Brady Werkheiser
Reviewed by Logan Ross
The blockchain made it possible for anyone to “be their own bank,” but with great power comes great responsibility. To fully experience the freedom offered by crypto assets, users must assume control of their funds through the use of a “self-custody” wallet. However, the question remains: How can one ensure the safety of their crypto wallet?
This article explores the various measures that can be taken to secure your crypto wallet, including factors to consider when selecting a wallet, methods for safeguarding your seed phrases, the advantages of conducting transaction simulations, and the importance of using audited apps.
How to Keep Your Crypto Wallet Safe in 2023
This section delves deep into the nuances of keeping your crypto wallet safe in 2023. From understanding the intrinsic security features of hardware and software wallets to navigating the complex world of open and closed-source wallets, we guide you in making choices that align with your security needs and usage patterns.
1. Choose a High-Quality Hardware or Software Wallet
The first step in safeguarding your crypto assets is to choose a high-quality wallet. This entails opting for a wallet with a solid reputation developed by a team dedicated to ensuring security.
Choosing a Hardware Wallet
Choosing between a hardware wallet and a software wallet is a critical decision. A hardware wallet is a physical device like a Ledger or Trezor, which remains offline and is only used to sign transactions initiated by the user, often requiring the user to enter a PIN code. The offline nature of hardware wallets makes them immune to online hacking.
Choosing a Software Wallet
Software wallets are software installed on a computer or an app installed on a phone, making them more convenient and accessible but also more vulnerable to cyber threats. However, using two-factor authentication (2FA) can add an extra layer of security.
While hardware wallets are often favored for storing large amounts of cryptocurrency due to their robust security, software wallets equipped with 2FA are usually preferred for smaller amounts and everyday use.
Choosing Between Closed vs. Open Source Wallets
When deciding on a wallet, it’s important to consider whether it is open-source or closed-source. Open-source wallets, such as MetaMask, have publicly accessible source code that anyone can review and verify.
The fact that the code for open-source wallets is publicly accessible means that developers, security experts, and the broader community can scrutinize it for potential vulnerabilities, bugs, or backdoors. This is why an open-source wallet needs to have undergone an audit and/or support bug bounties.
An audit provides assurance that experts have thoroughly reviewed the code for potential vulnerabilities. In contrast, a bug bounty is a reward g given to community members who find a bug or problem with the code.
Closed-source wallets like Phantom often prioritize user experience and ease of use, making them more accessible to a broader audience, and usually provide dedicated customer support, which can be beneficial for less tech-savvy users.
2. Safeguard Your Seed Phrase Against Theft and Loss
Your seed phrase, also known as a recovery phrase or mnemonic phrase, is a crucial component of your crypto wallet's security. It consists of a sequence of random words, typically 12 to 24 in length, used to restore access to your wallet in case of loss or device failure. Treat your seed phrase as the master key to your funds, and never share it with anyone.
To keep your seed phrase safe:
Write it Down Physically
While it may be tempting to simply copy and paste your seed phrase into a file on your computer for safekeeping, this can actually expose your seed phrase to potential threats. A safer approach is to write down your seed phrase using pen and paper and store it in a secure, undisclosed location. It’s also a good idea to make multiple copies of the seed phrase and store them in different physical locations to ensure redundancy in case of emergencies.
Consider the Likelihood of Losing Your Seed Phrase
It’s important to note that a typical crypto user is likelier to lose their seed phrase than have it stolen. It’s worth considering whether you would still have access to your funds if you lost your phone and/or computer or if your house burned down. Some wallets, such as the mobile wallet Ultimate, safeguard against accidental loss by allowing you to encrypt and back up your seed phrase to the cloud.
3. Use Vetted DeFi Protocols
When using your wallet to interact with DeFi protocols on smart-contract-enabled blockchains such as Ethereum or Solana, it's important to consider the safety of the protocol you connect your wallet. With the growing number of dApps and DeFi platforms, ensuring that the protocols you engage with are reliable and secure is crucial.
Websites such as defisafety.com or de.fi can be used to check the safety rating of a protocol. You can also use defillama.com to view a protocol's total value locked (TVL). Dappradar.com is another useful resource that can show the number of users a protocol has. Generally, a higher TVL and a larger user base indicate that a protocol is less likely to be malicious or contain vulnerabilities.
Before using a DeFi protocol, consider the following:
Check for Audits
Reputable protocols typically have open-source code on platforms like GitHub and have been through multiple audits, which should be listed on their website.
Community Feedback
Seek insights from the crypto community and experts about the protocol's reputation and user experiences. Reddit, Twitter, and blockchain forums are excellent places to gauge community sentiment.
Users can significantly reduce their risk by only connecting their wallets to vetted DeFi protocols.
4. Don’t Use Your Primary Wallet for Everything
Suppose you’re connecting your wallet to a new DeFi protocol to explore its functionality or test it with a small amount of funds. It’s generally recommended to use a separate wallet account from your “primary” account, where most of your funds are stored. This can help protect your primary account and ensure your funds are safe while experimenting with new protocols.
By using a separate wallet account when connecting to a new DeFi protocol, you can significantly reduce the total amount of funds at risk if the protocol turns out to be malicious or becomes hacked.
5. Disconnect dApps After Use
As you connect your wallet to more and more DeFi protocols over time, it’s a good idea to disconnect your wallet from protocols you’re no longer using. This ensures that any future vulnerabilities or problems with the DeFi protocol have no chance of affecting your wallet.
6. Conduct Transaction Simulation
Transaction simulation is a feature that should be built into any modern wallet. It verifies the accuracy of a wallet's operation without actually executing a real transaction. In essence, transaction simulation permits users to preview or imitate a transaction before finalizing it on-chain.
This provides greater insight and foresight into transactions and improves comprehension of how assets will be affected post-transaction, helping to identify potential vulnerabilities or errors that might lead to loss of funds.
When making a large transaction, it's possible to manually perform a transaction simulation by first sending a small transaction to confirm the accuracy and safety of your wallet. If everything goes smoothly with the small transaction, you can then proceed with the larger transaction.
7. Wallet Security Browser Extensions
Modern wallets should have a degree of transaction simulation built in, allowing users to see the result of a transaction before confirming it. There are also additional tools, such as Fire and WalletGuard, which are web extensions that run alongside a user’s wallet and warn about phishing links or malicious transaction requests.
8. Be Vigilant
Unfortunately, the world of crypto and DeFi can be an adversarial environment, with malicious actors attempting to exploit ignorant or naive users while remaining anonymous. As such, it’s crucial to remain vigilant and be on the lookout for scams when carrying out any transaction or DeFi interaction.
Offchain Scams: Discord, Twitter, Telegram and Other Scams
Scammers often target victims on social media platforms such as Twitter and Discord. On Twitter, malicious bots may comment on legitimate posts, offering trading strategies or technical support. These profiles often have suspicious usernames and a low number of followers. While Twitter does filter out some of these bots, it’s important to remain vigilant and ignore any comments or messages offering to “help” with your crypto investments.
Discord is also rife with scammers and spammers. It’s common to receive friend requests and messages from accounts promoting airdrops, giveaways, or trading groups. These should all be ignored, and the accounts should be blocked or reported.
Even on YouTube, fake live streams featuring celebrities like Elon Musk are common. These streams may appear to show the celebrity discussing the crypto markets and asking viewers to send them tokens in exchange for a larger return.
These “send me 0.1ETH and I’ll send you 0.3ETH back” scams are so prevalent that many VIPs have added disclaimers to their real profiles stating that they will never DM you or ask for tokens.
Phishing is also a common tactic used by scammers, who may pay for ads on search engines to direct users to fake websites instead of the legitimate ones they intended to visit. You must ensure you are on the correct URL of the website you intend to visit to avoid falling victim to these scams.
Onchain Scams: Malicious NFT Spam
It is common to receive spam NFTs, which typically advertise a token giveaway and include a malicious URL link in the description or NFT image. While the presence of these tokens in your wallet is not dangerous, and most wallets hide them by default, it’s important to assume that any token or NFT sent to you without your knowledge is a scam.
Some Solana wallets, such as Ultimate, allow you to burn spam NFTs and receive back the on-chain “rent.” This can help clean up your wallet and even earn you a small amount of SOL in the process. It’s always a good idea to be cautious when dealing with unsolicited tokens or NFTs to protect yourself from potential scams.
Conclusion
Protecting your crypto wallet is an ongoing responsibility that requires proactive measures and constant vigilance. By employing audited wallets, safeguarding seed phrases, conducting transaction simulations, and only using vetted protocols, you can significantly enhance the security of your crypto assets.
Remember, the crypto space is ever-changing, and new threats may emerge over time. Staying informed about the latest security best practices and remaining cautious when interacting with your crypto wallet will help ensure your funds are safe and secure.
Related overviews
Learn about the 15 best web3 wallets including MetaMask, Phantom, Rainbow, ZenGo, Ledger, and more!
Understanding Transaction Simulation and Key Factors to Consider When Selecting a Provider
Learn How MPC Wallets Work and How Their Unique Features Benefit Users