Wallet Security Best Practices
In crypto, there's no bank to reverse fraudulent transactions. No insurance. No customer service. If you get hacked, your crypto is gone forever. Take this guide seriously.
Seed Phrase Security (Most Critical)
Your seed phrase IS your crypto. Anyone with these 12-24 words owns all your funds.
The Golden Rules:
- NEVER type it on any website - Ever. No exceptions.
- NEVER share it with anyone - Not support, not friends, no one.
- NEVER store digitally - No photos, no cloud, no notes app.
- NEVER enter on a computer - Except during initial setup or recovery.
Proper Storage:
- Write on paper with permanent ink
- Store in fireproof/waterproof safe
- Make 2-3 copies in different locations
- Consider metal backup for disaster protection
- Tell a trusted person where it is (for inheritance)
"Enter your seed phrase to verify your wallet" = SCAM
"Sync your wallet by entering seed phrase" = SCAM
"Support needs your recovery phrase" = SCAM
NOTHING legitimate EVER needs your seed phrase!
Software & Device Security
Essential Practices:
- Use 2FA everywhere - Authenticator app, NOT SMS
- Unique strong passwords - Use a password manager
- Keep software updated - OS, browser, wallet apps
- Use antivirus/antimalware - Keep it updated
- Be careful with downloads - Malware can steal keys
Wallet-Specific Security:
- Only download from official sources
- Verify extensions are from verified publishers
- Set auto-lock timers short (5 minutes or less)
- Lock your wallet when not in use
- Regularly review connected sites and revoke unused permissions
When you use DeFi apps, you often approve unlimited token spending. Use revoke.cash to check and revoke old approvals that could be exploited.
Transaction Safety
Before Every Transaction:
- Verify the URL - Bookmark official sites, type directly
- Check the address - Compare first and last 6 characters
- Review what you're signing - Read the transaction details
- Understand the permission - What are you approving?
- When in doubt, reject - You can always try again
Red Flags in Transactions:
- "SetApprovalForAll" - Gives full access to all NFTs in collection
- Unlimited token approval - Better to approve exact amounts
- Unknown contract addresses - Research before approving
- Unusual gas fees - Could indicate malicious contract
Scammers send tiny amounts from addresses that look similar to your real contacts. When you copy from transaction history, you might copy the scammer's address. Always verify the FULL address, not just start and end.
Advanced Protection Strategies
Multi-Wallet Strategy:
| Wallet Type | Purpose | Amount |
|---|---|---|
| Hot "Burner" Wallet | New mints, unknown dApps | Small amounts only |
| Hot "Active" Wallet | Regular DeFi, trusted apps | Moderate amounts |
| Cold "Vault" Wallet | Long-term storage | Majority of holdings |
Hardware Wallet (Strongly Recommended):
- Keys never touch the internet
- Transactions require physical button press
- Immune to most remote attacks
- See our Hardware Wallet Guide
Additional Security Layers:
- Use a dedicated browser for crypto (e.g., Brave)
- Consider a dedicated device for high-value operations
- Use VPN on public networks
- Enable wallet allowlists where available
- Regular security audits - Check approvals, connected sites
In crypto, paranoia is healthy. Assume every DM is a scam. Assume every link is phishing. Assume every "support" person is a thief. The people who don't get hacked are the ones who stay paranoid.