Buying a hardware wallet or using a smart contract wallet costs money, and not everyone has that!
Here's how to make Metamask super secure without spending a single penny.
Phishing attacks are the #1 reason why people lose their crypto.
A phishing attack tries to convince you to hand over your wallet by impersonating someone else (Opensea, Uniswap, ApeCoin)
Always ask yourself:
"Is this too good to be true?"
Free NFTs worth $20,000?
Free ApeCoin worth $10,000?
If you're unsure, Google it and add "scam" to it to find out if it is.
When in doubt, wait it out and google it.
Ask around and see if there are any hacks or scams you are not aware of.
When in doubt, wait it out. Don't be the fool that instantly connects your wallet and tries it first.
Most real airdrops will happen over a month. Wait a week for others to try and see if they're safe.
If the website says "10 mins left" or pushes you to do it *now*, likely scam
NEVER give out your seed phrase or approve transactions that you don't know.
Make sure the extension is legit.
* Does it have many downloads?
* Does it have a lot of reviews?
* Click on reviews and read them -- do they sound fake?
chrome.google.com/webstore/detail/metamask/nkbihfbeogaeaoehlefnkodbefgpgknn?hl=en
Only download the extension if you believe it's safe. There are many fake Metamasks out there!
In Metamask, click the 3-dots and then click "connected sites". Disconnect from them all every once in a while.
This lets them view your public address and request transactions that you have to approve.
You might accidentally approve one! Do this to prevent accidents.
Your seed phrase is your crypto. Lose it or give it out, and all your crypto is gone.
Write it down somewhere. I suggest BitWarden, a free password manager. This will encrypt your key and keep it safe for you.
DO NOT GIVE IT OUT.
bitwarden.com/
Metamask has a password function. To be honest this doesn't matter too much. Some wallets will use it as a 25th seed word.
Metamask just uses it to prevent other people on your computer from using Metamask.
ethereum.stackexchange.com/a/97652
Use a strong password and store it in Bitwarden
Metamask lets you make multiple accounts.
But, one seed phrase for all accounts. This is called a derivation path. Not all wallets work like this, however.
Keep in mind all the accounts you create use the same seed, unless you make a new seed.
medium.com/mycrypto/wtf-is-a-derivation-path-c3493ca2eb52
Make a 2nd burner account for minting or buying things.
1 account for long-term storage of assets, another account for minting NFTs or transacting on the blockchain.
If the minting is a hack (see Apecoin) it only affects your lesser account. You won't lose everything this way!
Make sure that the minting / transacting account only has enough Ethereum to mint things or transfer them out.
Assume this account is already compromised and transfer out to your safer Metamask account.
Never use your safe account for minting or transacting on the blockchain.
Make sure to keep your PC up-to-date. If your PC is compromised, so is your wallet!
Check for updates at least once a week!
Double-check every transaction you make. Carefully read what is happening. How much eth are you spending? What tokens are being exchanged?
Reading transactions is a horrible experience, but you will always know what you are doing if you read them!
"You only need to check a transaction if it costs gas"
Wrong!
Some transactions can be gasless such as signing a transaction. In February of 2022 Opensea users were hacked because they signed transactions:
cryptobriefing.com/opensea-hack-key-takeaways-web3-security/
Always disconnect from sites and double-check!
Like this tweet? Follow me to learn more about wallet security.
I also have a Discord you can ask me questions on!
discord.skerritt.blog
You can read the unrolled version of this thread here: typefully.com/bee_sec_san/brX2SAQ
bee
@bee_sec_san
🌌 Security/Infrastructure/IAM @monzo ✍ skerritt.blog 🐙 github.com/bee-san 0xbee.xyz 👇Discord Community👇