8 Ways to Secure your Crypto Assets

Here’s my 8 tips for protecting your assets.

1️⃣ The email I shared below, is an email I received from Ledger. It appears to come from a ledger.com email address so it looks legit but on closer inspection you can see the domain is actually from @notice.com and not @ledger.com. Straight away you can tell – it’s a scam. No wallet provider will EVER ask you for your seed phrase. In fact, anyone who asks you for your seed phrase only wants to steal your funds. Don’t ever share this. Always check the email who sent the mail and if you do click the link, make sure the website you are on matches the URL you’re expecting to see. 

2️⃣ Beware of links shared by legitimate accounts on X and social media platforms. Recently, French footballer Kylian Mbappe’s X account was hacked and the hackers posted a tweet about a new Mbappe token. It was a scam as he doesn’t have a token but that didn’t stop the scammers getting around $1 million from people thinking it was a legit tweet. Be very careful of links even from people you know because you don’t know when an account is hacked. 

3️⃣ The basic rule you should follow is don’t connect your primary wallet to airdrop sites. Use a second, empty wallet to claim airdrops. If a site asks for any passwords, seed phrases or private keys, it’s a scam. Using an empty wallet means if you are compromised you don’t lose any funds. 

4️⃣ Get yourself a hardware wallet like Ledger, Keystone, Trezor, etc. my personal choice is Ledger. Hardware wallets help prevent hackers from stealing your funds because your private key is never exposed. Normal seed phrase wallets like Trust, MetaMask, etc. are all vulnerable and if your device is stolen it’s easy for the thieves to transfer your assets to another wallet because there is no second layer of protection. 

5️⃣ Split your risk with multiple wallets. I have between 15-20 wallets that I use for different scenarios. The biggest mistake I see people make is to hold all their tokens and NFTs in one wallet. If that wallet is compromised you lose everything. It’s so easy to create multiple wallets - even with a hardware wallet - so you can distribute your assets so you aren’t over-exposed. Spreading your risk across wallets just makes sense. I use Koinly.io to aggregate my wallet data so I can see a consolidated view of my onchain wallets. 

6️⃣ Use Safe Wallet as a way to truly protect your most important assets. Safe works on multiple signatures so unlike normal wallets when you sign a transaction and it gets sent on the blockchain, Safe requires multiple signatures. My Safe wallets are configured to use my Ledger, Trezor and Seed wallets to sign transactions. It means you’d need to have 3 of my devices to send items from my Safe wallet so even if my Ledger is stolen you can’t get access to my Safe account. You will pay slightly higher gas fees on Safe transactions but Safe offer 5 gasless transactions a day on most chains. I don’t mind the extra gas when I know my funds are safe. 

7️⃣ Revoke your signatures. Whenever you buy/sell/trade either on a DEX or NFT contract you often have to sign a transaction twice. The first time you sign is to authorise your wallet to transact with the smart contract. The second is your actual trade. The issue most people aren’t aware of is that the first authorisation normally grants the smart contract unlimited power to work with your wallet even after you’ve completed your trade. This is dangerous because if a smart contract is compromised any previous authorisations can be used to drain your wallet. 

Most modern wallets allow you to revoke authorisations and what I normally do is two fold: 

1) never Grant unlimited amounts when doing that first signing only allow how much you’re trying to send/buy/trade at that moment. By default, most wallets select "unlimited" so you need to physically change this value.

2) after I’ve completed the transaction I revoke the previous authorisation. This prevents the contact from executing a transaction against my Wallet without having a new signature. 

Recently, Radiant Capital - an extremely popular DEX - had their smart contracts on Base and Arbitrum compromised by hackers. Due to these individual authorisations on their smart contracts by end users like us, people lost more than $53 million in assets. 

Revoking is so important because once you approve a smart contract it doesn’t matter if you’ve got a hardware wallet or even use Safe Wallet, you’ve granted the contract unlimited power to work with your assets with no further authorisation needed. You can use a site like revoke.cash to check any authorisations your wallet has and revoke it from their interface. 

8️⃣ Get yourself Rabby wallet. You can download it for desktop, phone and browser extension and it will transform your life. It works with all wallets and it gives you an extra layer of security that you didn’t know you needed. You can even sign Safe transactions now with Rabby. Have a look at my post here for a full write up of why I chose Rabby Wallet - the MetaMask and Trust Wallet Killer.

Hackers and scammers are only going to get more sophisticated the more crypto becomes mainstream so it's critical to always be careful and take these steps above to ensure you don't lose all your hard earned crypto assets!