Currently, the cash flow is showing signs of returning, the market is starting to become more vibrant, so the number of transactions is increasing day by day both on CEX and DEX. With DEX, the risk of losing assets is quite large due to interacting with bad projects or airdrops. In this article, I will mention popular wallets, the reasons why your wallet is hacked, and how to protect the assets in your personal wallet when hunting gems on DEX and when doing airdrops.
I, Some popular types of wallets
1. Centralized Wallet – Centralized wallet
When people participate in trading on centralized cryptocurrency exchanges such as Binance, Kucoin, OKEX... they will create a trade account on the exchange, in that account, the exchange has created a wallet for all available coins/tokens. listed on the exchange. Everyone just needs to choose the correct coin/token they want to deposit, then copy the wallet address and deposit money.
For example: On Binance, just go to Wallet (Wallet) ⇒ Fiat and Spot ⇒ Select the coin/token you want to deposit/withdraw and execute the order. In the case of this wallet, people don't need to save the private key but just need to remember the exchange account password. With this type, you don't have to bother creating a wallet, just create an account. But the level of security is not as high as a decentralized wallet, your assets will be 100% controlled by the exchange, and there is a risk from a third party (the exchange) if a problem occurs.
2. Decentralized wallet – Decentralized wallet
Hot Wallet: It is a type of wallet that can be transacted whenever desired through an internet connection. It's free, has more diverse options and can be connected via phone App or browser extension. But it is easier to be hacked than cold wallets because the Private Key data is stored right in the App or Extension and is always connected to the network, so hackers can easily attack things like Trustwallet, Metamask, SFP.
Cold wallet: Usually in a USB-like form, and works similar to your bank account, it automatically receives money when someone sends it to everyone without having to connect to the internet, but if you want to check fluctuations For the balance, you need to connect the cold wallet to the internet like internet banking. High level of security but expensive & lacks flexibility such as Ledger, Trazor,...
3. Some other types of wallets
Smart Contract Wallet: these wallets are accessed and controlled via smart contracts. There are two types supported: externally owned accounts accessed via private key or seed phrase and contract accounts controlled via smart contracts. They resemble a more traditional finance app and include features like multi-signature authorization, account freezes, transaction limits, 2FA, listing permissions, and custodians.
Argent, Gnosis safe
II, Reasons why you lose property and how to handle it
Below are some common reasons why our assets are lost that we have learned and synthesized:
Approve NFT/Token lạ .
Forgot to turn off Telegram's auto-download feature
Most crypto groups and projects are present on telegram because of course scam projects and projects with malicious code can also be used, so to prevent this, we should turn off Telegram's automatic download feature to ensure safe
In the menu, select Settings.
Scroll down to Chat Settings => Click on the Save to Gallery lever and switch to off mode (displayed in gray) => Access websites of fake projects and scam projects.
Sign Messaging on Metamask by non-legit Websites.
Approve Smart Contracts on projects
Do not Revoke high-risk tokens when participating in Degen bets
Chrome wallet storage browser hacked
Got the keyword hacked and took a screenshot of the private key.
III, Some ways to protect your wallet
In this article, I will mainly mention Metamask because most of us use it
Secure private key, pass phrase
When creating a wallet we will receive 12 secret login phrases. We should write it down on paper and put it in 2 different places or save it to USB, limit taking photos and saving it on phones or devices connected to the internet.
Divide funds into multiple wallets for many different uses
Setting up a Metamask wallet is very fast and free of charge. So depending on the purpose of use, open multiple wallets or open multiple accounts in one wallet. An example of how to divide the wallet for your reference:
a, Wallet for Airdrop
Acc1: transfer airdrops to high-risk projects
Acc2: airdrop projects that seem good according to personal opinion
Acc3: airdrop of big, famous projects
When farming for airdrops, we have to use our wallets to interact with many projects. On all systems. Many projects have interacted all year and are good projects, most importantly, the majority are on the Ethereum system. The transaction fee is not low, degenscore is also a top wallet. With so much on-chain interaction + good projects, the chance of getting an airdrop of thousands of dollars when those projects release tokens is very high. Plus, the OG wallet has been around for a long time, so its value is the wallet's achievements, so don't revoke high-risk tokens for a minute.
b, Asset storage wallet
If it is not required to keep it in Metamask, you should send it to an exchange wallet, or other types of wallets that are safer and more secure.
Acc1. Storing assets, long-term Nft holding without staking, without farming with this type, I save it on a separate device, maybe an iPhone, using a private network and always on airplane mode.
Acc2. The remaining wallets are for staking and farming.
c, Other remaining wallets
Last season, when the play to earn trend exploded, I participated in playing Metamon and some other games. Split into multiple wallets if playing multiple games. One game per wallet. Depending on the purpose of use, you should also divide into many Acc.
Do not touch strange tokens
Metamask wallet addresses in particular and on Crypto in general are public, anyone can send tokens to you. Over time, you will have a pile of strange tokens in your wallet. Your job is to ignore it, don't be greedy. Repeat, “Your job is not to touch it.” To check transactions on any network, go to chainscan that network. Here, you can also check all transactions, balances, tokens, and coins in the wallet. Just like a bank statement. The difference is that anyone can see it if they have a wallet address.
Periodically check and remove wallet connections to unfamiliar websites
Ideally, from the beginning before connecting you should ask yourself if it is necessary. Do I need to use another account/wallet to connect? If so, check and delete all unnecessary connections. If necessary, create a new wallet to use. New swap sites should also be careful.
How to check connected websites:
Go to Metamask > 3 vertical dots > Connected websites => Delete unnecessary, unremembered, strange pages.
Revoke: revoke the right to use tokens
During use, you often grant permission to third applications to use tokens in your wallet. An example is when swapping BNB to RACA in Pancakeswap. If left at default without manual adjustment, Pancakeswap has the right to use an unlimited number of tokens in your wallet. The same goes for hackers if you give them permission. There are many revoke instructions on YouTube that I won't mention here.
Some websites revoke wallets
1. http://Revoke.cash
2. http://Approved.zone
3. http://Tac.dappstar.io
4, Beefy.finance
Avoid accessing SCAM websites
a, On the computer
Learn how to use and create a bookmark on Chrome. Add all the necessary Websites on it and use only bookmarks. To add a Crypto website on bookmarks, go to coinmarketcap.com or coinecko.com or official social networks to get the link which is the safest.
b, On the phone
Using an iPhone has better security than other phones, but if you can't afford it, use Samsung. To use Metamask on your phone to avoid scams, please follow the rule: "Always go through coinmarketcap.com or coinecko.com to access the website". Remember to use a separate phone to store assets.
Prevent keyword hacking and take screenshots
Use win 10 or higher. Turn on anti-virus, firewall, updates. It's not necessary, but if you want, buy additional anti-virus software. Limit the use of asset storage devices to access entertainment websites because many Ads links contain malicious code.
a, Prevent browser hacking
Have a separate account just to sync Chrome, save accounts and passwords. This account does not do anything else.
Google Accounts: Enable 2-factor password
Periodically check Google Account > Security > Check Your Devices and Third-Party Apps with Account Access
Gmail: do not check strange emails and absolutely do not click on links in any emails
Verify the sender's email address before replying or sharing any information.
Only install necessary and trustworthy Add-ons
Update Chrome regularly
Learn how to use bookmarks. Divide folders and save reputable websites
Be careful to never use the same password for multiple accounts, especially sensitive accounts related to banking, cryptocurrency or email applications.
Only log in to Chrome sync on personal computers with a password set. Absolutely no sync on Chrome app on phone
You should not log in to your Chrome sync email and receive OTP codes from exchanges on your phone to register to receive OTP codes. In case a thief has a phone and can see all the accounts, passwords, OTP sms, OTP email and 2FA code, all assets will be lost.
b, Prevent hacking online
Most cases of losing all tokens are due to using public wifi. This is completely possible. The solution is to use a paid VPN to encrypt data. But it's best not to use public networks. When going out, use 4G on your phone and remember to turn off all sharing features on your phone.
Carefully check the project's contract & link chart on Dex instead of searching for Alpha projects yourself.
See HOW TO READ SMART CONTRACT TO UNDERSTAND THE PURPOSE OF WALLET TRADING
Use Wallets that have been vetted by reputable audit teams and always update wallet features and fixes
Some safe and prominent wallets you can refer to are Metamask, Trustwallet, Coin98. These types of wallets are all verified by reputable audit organizations.
Wallet security is a topic of concern and wallet security and safety is essential but still overlooked by many people. I hope my article provides you with useful knowledge, I wish you success!
