Cryptocurrency has fundamentally changed how we store and transfer value, but it does come with its very own challenges and security issues that need to be addressed before users can safely use it. Most of these security issues stem from the daily use of the wallets themselves.

Wallets are where we hold our cryptocurrencies, and keeping them secure is essential to ensure our funds are safe. In this article, we will discuss best practices for wallet security that can help keep your funds safe.

First and foremost, it's crucial to choose a reliable wallet. There are various types of wallets, including hardware, software, and paper wallets, and it's essential to research and select the one that fits your needs the best. Choosing a wallet from a reputable provider with a proven security track record is important. For maximum security, utilizing a hardware wallet with a seed phrase that’s never been used before is the way to go. Most hardware wallets can safely be used with MetaMask, which allows you to gain most of the flexibility associated with a software wallet while keeping the security of a hardware wallet. 

Your private keys give access to your wallet, and it's crucial to keep them safe and secure. Private keys should be kept offline and away from prying eyes. The safest way to do this is to keep multiple copies stored on paper (or metal if you want to go all the way) and split your seed phrases in two, so malicious actors will need to find both to compromise your wallet. It goes without saying that you should keep the location of your seed phrases to yourself, and not share them with anyone. 

Keeping your wallet software updated is essential. Wallet software is continually being updated to improve its security features and fix potential vulnerabilities. Failure to update your wallet software could leave you vulnerable to attacks. In addition, new security features are continuously added to most wallets. MetaMask recently introduced a bunch of new security features that tackle some of the most common scams in the space. One of these is NFT scam warnings, which alert users to known scams when they attempt to sign a transaction or signature request. Note that the feature is still experimental at its current state, and users will have to toggle it on manually for it to take effect.

Another recent feature that goes a long way toward improving MetaMask’s wallet security is token allowances. This feature allows you to set a spending cap on your tokens when you grant a dApp access to them. If you do happen to interact with a malicious protocol, or if a protocol you're invested in gets compromised, you can significantly mitigate the damage by setting a spending cap you’re comfortable with.

Using a strong password is critical to securing your wallet. Use a unique and complex password that is difficult to guess or crack. Do not use the same password for multiple accounts, and avoid using personal information such as your name or birthdate. Also, consider using a password manager to generate and store your passwords securely.

A Virtual Private Network (VPN) encrypts your internet connection, making it more difficult for hackers to intercept your online activities. Using a VPN protects your wallet from potential attacks when using public Wi-Fi or other unsecured networks. When you use a software wallet, like MetaMask, your IP is routed through the RPC so the information you request can be routed back to you. This does pose a security risk since an exploit with the RPC could mean that malicious actors could potentially trace the geo-location of your device back to you, thereby revealing your location. 

Be vigilant against phishing scams. Phishing scams are a common tactic hackers use to gain access to your wallet. They usually involve sending fraudulent emails or messages that trick you into providing your login details. Be wary of unsolicited messages or emails, and always verify the sender's authenticity before providing sensitive information. For a rundown of the most common types of phishing scams to look out for, you can check out this article.

Lastly, it’s important to stay up to date on the recent events in the space that can influence your ability to stay safe.

For the past 48hrs I've been unwinding a massive wallet draining operation 😳😭

I don't know how big it is but since Dec 2022 it's drained 5000+ ETH and ??? in tokens / NFTs / coins across 11+ chains.

Its rekt my friends & OGs who are reasonably secure.

No one knows how. pic.twitter.com/MafntG7RkP

— Tay 💖 (@tayvano_) April 18, 2023

On Twitter, @tayvano recently uncovered a massive wallet-draining operation that has drained more than 5000 ETH since December 2022. While the exact attack vector is still unknown, there are a few unsettling commonalities between the victims. The keys were generated between 2014 and 2022, and the victims are crypto natives who either work in the space or have multiple wallets. Or, to put it another way, they’re people who definitely should know how to stay safe in crypto. Interestingly, this exploit does not seem to be limited to software wallets since many of the victims have generated their keys on hardware wallets - although it may be that some of the victims have imported their seed phrases to a software wallet or vice-versa.

Most likely, this exploit represents a previously unknown attack vector associated with software wallets or the device that people use them on. Since the exact nature of it is still unknown, the best way to protect oneself from this exploit (and others) is to prepare for the worst-case scenario and assume your wallet is going to be exploited at some point. When you expect this, there are a few actions you can take to mitigate your risk.

At present, the only way to be completely sure that your funds are safe from this still unknown attack vector is to use a multi-signature wallet for your funds. By doing this, your funds are technically controlled by a smart contract instead of relying solely on your private keys. This grants you an extra layer of security since a potential hacker would either need to compromise the smart contract itself or both of your wallets to gain access to your funds. A good option for creating a multi-signature wallet is Gnosis Safe.

Another way to prepare for a potential attack on your funds is to avoid keeping all your eggs in one basket and splitting your wallets. By splitting your wallets, you do spend a bit of gas, and you do get an extra administrative hassle; on the other hand, you make sure that if one of your wallets is compromised, you won't lose everything in one transaction.

In conclusion, practicing proper wallet security is crucial to ensure the safety of your crypto. By following the best practices discussed in this article, you will go a long way toward protecting yourself and your wallet from the most common crypto scams. Crypto moves fast, though, and so do scammers, so it’s important not to rest on your laurels. By staying up to date and in the loop regarding new exploits and potential attack vectors, you can take the necessary actions to mitigate a potential breach. 

Stay SAFU & Take Care