Security is a central concern in large scale adoption of cryptocurrencies. Centralized, government insured, fiat banking systems provide holders certain securities, typically in exchange for varying degrees of privacy. Web3 provides optional anonymity, privacy, and autonomy to wallet owners, but in exchange for these liberties come a lack of insurance. Investors, NFT owners and creators, builders and buyers all want the assurance their assets are protected but there is currently little that can be done to reverse transactions when theft occurs. This makes establishing strong security protocols and habits of your own to insure the custody of your wallets. The safest method of storage is via the use of a crypto hardware wallet, such as the Ledger. This tool, around the size of a USB flash drive, is required to verify transactions manually after entering a password separate from your seed phrase. We have an article detailing configuring your Ledger for Helium.
In the rising popularity of new economic opportunities comes unforeseen exploitations in new technology and infrastructure. There have been numerous large scale “hacks” in crypto, resulting in individuals having cryptocurrencies “drained” from their wallet into the attacker’s. These are typically 3rd-party, or "Supply Chain", hacks that result from users granting permissions to malicious software by clicking false links, or by providing them outright when requested to do so. When adding additional applications as internet exploring extensions, mobile app permissions, or software wallets, do due diligence and read the fine print. Be aware of the security implications associated with the permissions being granted, and consider providing only temporary or “signature-required” permissions and transactions.
Never provide your Seed Phrase to individuals in your direct messages claiming to be support, or into websites that claim to “verify” your wallet (There is no such thing). If your crypto wallet has been compromised, generate a new wallet immediately and transfer out your assets. Your Seed Phrase is your wallet password, so you’ll have a different one for each of your various wallets. Never send these pass phrases electronically, especially over SMS text. Write the seed phrase down on paper and keep it in a safe place. Some go full tilt and etch their seed phrases into metal plates and store them in a fireproof safe. Your degree of security is your prerogative, but keep in mind the importance of keeping track of your 12 or 24 words, and the permanent loss that comes with their compromise.
A fan favorite is the Billfodl Multishard which offers unprecedented built quality and the ability to split the seed phrase in several backups so finding one would not expose your wallet.
The importance of using complex alphanumeric passwords can not be overstated. We recommend generating random passwords using an app like Bit Warden or 1Password and storing the data in a safe place. These applications can generate nearly “un-hackable” passwords, meaning they impose a computational infeasibility that makes hacking unaffordable from a cost or time perspective. It is highly recommended you use a different password for each of your logins, being careful to never disseminate the information. It is recommended to change all of your passwords every 6 months or so.
New technologies are being developed, like hardware wallets, crypto phones, or decentralized virtual private networks, that add additional layers of security to Web2 and Web3 users, and should be explored in order to provide maximum safety and peace of mind while you enjoy your online experience. We’ll do our best to keep our community up to date with these developments, working together with industry leaders in security and deploying new strategies whenever possible. Be sure to follow us on Twitter to stay informed!
Updated