Security Best Practices to Interact With Crypto and DeFi
Before you start your journey into DeFi and start using amazing dApps such as Oasis.app, where you can deploy your capital and borrow Dai against more than 30 collateral types, you need to be sure to be as secure as possible.
Lately we have heard a lot of stories about people who bought years ago and lost their keys, crypto scams and frauds. There can be several issues a crypto user can go through all the time and no matter if you are a heavy or light user, if you invest, hold or trade: if you are in the crypto space, you always need to be very careful.
Below you will find some security tips and best practices which can be very helpful.
Choose your wallet and secure it:
- Prefer a crypto hardware wallet: usually people start to play with crypto by downloading a browser or mobile wallets (e.g. Metamask, Coinbase wallet, etc). But after you become more confident, hardware wallets are way more secure. Spend some money and but one of it (e.g. Ledger)
- When you start a wallet, write your passwords and seed phrases on paper(s) and hide them. If you use a non-custodial wallet, you will be the only responsible and no one will be able to help you if you lose your keys.
- If you use browser wallets: uninstall all Chrome extensions (they have always much permissions to read); separate Metamask extension to its own browser profile
- Limit smart contract approval: when you interact with smart contracts, don't give unlimited token approvals to protocols you don't fully trust. This allows the smart contract to drain all your tokens if needed. You can check your allowances and read this article which explains how to revoke permissions.
Set strong and different passwords
- Do not use the same password. Changing your password is helpful to avoid being compromised in security incidents from the hundreds of websites that you have signed up.
- Use a password manager, such as LastPass or PasswordGenerator, in this way you will just need to remember one password
- Try to always use 2-factor authentication for every service that offers it. You can use apps like Google Authenticator or consider using hardware-based 2FA like Yubico, Google Titan, Thetis (providing a physical USB device that you will need to authenticate before logging in)
Avoid phishing & scams
- Don't click on ads. Google what you are looking for instead.
- If you are added to group chats on Telegram or Discord which look like a scam, report the user and delete them.
- Be careful of giveaways or super good deals on tweets, Discord or Telegram DMs and Facebook. If it sounds too good to be true, it probably is.
- Never download or open files or links from people you don’t know. When you receive an email that looks legit check the link before opening. This article provides you with 7 link checkers. In the crypto space, there are tons of domains almost identical to legit projects, just substituting a letter.
- Never trust people who reach out to you pretending to be admin or member of a team. If you are a user and you never asked to be contacted, why should a team member do it?
22 June 2021