WEB3 WALLET SAFETY BEGINNER TO ADVANCED

A brief intro to wallet security (from beginner to advanced)
Let’s start with the basics.
Your private key & seed phrase is for you and you only.
Many scammers will host fake giveaways, phishing sites, malicious code and more to try and steal this from you.
Practicing perfect security practices all the time is difficult. Even just doing half of these habits consistently will improve your wallet security 10x. 👇
Where should you NOT store your private key?
It is recommended NOT to keep your seed-phrase stored simply as text file on your computer. Do NOT take a screenshot of your seed-phrase.
Screenshots tend to be backed-up and a hacker could find them in your services such as iCould or Google Photos.
Let’s walk through some compromising scenarios:
a) Your computer gets lost/stolen, then you lose access to all your wallets forever (assuming you didn’t have a backup)
b) You accidentally download a malicious file which and a hacker steals your private keys
These two examples display the importance of storing your seed-phrase safely.
Where should you store your seed-phrase?
This is a controversial subject, but here’s a few options.
- Keep a physical copy of the seed-phrase (double-check it several times) [Medium Level of Security]
- Split up the 12–25 word seed-phrase on two pieces of paper and store them in two separate safety deposit boxes at two different banks. [Strong Level of Security]
- Write down all of your seed-phrase except the last word. This requires you to memorize the last word. [Excellent Level of Security]
Purchase a Cold Wallet:
- Buy a cold wallet like a Ledger. Only purchase directly from the manufacture website like Ledger.com.
Benefits of a Cold Wallet Include:
- Private Key never leaves the hardware device
- Never connected to the internet therefore (meaning never connected to a dApp or things like MetaMask)
- Add hardware interactions for approvals of a transaction.
Use an Anti-virus:
A top-notch option is Malwarebytes, they offer a free version and it’s one of the best anti-virus on the market. As a rule of thumb, be extra careful downloading pirated software, movies, etc. It may open up the possibility of you getting hacked, especially (but not limited to) if you keep your private keys on your computer.
This is why everyone recommends a cold wallet. Ledger is a great option, but make sure you buy it directly from their website. If you buy one on eBay for example, you must assume it is malicious.
Use a password manager and do not re-use passwords:
Bitwarden/KeePassXC are great options, but any reputable extension will work here.
The problem with re-using passwords is that if your password gets leaked in a database breach, hackers will attempt to login to other services using that same password.
ALWAYS USE 2FA:
For centralized exchanges, this is a must. We’ve witnessed many hacks that could have been prevented entirely if the user would have just added 2FA. (Look into YubiKey)
NEVER USE SMS BASED 2FA ← Extremely insecure.
Do not post screenshots with your cell-phone provider in them:
This more-so applies to public high net-worth individuals, but SIM Swaps are a very dangerous and highly used exploit in crypto.
SIM swaps seem to be getting more common, so we can only hope cell phone companies are getting better about this.
But always crop your screenshots & erase any sensitive info.
Check your wallet permissions on revoke.cash:
About a month ago over $1.7M+ in Punks, BAYCs, etc. were stolen from an OpenSea phishing attack that could have been prevented by using our extension & checking revoke.cash for any active approvals.

Revoke.cash — Revoke your Ethereum token allowances
In the end, even just using half of these tips will make your wallets 10x more secure. It’s all about good habits, especially when a mistake could get you compromised.
If this is your first time coming across Wallet Guard we offer a chrome extension designed to combat scams/phishing in Web3.
Our extension acts as a security companion to your crypto wallet of choice. Check us out at WalletGuard.app
