 | In a post on /r/ledgerwallet I started writing some advices about how to protect your seed and your funds especially when using defi. Who am I to give advicesI am what you could call a true defi degen.I have probably about 5000 nonce combined between the eth polygon arbitrum and cronos chains. In all those transactions there has been only once where I was fooled and got scammed out of my coins. (Story in the end for the curious) Protect your seedThis one is easy, your seed gives access to all of your crypto so of course you need to protect it here is how I suggest to do it.
That's it for the hardware wallet part Access defi app securelyThere are several way to do it I use the brave browser and the metamask extension. The biggest mistake you can do here (and believe me /r/ledgerwallet is full of people who have done that) is to import your 24 words seed in metamask. That would defeat the whole purpose of having a hardware wallet. The right way to do it is by using the Connect a hardware wallet function in metamask. Access good dappsIt goes without saying but you are at the mercy of the dapps you decide to use so I am not going to tell you which dapp to use but at least gave you a few tools to check the app reputability:
At this stage if you have setup your wallet, chosen a dapp. Every time you have to sign a transaction or a permit message in metamask you will need your hardware wallet to do so. Which brings us to our next part which transactions to sign. To sign or to not sign, this is the question.There are several checks I do prior to pushing the buttons of my hardware wallet.
The biggest danger here is google sponsored adds that can be paid to appear first. Scammer will create a copy of the website but the transactions you would sign there would empty your wallet in no time. To avoid this I find that bookmarking the sites that you use is a very good practice. Also twitter can be a good source to get the right URL. But ensuring that you are on the right URL is not enough the websites could have been defaced by hackers or a malware could be sitting on your machine that would modify the websites and transactions locally. Once you are on your new defi app and you want to stake your XxX token. The first thing you will need to do is to approve the use of your tokens. Token approvalOn metamask the token approval screen will look like this Here you have to check :
I find there are two ways to do this :
Here there are several green flags that I look for prior to signing the approval transaction.
The actual transactionAfter having signed the approval the following transaction are less critical security wise. The danger really relies in the approval. But still I find that nicknaming the smart contract I interact with in metamask gives me peace of mind. Metamask has an address book where you can save and nickname address. Here you can see that instead of displaying the address it says radiant vesting which tells me that this is a smart contract I already interacted with. REVOKE REVOKE REVOKEThere use to be a You can do so using one of those tools:
I like to use several as they are complementary to help identify which protocol is linked to the addresses you gave approval too. Compartmentalize addressesFor privacy and security reason I find it smart to use several addresses. I find it good to have you long term play/bags on different addresses which won't be at risk if you sign a bad approval. Hack / Story timeFor those that make it that far I will reward you with the story of how I got owned. (spoiler I did not respect my protocol) I was regularly using a dex/farming platform on cronos called mmf. I day before doing a swap to change my MMF rewards to WBTC it asked me to approve the spending of mmf token. Here I haf an afterthought that it was strange because I had claimed and swaped rewards several times on this dapp before so it should not ask me for the approval again. I check that the URL of the website was right and it was so I assumed maybe they upgraded to a different contract. So I go through with the approval even go through with the swap.But the swap transaction took my MMF but gave me 0 WBTC token in exchange. Hours later the mmf telegram and twitter were explaining that their website was hack and defaced during a few hours. I check on a block explorer and had I checked the contract on cronoscan before signing those transactions I would have realized that the contract was only a few hours old with only a few swap transaction that weren't sending the coins back. The good thing is that since it was their website that got hack the mmf team came through and reimbursed every affected user so I was made whole. PS:There are a few more subject I would like to bring up:
But I feel like this post is long enough in itself so maybe this is for another time. [link] [comments] |
You can get bonuses upto $100 FREE BONUS when you:
π° Install these recommended apps:
π² SocialGood - 100% Crypto Back on Everyday Shopping
π² xPortal - The DeFi For The Next Billion
π² CryptoTab Browser - Lightweight, fast, and ready to mine!
π° Register on these recommended exchanges:
π‘ Binanceπ‘ Bitfinexπ‘ Bitmartπ‘ Bittrexπ‘ Bitget
π‘ CoinExπ‘ Crypto.comπ‘ Gate.ioπ‘ Huobiπ‘ Kucoin.
Comments