Web 3 Security 101: Essential Tools and Habits for Staying Safe Online

Renan (ReDzin)Renan (ReDzin)
4 min read

Introduction: Why Web3 Security Matters

In the decentralized world of Web3, you’re your own bank, meaning you’re responsible for the safety and custody of your assets. Unlike traditional finance, there’s no central authority that can reverse transactions or restore a compromised wallet. Besides that, finding the culprit can be challenging for the authorities, and most cases result in the inability to recover a single penny. That’s why developing security habits in crypto is an essential part of the journey; more important than making money is being able to keep them safe.

Choosing a Wallet: Software vs. Hardware

Understanding Software Wallets

Software wallets, also known as hot wallets, are wallets whose keys are generated and stored online. Some examples include Rabby (EVM), Solflare (SOL), and Unisat (BTC). They are convenient and fast for day-to-day use, but due to the way they were generated and how they are stored, they are also vulnerable to malware attacks, leaks from the wallet provider (such as the Slope and Atomic cases), and social engineering attacks.

The Power of Hardware Wallets

Hardware wallets, also known as cold wallets, are wallets whose keys are generated and continuously stored offline. Some examples include Ledger, Trezor, and OneKey. Although they don’t protect you against everything, it is the first real step for those who want to take security seriously. By using a hardware wallet, you are protected from malware attacks and leaks; however, you are still vulnerable to sophisticated social engineering attacks (especially now with the Pectra Upgrade), carelessness with approvals, and lack of wallet separation.

Boosting Security with Add-ons and Tools

Security extensions are a vital part of web3; they provide an additional layer of security that helps identify malicious websites, compromised accounts on social media, and translate and emulate transactions. Some examples include Pocket Universe, Kerberus, and Scam Sniffer. It’s important to note that even though they are reliable, it’s essential that you know how to identify potential attacks by yourself, in cases where the extensions fail, you are transacting on a non-supported chain or if the extension provider decides to go rogue or is compromised.

Using Password Managers for Crypto Safety

Another vital security layer is password managers; they are already crucial in web2 and are equally important in web3, especially with apps trying to simplify the user experience by utilizing MPC wallets and social connections for wallet creation. Some examples include Bitwarden, 1Password, and ProtonPass. By having strong and unique passwords, you also protect your friends and audience by making it harder for your social and email accounts to be compromised.

Best Practices for Everyday Web3 Safety

Wallet Separation: Minimize Risk, Maximize Control

Rather than having just a single “all-in” wallet, it’s essential to divide your assets across multiple wallets with clear objectives and rules for each. This way, you are minimizing the risk of losing everything while also having complete control over where you go and what you hold in each wallet. An easy setup that we like to introduce is the TAP - Three Address Protocol.

  • Mint Wallet: A wallet for your day-to-day operations - should hold minimal funds and can be used to connect with sketch websites and apps.

  • Marketplace Wallet: A wallet that should be used only in marketplaces (Uniswap & Opensea), you shouldn’t connect this wallet anywhere besides trusted marketplaces.

  • Vault Wallet: A wallet that you hold your valuable assets - shouldn’t have any approvals open, should not interact with anything besides staking protocols, plain text signatures only and you can also use Wallet Delegation.

  • Airdrop Wallet (optional): Your delegated wallet should be used to claim airdrops, prove asset ownership from your vault, and can also be your smart account after the Pectra Upgrade.

The Three Don’ts: Don’t Download, Don’t Click, Don’t Trust - Verify

Protecting Your Seed Phrase Like a Pro

What Is a Seed Phrase and Why Is It So Important

Top Methods for Storing and Securing Your Seed Phrase

Conclusion: Security is a Habit, Not a Feature

Ready to learn more?

0
Subscribe to my newsletter

Read articles from Renan (ReDzin) directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Web3Security#WalletSecurity

Written by

Renan (ReDzin)
Renan (ReDzin)