Hola Web3 Adventurer! 👋
You’re reading this because you’re insecure.
Are you insecure?
Ya?
Hi Insecure, I’m Scott.
Look, security isn’t sexy. It isn’t fun. And it’s generally hard to incentivize because it feels like “it will never happen to me.”
But it’s absolutely, uncompromisingly necessary for 3 reasons:
- The blockchain is immutable. If you make a mistake, or someone gets ahold of your assets, there is no one you can call and nothing you can do to get your money back.
- You are solely responsible for your assets for the rest of your life. The question isn’t ‘if’ you get hacked, but ‘when’. You need to take precautions today to mitigate the damage when it does.
- The #1 incentive in web3 for technically minded individuals with dubious ethics is hacking. The ROI on successful hacks is huge. And small scale hacking isn’t that hard because most people don’t bother with basic security. We’re in open waters, anon. Here there be monsters.
If you read no further today, please, at least read these two lists. 👇👇👇
NGMI 📉
- Writing your seed phrase ANYWHERE on the internet that asks for it.
- Keeping your seed phrase in the cloud, or anywhere on a computer.
- Sharing your screen.
- Interacting with (spam) airdrops or NFTs that show up in your wallet.
- Not using a hardware wallet.
- Keeping all your digital assets in one wallet—especially a hot wallet.
- Clicking links sent to you from untrustworthy sources.
GMI 📈
- Never ever revealing your seed phrase to anyone on the internet. Ever.*
- Writing down your seed phrase using pen and paper (or engraved metal) and keeping multiple copies.
- Never sharing your screen (even for work)
- Ignoring, hiding, or doing due diligence on NFTs and token airdrops.
- Using a hardware wallet (or multiple)
- Spreading your assets across multiple wallets—not bound by the same seed phrase.
- Bookmarking links, and only clicking links from trustworthy sources.
*There are exceptions to this rule. But just assume you should never do it.
This guide is split into 3 equally important parts 🤟
- A breakdown of common attack vectors
- A list of cyber security best practices
- Examples of wallet setups to improve security