A) Understand that all sorts of blockchain.info, TrustWallet, MetaMask and other wallets are just interfaces.
B) Consider cold wallets, personally I do not trust Ledger or Trezor. There is a hardcore version BitLox Ultimate, which is literally stuffed with security-related features, lets the traffic through Tor, and has several levels of encryption. Or an ascetic cold card which is a good choice for those, who love simple and clear mechanics.
D) Check what are you signing, if we speak about ETH and similar chains, never use your main cold storage for casual work, but if you have to (for example, sign a gnosis-safe multi-sig (2) (3) transaction), always check if there are no allowance approve (which allows to drain your wallet) or proxy (behind which mentioned function may be hiding). Revoke approvals here.
E) Never use your main cold storage and «Back Office PC» for casual work, but if you have to do it (and you know why you are doing it), use only open-source wallets like alphawallet.com, electrum.org, sparrowwallet.com, tryethernal.com
|Check out wallet rating: walletscrutiny.com
F) Accept as a fact that if the device falls into the hands of intruders, only custom capacitors can save your money (so that you can not get directly to the brains and read electric signals) and other things like self-destruction, epoxy, and so on. That is, ideally, you can not allow physical contact in any case. You can use special logic bombs or logic gates, extra passwords that trigger some kind of security action, alert events on your address via tenderly.co or using 2/3 multi-sig all the time from 3 different devices. Anyway remember, the device must not fall into anyone's hands. One could also create a honeypot wallet and have a script that listens for tx's originating from those addresses that alerts authorities, security companies and/or friends & family that you are under duress, perhaps even sending your location or last known location based off a GPS chip phone with the alerts.
G) Always double check an address you've copied to the clipboard. There is an evil software existing which is called a Clipper - it can replace an address in your clipboard to a very similar-looking hacker's address which has the same symbols in the beginning and in the end as your original address.
H) Be aware of modern attack methods, carefully read step-by-step my Guide and a Compendium, you don't need a deep understanding of how hacks work exactly but that's important to know how does it looks like to be a victim.
I) Cold wallet attacks & defense methods, reading list from CIA:
J) Study threat modeling (2) (3) and establish all possible threats even if they seem crazy to you. Being suspicion is always a good thing. After all, fake news only works best with those who carry it to their acquaintances, becoming a kind of donor. In the same way with attacks, very often you may try to be hacked through acquaintances, pretending to be acquaintances or acquaintances themselves. Always keep this in mind. This world is cruel and dangerous.
L) Use OpenSource password storage, self-hosted link system, reliable communication method from this sheet, use OpSec services, be aware of the latest anonymity and privacy techniques. Carefully read step-by-step my guide once again.
Support is very important to me, with it I can spend less time at work and do what I love - educating DeFi & Crypto users!
If you want to support my work, you can send me a donation to the address: