TL;DR
Never share them with anyone.
Change them when compromised.
Keep them off your desk.
Decentralized finance (DeFi) is an ecosystem of financial applications which aims to improve the drawbacks of traditional finance by being more transparent, open source, and permissionless. It promises to revolutionize the way we utilize financial applications.
However, DeFi presents us with a new set of risks and variations on the existing ones. The risks that come with DeFi include but are not limited to smart contract risks, admin key risks, governance risks, and oracle risks, amongst others. But our focus is going to be on self-custody risks, which deal with how we handle our non-custodial hot wallets.
Crypto wallets are software that allows you to store and access your cryptocurrency.
There are two general categories:
Hot wallets can be further divided into;
Cold wallets is a noncustodial wallet that stores your crypto in an environment that’s not connected to the internet, e.g. a hard drive.
A hot wallet can be a custodial or noncustodial connected to the internet and provides the convenience for users to access their crypto holdings and make transactions faster and easier.
Non-custodial wallets put you in control of your data and only the user with the seed phrase can access the crypto stored in the wallet
Custodial wallets, place your crypto in the custody of a centralized exchange that is mostly regulated by the government and they own the keys to the wallet, so this means you can have access to your crypto based on their terms.
Due to how DeFi applications are structured and the automation of transactions through smart contracts, there is no third party in transactions and the individual is solely responsible for keeping their assets safe. DeFi apps leverage cryptography to manage access and control of blockchain accounts, and users usually have keys that give them access.
These hot wallets have public and private keys, as the name suggests, public keys can be shared with others and used to receive crypto. Private keys, on the other hand, are private and act as a password that grants access to a smart contract call. Due to this, scammers look for ways to get users to release their private keys, which can grant them access to spend their tokens.
As crypto is getting more and more popular, hot wallets are one of the numerous noncustodial wallets that are prone to hacks, and these hacks are usually directed toward inexperienced users, getting them to indirectly grant access to their crypto because hot wallets are connected to the internet, it makes them a quick target for hacks, and one way is through phishing attacks.
phishing is when a person impersonates an official company in an attempt to trick unsuspecting victims into releasing sensitive information, either directly or indirectly.
Only click on links from the official Twitter/Discord pages and double-check links for common grammar errors, spell check, and if it redirects you to other websites.
Enable multi-factor authentication and regularly change your password for your wallet's application. Don’t reuse old passwords; use a password manager, and your passwords should not contain personal information.
Stay away from Google forms or links that tell you to input your seed phrase and back up your wallet's seed phrase off the internet.
Check for your wallet’s regular app updates as most of these updates fix security issues.
A majority of the time, no Web3 project admin will send you a DM first with links, so be careful when you receive DMs telling you to click on links.
Always use a burner wallet if you’re unsure or feel skeptical. A burner wallet is a testing wallet, It has little to no cryptocurrency and can be used in Decentralized applications you don't have full confidence in
Avoid interacting with any strange tokens you find in your wallet. Dusting attacks are real, and interacting with them in an attempt to swap could permit them to spend your real token.
Never access your crypto on a public computer. Separate your crypto device from your work device and have a dedicated email for your wallets.
With great power comes great responsibility, and keeping your assets safe in DeFi means that you are solely responsible for your security, unlike in custodial wallets where you don't own your keys; "not your keys, not your coins." In DeFi, you own your keys, and you can access your coins anytime.
Cold wallets also are a great self-custody way to hold your crypto if you have plans to hold it for the long term and because they are not connected to the internet, they prove a safer way to store crypto. But for the short-term traders and investors, hot wallets come in handy to quickly enter or exit a trade and for people who are unable to get cold storage, keeping their hot wallets safe is "key"
To stay safe, however, you must employ all possible recommended security measures. Phishing attacks are still rampant and hackers are getting smarter, so to protect yourself, you must prove smarter. Both new and advanced users can fall for these phishing attacks This is why it's important to get knowledgeable about DeFi security measures before investing in any crypto investments.