Avoid getting your crypto wallet drained by doing this.
Here are my top three layers of security when using DeFi protocols.
It’s late, you’re tired and you are scrolling Twitter mindlessly. You suddenly see this post about a new airdrop. To claim it, you need to click a link and connect to a site.
As soon as you open the page, MetaMask asks you to approve this transaction to claim those juicy tokens. You don’t think about it and click approve.
Congratulations, you just lost all your crypto assets to a scam.
If you want to avoid such a scenario, there are a few smart ways you can protect yourself with zero downsides. Let’s explore my top three actions you can take today to boost your crypto security. TLDR at the end.
This newsletter is sponsored by CoNET, the only protocol that eliminates the need for IP addresses and replaces them with a private wallet-to-wallet Internet!
Mine CoNET points in your favorite browser via a proof-of-time & bandwidth mechanism and be rewarded CoNET tokens when the mainnet launches!
Here are three layers of protection and security that can save you. Below I expand on each so you understand why they can save you before it’s too late.
Ditch MetaMask and install Rabby wallet
Revoke access to any DeFi protocol that is not reputable
Order a hardware wallet, it’s under $100
The equivalent of using MetaMask today is that of a Ford Model A from 1903 while Rabby users drive a Tesla Model 3. If that does not illustrate the problem, then what comes next may do it better.
1. Rabby Wallet
Besides its amazing user interface, Rabby takes security seriously, not like MetaMask. With Rabby, security comes first, as it should when you aim to protect those juicy altcoins from Alpha Post 11.
Here are just some examples why Rabby is superior:
It first explains what you are approving, BEFORE you can approve it
It does a RISK SCAN before a transaction and FLAGS IT if suspicious
If you connect or transact for the first time with an address or DeFi protocol it will WARN you
It has a native-built REVOKE ACCESS page called “Approvals”, more on that under point 2
These are four security measures that can save you on top of the ones that follow. They give you more time to think what you are doing before you click approve because you need to approve all those warnings first before you are drained.
For example, if you end up on a phishing site imitating Uniswap, Rabby will warn you that you are connecting to a smart contract for the first time. That should be an instant red flag, particularly if you plan to swap ETH/USDC and you did this many times before on the real site.
You are getting a warning because you are on a scam site! That is money saved from disaster if you abort. Why are you still using MetaMask?
Time to move to Rabby and upgrade your experience. Once you do, aim to farm Rabby points which is an ongoing incentive program to encourage users to make the switch. This is not why I recommend it, but it’s a welcomed bonus.
Use our community referral code “YCC” to get extra points when you claim them. Maybe they will follow later with an actual token, who knows. Now lets move to the next point.
You think you are smart since you bookmarked all the key DeFi protocols and you never google them. This is good and helps you avoid clicking on a scam link.
However, there is a problem. What if the legit site gets hacked instead? When you click that bookmark you are re-directed to a scam site looking just like Uniswap that is ready to drain you.
Not so smart now unless you use Rabby wallet. But it gets worse.
Whenever you connect to a DeFi protocol you usually grant it approvals. Most of the time it’s UNLIMITED approvals (see picture below from Rabby). That means if Uniswap becomes compromised in a hack, scammers can use your original approval to drain your wallet in full when you approve any transaction on the compromised site! That’s a big security risk. What can you do about it?
Enter the Revoke Access security measure.
In Rabby wallet, there is a dedicated approvals page that will show you what approvals you have given across DeFi protocols and to which crypto assets. I recommend you revoke such access from any dogy DeFi protocol or site. To do that it will cost some gas fee, just like when you approved it.
I used Uniswap earlier just as an example. Uniswap is a solid protocol, but if you connect to all sorts of random DeFi protocols to farm coins, you’re asking for trouble.
Eventually you may connect and approve access to a scam site or protocol that will get hacked and spam you with fake links! Be on guard and try to limit the size of your approvals only for the specific transaction amount you require then and there, not more.
Go now in your Rabby wallet and check your approvals as shown in the above images. You can also do the same on the Revoke site. Revoke all access to protocols and sites you never plan to use again or you suspect are not secure enough.
This action will limit and mitigate your risk exposure. If you also use Rabby you basically narrow down the vectors of attack from scammers by a big margin. However, that’s still not enough.
You need a hardware wallet to compound your security further.
A hardware wallet adds two critical layers of security:
Transactions require your physical approval and confirmation on the device
The seed is generated and stored offline
Think of this like Rabby on steroids.
A hardware wallet asks you to verify the destination address and the fees incurred before you have to physically approve a transaction by pressing a button. This improves your chances at realizing something is wrong if you are being scammed. Instead of a random click, you actually know what you are doing before approval.
Moreover, your seed is generated and stored offline in the actual device. This is how hardware wallets prevent any attacks via the Internet. No one can access your seed, unless you disclose it by accident or intentionally.
This is why you NEVER type a hardware seed anywhere, especially on a computer. Do not enter your hardware wallet seed in Rabby! If you do, you just compromised it.
If you create a wallet using a seed generated by Rabby or you typed your hardware seed in Rabby by accident, that’s now a hot wallet. Never hold your crypto assets in a hot wallet. Treat that as single-use plastic cup. Nothing else. You can generate as many hot wallets as you need in Rabby with three clicks.
Hot wallets store the seed in an application that is connected to the Internet and with a few mindless clicks you can be drained, particularly on Ethereum! Anything that has a seed and can connect to the internet is a big risk as it can be an attack vector.
For any significant amounts you want a hardware wallet that ONLY connects to Rabby. In this case, Rabby is just your interface to the Internet with all the benefits mentioned above. This way, your crypto assets are in a cold wallet and all approvals happen on the device itself.
The most popular hardware wallets are Ledger and Trezor and cost around $100. You can decide which suits you better. The benefits are real and significant. If you have more than $1,000 in crypto, don’t delay and buy one. It’s a small price to pay for an asymmetric boost in your security and to avoid centralized exchanges!
Together, these layers of protection can save you from the biggest threats, but ultimately, your active vigilance is the best security in crypto.
TLDR & Tips to Remember
Move away from legacy wallets like MetaMask
Use security-focused wallets like Rabby
Bookmark all important DeFi sites, never google them
Revoke access to all DeFi protocols you no longer use
Review your DeFi approvals and limit your exposure
Hot wallets are for small amounts and single-use purposes, nothing else
Buy a hardware wallet for long term storage and security
Be vigilant. Never click on unknown links or pop-ups for approvals
This newsletter is made possible with the generous support of our community Patrons and partners. Upgrade your experience to show your support by clicking the below button or reach out to us on X or Discord to partner.
All info is provided for educational purposes only and is not financial advice.