Wallet Security Best Practices: Protect Your Crypto

Seed Phrase Security

Your seed phrase is the master key to your wallet. Never store it digitally in any form: no screenshots, no notes apps, no cloud storage, no emails. Write it on paper and store it in a physically secure location. For larger holdings, engrave it on a metal plate for fire and water resistance. Consider storing copies in multiple secure locations.

Never share your seed phrase with anyone for any reason. No legitimate service, support agent, or wallet provider will ever ask for it. Any request for your seed phrase is a scam without exception. If someone gains access to your seed phrase, they can drain your entire wallet from anywhere in the world.

Avoiding Phishing Attacks

Phishing is the most common way crypto users lose funds. Attackers create fake websites that look identical to legitimate wallet interfaces, dApps, or airdrop claim pages. Always bookmark the official URLs of wallets and dApps you use regularly and access them only through bookmarks, never through search results or links in social media, Discord, or emails.

Be skeptical of any unsolicited messages about airdrops, free tokens, or urgent wallet actions. Verify the URL in your browser address bar before connecting your wallet. Use wallets with built-in phishing detection like Rabby, which warns you about known malicious sites. If a deal seems too good to be true in crypto, it is almost certainly a scam.

Token Approval Management

When you interact with DeFi protocols, you often grant smart contracts permission to spend your tokens (token approvals). These approvals persist indefinitely unless revoked. If an approved contract has a vulnerability or turns malicious, it can drain the approved tokens from your wallet.

Regularly audit your outstanding approvals using tools like Rabby's built-in manager or revoke.cash. Revoke approvals for contracts you no longer use. When granting new approvals, consider approving only the amount needed rather than unlimited spending. Use Rabby's transaction simulation to see exactly what approvals a transaction is requesting before you sign.

Hardware Wallet Best Practices

Buy hardware wallets only from official manufacturer websites (ledger.com, trezor.io). Never buy from third-party sellers on Amazon or eBay, as devices may be tampered with. When you receive the device, verify the packaging seals are intact. Initialize the device yourself and generate a fresh seed phrase; never use a pre-configured device.

Always verify transaction details on the hardware wallet screen before confirming. The screen on your computer could be compromised, but the hardware wallet screen shows the true transaction. Set a strong PIN and consider enabling a passphrase for additional protection. Keep your firmware updated through the official companion app.

Operational Security Tips

Use a dedicated browser or browser profile for crypto activities to isolate your wallet from other browsing. Keep your browser extensions minimal, as malicious extensions can interact with your wallet. Use separate wallets for different risk levels: a hardware wallet for savings, a hot wallet for DeFi, and a burner wallet for interacting with new or unverified contracts.

Enable all available security features: biometric authentication on mobile wallets, auto-lock timers, and hardware wallet integration for software wallets. Before connecting your wallet to any new dApp, research the protocol, check if it has been audited, and start with a small amount. Regularly review your wallet activity for any unauthorized transactions.