Best defi security practices

Hey everyone, what are all the ways a wallet can get hacked/phished and what would be the best measure to avoid each?

My wallet recently got drained (luckily not all of it) and I really want to prevent this from happening in the future. I’m hoping to come up with some sort of maximum safety plan.

For example, to avoid getting phished do x, y, and z.
Store longterm crypto in cold wallets, etc.

I just want to know every angle I can get attacked from, and how to prevent it. If changing wallets every month decreases my chances, ill take it. Hopefully this post helps people new to defi aswell. Thanks.

View Source

16 thoughts on “Best defi security practices”

  1. I run browser addons that disable scripts, cookies, trackers…etc

    I ensure the address matches the site I want exactly

    My seed is not on my computer

    My seed is not connected to the internet

    I do not blindly approve smart contracts

    If I don’t give away my seed phrase I don’t see how I could ever be hacked

  2. I’d say go to coingecko to find the DEX website, try not to use a search engine for stuff, and try not to download questionable stuff on your PC.

  3. Today I searched for strongblock and the ad at the top of the results was a fake site. I didn’t think twice as I usually have my ad blocker on, but apparently not today. The site popped up a fake metamask dialog and asked for my password, and then my secret phrase which I did not put in. Moral of the story, don’t just click links wherever you find them, DYOR even for urls.

  4. I find that searching for the token on CMC or Coingecko. That way I can follow the link to the website. Best way to make sure.its the right website, also double check it by looking on their twitter as well.

  5. Absolutely without question use a hardware wallet. Anything you can do in Metamask you can do with a Trezor or Ledger connected to it to sign all the transactions.

    Also routinely visit []( or other sites like it to make sure you don’t have any contract approvals that you don’t expect to be there.

  6. For me it’s hw wallet, multiple hw wallets, keep seed phrase on paper only, backup written with cypher in another location.

    Double check beginning and ending of all addresses. When possible use a hot wallet address to transact with contracts. Send tokens back to a cold wallet (hw wallet).

    So far I’ve done a lot on defi and even bought shady shitcoins on BSC and haven’t lost money.

    2x I got rekt. Kept my private key on evernote in 2014. Downloaded a Bitcoin wallet without triple checking it was legit.

  7. I’ve also started disconnecting from sites on MetaMask whenever I’m not using them. I assume that would decrease smart contract risks a bit.

  8. Use a hardware wallet and only connect to sites you trust.

    Always verify the URL is official prior to connecting.

    SafePal S1 works great with dapps

  9. Use hardware wallets for the big bulk of your funds and keep your trading amount in a hot wallet (e.g. a browser extension). Depending on the size of your funds, you could even use a professional custody service which also performs AML checks for your transactions.

  10. Bookmark your sites and use bookmarks when visiting – this will prevent you from connecting to a phishing site.

    Never ever enter seed phrases to a site.

    Create a separate profile in Chrome or Brave for your crypto activities and a different profile for all other activities.

  11. There are many things you can do which take a whole lot of time, which some people wouldn’t mind (who wouldn’t its money). But for me it’s just unnecessary when you have privacy exchanges, dexs to be exact. I’ve recently discovered Venice Finance built on the findora block chain thats big on programmable privacy. Venice is developing bulletproofs and works with zk proofs. This allows you to proof you made a transaction with out actually showing it. Complicated stuff I know! but with exchanges like this make it easy and why less likely to get hacked.

  12. The best DeFi security practices is to invest in projects that good projects.. The likes of SPOOL finance which is designed to allow one to securely diversify his assets at minimal risk while maximizing profit…

  13. Identity theft, hacks, and spamming is the order of the day in recent times while so many platforms are looking for security measures, Ore Network offers a very spectacular kind of identity and portfolio management with its ORE ID which makes it very unique amongst all.


Leave a Comment