When first diving into interacting with decentralised applications (dApps) in the world of decentralised finance (DeFi), new crypto users need an onramp to perform transactions and interact with smart contract-ready blockchains. This is typically done through a non-custodial crypto wallet, which maintains a user’s account information and data such as private keys and addresses. Similarly, many crypto users manage their accounts and funds on a hardware wallet: a physical cold storage wallet such as the Ledger Wallet which maintains a user’s private keys on a tangible device.
When first starting out with interacting with various protocols and smart contracts, a user must understand the importance of crypto wallet security and how to mitigate risks of losing funds through exploits, scams, and various other malfeasances.
Let’s first dive into some of the ins and outs of crypto wallet security when navigating through DeFi - we’ll focus on keeping your private keys secure and safety management on your MetaMask wallet or hardware wallet.
Digital Wallet Security - Private Keys and Seed Phrases
As non-custodial wallets, MetaMask and other crypto wallet browser extensions such as Phantom do not have access to your wallet’s private keys or secret recovery phrases. This means that it is the sole responsibility of the wallet owner to protect the wallet by maintaining control and security over their private keys and any passwords/recovery phrases.
As a prioritised step, it is important to have your private keys/recovery phrases saved in a secure spot to make sure you can recover wallet access or transfer your accounts between wallets.
To do so within MetaMask:
- Click on the accounts tab on the top right of the wallet and navigate to the settings section
- Scroll down and click on “Security & Privacy” tab
- Click on “Reveal Secret Recovery Phrase” and enter your MetaMask password
- Saved the recovery phrase in a secure location for future use
This will allow you to transfer your MetaMask wallet account between browsers and computers if needed.
In order to save private keys for specific accounts from within your MetaMask, we must follow similar steps within the extension:
- Navigate to the account you want to secure
- Press on the dotted dropdown window and select “Account Details”
- Click on “Export Private Keys”
- Enter your MetaMask password to reveal your private key - save and store wherever it will be safe
We stress the importance of storing and maintaining your private keys on paper as well, as this mitigates the risk of losing your keys through online attacks and losing access to the digital storage locations.
Immediately, we are shown the private key corresponding to the selected wallet address. MetaMask features a message that states “Warning: Never disclose this key. Anyone with your private keys can steal any assets held in your account.”
This message is of dire importance to any new crypto wallet user, as one of the main reasons why non-custodial wallets are hacked and their assets stolen/lost is because the holder discloses or loses the wallet’s secret recovery phrase and/or their private keys.
To mitigate the risk of losing your funds, make sure you follow the MetaMask warning and never disclose your private keys or seed phrase to anyone. The most common fraud that occurs with respect to crypto wallet access is when criminals impersonate MetaMask or crypto wallet employees or act as tech assistants for wallet management services. Real MetaMask employees and any other workers/help desk personnel will never ask you for your private keys or any data that will expose private information.
To not fall victim to such scams, make sure to store your private keys/seed phrases in secure locations and not share them with anyone. The only reason to be accessing your private keys/seed phrases would be to transfer accounts between crypto wallets or set up a MetaMask account on a different browser, which should be done solely by you, and you alone!
Hardware Wallets - Security and Maintenance
Hardware wallets are similarly non-custodial, but keep your private keys stored and encrypted on a physical tangible device. Hardware wallets are a form of cold storage, meaning that the private keys stored on the device are never exposed to the internet but rather fully managed and secured offline on the hardware wallet. This means that possible hacks and other cyber attacks are virtually impossible to compromise your private keys and other stored data.
Typically, if your hardware wallet is lost, the assets are backed up by a seed phrase, similar to MetaMask. Keeping your seed phrase secure is important in recovery access to a hardware wallet and transferring between hardware wallets, should the need for this arise.
All in all, hardware wallets add an additional layer of protection to your private keys and accounts, as this data is stored fully offline on your hardware wallet device. The most popular hardware wallets include the Ledger and Trezor wallets, which typically come in the form of small USB-like devices that plug into your PC.
While hardware wallets are more secure than typical “hot” wallets like MetaMask, it is still important to upkeep proper wallet maintenance and safety to mitigate risks of phishing and scams. Keep your private keys and seed phrases safe and backed up to a secure location. Be sure to keep a paper copy of your keys/seed phrases as well to make sure they are not lost in the event of an online security breach or hack.
The world of decentralised finance is beaming with opportunities and is one of the most innovative and growing sectors of the cryptocurrency industry. When first starting to explore its many possibilities, new users must be wary of the many risks associated with crypto wallet maintenance. To combat the most common scams/exploits, be sure to keep your private keys/seed phrases secure and accessible to only you. Whether it be your MetaMask or a hardware wallet, the key to mitigating risk within crypto is to always do your own research and to properly manage wallet security.