Wallet Safety
Recommended practices to keep your wallets & assets safe:
Never share your private keys with anyone else, even with close friends and family, or people claiming to be a representative of a legitimate organization. Write it down on a piece of paper and store them in the safest place you know that you can still easily access. You may wish to have 2 copies in 2 different locations, just in case you lose one copy.
Setup multiple wallets for different uses:
Cold Wallet for Storage - keep all valuable assets for long-term storage here, as well as any assets that you do not plan to use, sell or transfer for the next short period of time.
Hot Wallet for Trading - use this wallet to buy and sell NFTs on reputable marketplaces. Once you've bought an NFT, be sure to send it to the cold wallet unless you intend to sell it very soon.
Hot Wallet for Minting - use this wallet to participate in new launches, which can be extremely risky for new beginners. For example, you may receive private messages or notice in social media (Discord, Twitter, Telegram, etc.) announcements that there is a pre-sale link, or a whitelist opportunity, or some special thing you need to do to be able to mint. Most (if not all) of these are scams that can drain your wallet of all your assets. So remember to only fund this wallet with what you need to be able to mint, and only look at official announcements in the project's Discord or Twitter. There is still a possibility that these turn out to be scams (e.g. scam founders or teammates, the social media account has been hacked, etc.), but at least a lot of risk has been mitigated.
Setup and maintain as many wallets as you need to spread your risk enough to feel safe.
Connect ONLY to websites that are highly reputable or that you know would be safe. After exiting those websites, remember to revoke access to those websites within your wallet (often under "Trusted Apps" or "Connected Sites").
Never respond to any unsolicited private messages from unknown parties on any form of social media (email, Twitter, Discord, Telegram, etc.). Do NOT click on any links or download any attachments.
If you need to setup any passwords for anything, make sure they are:
Strong - combination of letters, numbers and special characters, and at least 12 characters long
Unique - a different password for each account
Not easily guessable - do not use your name, date of birth, country, etc.
Has 2FA enabled where possible - an additional layer of verification required, e.g. a biometric scan, an OTP sent to your phone, etc.
Ensure everything are always updated (software wallet, hardware wallet, operating system, browser, etc.), as they typically include security patches and new features that can help protect your assets from known vulnerabilities and threats. Use only reputable and well-maintained software.
Last updated