Following a recent flurry of Metamask issues, I reached out to people in the community who might be interested in writing a short piece on some basic security housekeeping when operating in DeFi.
Purple Fortress, who offer security assessments for crypto users to check if they are as safe as they think they are. Anyway, thanks for doing this and I hope it keeps some folk safe going forward.
I’d be open to more guest articles too if anyone is interested and has a cool topic give me a shout on Twitter.
The never-ending journey of securing your crypto might be broken into three phases:
Learning the basics of good cyber hygiene.
Adopting crypto security best practices.
Assessing and managing risks unique to your circumstances.
It’s likely we have mastered aspects in all three of these areas and simply need to work to fill any gaps of knowledge or practice.
However, all the work and effort you have put into securing your assets can be destroyed in seconds if you break the golden rule of crypto:
Never reveal your seed phrase.
What is the seed phrase and why is it so important? Coinbase describes it as “a series of words generated by your cryptocurrency wallet that give you access to the crypto associated with that wallet.”
Many might think of the seed phrase as being comparable to the combination of your password and two-factor authentication (2FA) code needed to log into your “crypto” bank account. A seed phrase is even more valuable – because even if you gave someone your bank account password and 2FA code there are still protections in place. The bank may flag the login because it’s originating from another country, or the withdrawal amount might exceed a set limit. Giving someone your seed phrase would be like giving them a Mission Impossible-style face mask and voice changer, your social security card, passport, and the last 12 months of pay stubs. With that information, they could walk into your bank posing as you and leave with your life savings in small denomination bills, with the bank employees wishing them the best.
Since the true value of the seed phrase is often misunderstood, it is the preferred method of attack by scammers. Even if an attacker could determine your public IP address, hack into your home router, exploit a vulnerability on your PC, install malware, and attempt to steal your crypto – why would they? The easiest and fastest way to fleece you is to simply ask for your seed phrase.
The “ask” comes in various forms (scams) in which you are tricked into believing that you need to type your seed phrase into the keyboard:
To make or redeem a large sum of money
To save yourself from losing a large sum of money.
To get help with a technical problem you are having.
To transfer funds.
…and the list goes on.
Understanding what the seed phrase is and why attackers want it helps you realize why a legitimate entity would NEVER ask you for it. It is for you alone to use in a “break glass in case of emergency” situation in which you dropped your crypto hardware wallet into the blender by mistake.
You can be successful in this market, and over time you will continue to improve your security knowledge and practices IF you follow the golden rule of crypto and NEVER reveal your seed phrase.