Skip to content
EARN PASSIVE INCOME WITH DEFI VIA MARKET MAKING
EARN PASSIVE INCOME WITH DEFI VIA MARKET MAKING
WHAT IS THE OVERALL GOAL?
WHAT IS THE STRATEGY?
WHAT DO I PROVIDE?
HOW DO I GET STARTED?
WHAT ARE THE RISKS?
WHAT ARE THE OPEN QUESTIONS?
WHY DON'T I JUST HOLD ETH?
SUMMARY
RESOURCES
More
Share
Explore
RESOURCES

icon picker
SECURE SECURE SECURE!

Resources
https://consensys.net/blog/metamask/metamask-secret-seed-phrase-and-password-management/
https://support.apple.com/en-in/guide/mac-help/flvlt003/mac
Below is a curation of tweets, articles on security best practices not only for crypto but in general. Stay Vigilant

Bobby Ong Security Tweets

This is from a series of Bobby Ong tweets found
here:

Never reuse passwords

Your password has most likely been compromised in security incidents from the hundreds of websites that you have signed up. Always use unique passwords. If you want to see which websites have leaked your passwords previously, visit https://haveibeenpwned.com

Use Password Manager

Use a password manager If you need to use a unique password for each website, how do you remember them all? Use a password manager like
@1Password
or
@LastPass
to generate long, strong passwords. Remember only the master password and let the password manager do the rest.

2FA everything

You should use 2-factor authentication for every service that offers it. Don't use SMS-based 2FA as it's not secure. Use apps like Google Authenticator or
@Authy
. If you use Authy, make sure you install it on another backup device and then disable multi-device.

Use Hardware-based 2FA

Consider using hardware-based 2FA If you have the funds, consider upgrading to a hardware-based 2FA like
@Yubico
, Google Titan, Thetis etc. This changes your 2FA from an app to a physical USB device that you will need to authenticate before logging in.
Loading
t.co

Use Crypto Hardware Wallet

Use a crypto hardware wallet If you have crypto on
@MetaMask
or other wallets, you MUST use a hardware wallet like
@Trezor
or
@Ledger
. Without using a hardware wallet, you are just waiting for a hacker to take away all your coins one day. Spend the money to invest in one.

Uninstall All Chrome Extensions

Uninstall all Chrome extensions Chrome extensions are useful to help improve productivity but some extensions are rogue. They may have excessive permissions to read your data so unless you absolutely 100% trust the extension developer, uninstall them all. Not worth the risk

Use Separate Browser Profiles

Use separate browser profiles If you must use a Chrome extension, then separate out you
@MetaMask
extension to its own browser profile. You can create multiple profiles for all the different wallet extensions you need to use. Here's a guide:
https://support.google.com/chrome/answer/2364824?co=GENIE.Platform%3DDesktop&hl=en

Limit Smart Contracts

Limit smart contract approvals When you interact with smart contracts, don't give unlimited token approvals. This allows the smart contract to drain all your tokens if it goes rogue. Here's a step-by-step on how to set limits and revoke contracts:
Doing so is safer because if a smart contract has unlimited spend limit for one of your tokens, say USDT, it can drain your entire USDT balance if the contract is malicious or has a backdoor. This is not a desirable outcome, so always control what permission you give out.
Do use
@etherscan
's token approval checker to see which contracts that you have given unlimited spend limit. Connect your wallet via Web3 and click the Revoke button. I like Etherscan's token revoke function the best amongst all the tools out there.
https://etherscan.io/tokenapprovalchecker

Pro Tip for anyone using Metamask to interact with smart contracts - don't set unlimited spend limit when approving transactions. Always click Edit on Permission and customize the spend limit to the amount that you want to send.

Don’t Doxx Yourself

Don't doxx yourself Whenever possible, use an exchange to send crypto funds to someone else. When you send funds from your wallet, you doxx your crypto balance and your entire transaction history (past & future).
@FTX_Official
allows zero-fee transfer with some FTT staking.

Secure Mobile Phone

Secure your mobile phone This is especially prevalent for US telcos where they have been many incidences of SIM-jacking. Follow this excellent guide from
@krakenfx
on how to secure your mobile number
Loading
t.co

Don’t Click On Ads

Don't click on ads Make it a habit to never click on ads - especially Google Search ads. Take a look at these phishing ads targeting
@blockchain
and
@myetherwallet
. I am worried that more scam ads will appear again now that Google has reversed the ban on crypto ads

Be Careful of Giveaways

Be careful of giveaways tweets and DMs There are tons of such scam giveaway tweets, DMs, Youtube ads, Facebook comments etc. It's all over the place and very hard to moderate and police them all. Ignore them all. If it's too good to be true, it probably is!

Never Download or Open Files from Strangers

Never download or open files from strangers You never know which file will end up installing a keylogger. Configure your Windows laptop to always show the file extension. Don't open ZIP files from random strangers. Read this thread for the full detail:

Be careful with cold emails

Can you spot the scam in the email below? Notice how there is no dot in the i in http://coingecko.com. Scammers have registered special characters representing crypto domains and it is very hard to spot. This is a scam email - don't fall for it


Security Guide for All

This is not a step specifically but I just want to share
@tayvano_
super writeup on security. Follow everything that she recommended here:
Loading
t.co
Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.