Earlier this week, an attack was revealed on one of the largest blockchains in the crypto space, Solana, impacting more than 9,000 wallets and millions of cryptocurrencies were stolen from the wallets. This is not the first time Solana was targeted, nor the first hacking case happening this year.
We have warned all the users of this security breach and informed users to move their funds to secure places. Further than that, this article will explore several non-exhaustive ways to secure your crypto assets and NFTs.
Create multiple wallets
It is possible to create unlimited wallets to hold and manage your crypto assets, though not everyone will choose this way especially when you are controlling a large number of cryptocurrencies.
Hardware wallets like SafePal S1 are great tools to keep your private key safe, because they store the private keys in an offline environment, cutting all the possible access from other online hackers or malicious viruses.
On the other hand, software wallets offer more convenience and mobility, especially when you are actively engaging in the DeFi ecosystem and need to manage staked assets on a more frequent basis.
If you own both types of wallets, do not store all of your assets in one single wallet. This behavior will lead to the single point of failure when hackers can easily drain your wallets by accessing the single wallet you own.
Instead, it is always recommended to create two types of wallets and setting up multiple wallets on them:
- Hardware wallet for the storage of a large amount of crypto
- Software wallet for daily transactions and authorizations
On top of that, it is also important to create multiple wallet accounts on each type of wallet, to create barriers between different wallets accounts and lower the risks of losing them all due to one single attack. For example, on each type of wallet:
- Create one wallet for pure storage (with no smart contract engagements)
- Create another one for transactions and smart contact authorizations on a secure basis
With this practice, you can build up multiple layers of protection against malicious attackers. Even if one of your wallets is compromised, your assets are still safely stored in other wallets.
SafePal App enables you to create unlimited software wallets while still pairing to multiple hardware wallets in one place. You can view and manage your full list of assets at a glance, without losing track of where your assets are stored in.
Get a hardware wallet
As mentioned above, hardware wallets like SafePal S1 protect your seed phrase in an offline environment. The device is isolated from the internet, with no WiFi, no Bluetooth, no NFC, or any other radio frequencies, eliminating all the risk exposure from remote online attacks.
On top of setting up your own hardware wallet, it is also recommended not to recover a used seed phrase on the new device, because the used seed phrase could have been compromised in the previous usage. Instead, generate a new set of seed phrase on the offline hardware wallet to guarantee a higher security level.
Passphrase is an advanced security feature that creates hidden wallets under the same seed phrase. Even if your seed phrase is leaked or stolen, the bad actors are not able to steal the assets stored under the Passphrase-enable account. SafePal has supported the Passphrase feature that allows you to generate as many Passphrase as possible for one seed phrase, creating multiple Passphrase-enable wallet accounts for secure asset storage.
After creating multiple Passphrase-enable accounts, you can connect all of them to the SafePal App under different wallet names.
Since every Passphrase-enabled wallet needs to be recovered with both the seed phrase and the Passphrase, we strongly recommend storing the seed phrase and Passphrase in separate different locations, as whoever gets access to the seed phrase and the Passphrase will have full access to the Passphrase-enable wallet.
Review your wallet interactions and revoke the authorization to third-party DApps
Wrongful authorization to malicious smart contracts has become another major scenario where people got hacked. When authorizing a smart contract to your wallet, it is possible that you have also authorized the smart contracts from moving your money to else places, leading to potential risks of being scammed or rugged. A single malicious contract, when improperly signed and authorized, could get permission to move all your assets to another place, draining your entire net worth.
When signing transactions or authorizing smart contracts, make sure that you are only signing or authorizing on the websites you trust. If you see something too good to be true, or slightly suspicious, do not risk it.
If you are not sure which smart contracts you have signed or authorized already, use tools like Revoke Manager in the SafePal App to easily scan and review all the signed smart contracts. Revoke those you don’t trust or haven’t used for a long time to keep your wallet protected from potential risk exposure.
Review of your seed phrase and private key storage
Your seed phrase and private key need to be protected at all costs, because whoever gets access to them will have full control over your wallet.
Do not store your seed phrase or private key on the internet, in the Cloud, in any computer file, whether it is typed or in a photo, that can potentially be compromised.
Do not take a photo of your seed phrase or private key. Instead, write it down on a piece of paper and put it in secure locations that only you know. Actually, a piece of paper is not good enough for long-term storage already, because it is not resistant to water, fire and corrosion. You can consider getting a strong media like SafePal Cypher to protect your seed phrase from water, fire, and corrosion.
Always have a strong security mindset
As blockchain technologies evolve, new potential risks could come along. There could be new ways of attacking blockchain infrastructures and stealing cryptocurrencies. It is always important to keep updated on the latest trend of the new technology and equip yourself with the proper knowledge in blockchain asset security.
If you believe that your wallet is compromised, do these steps immediately:
- Disconnect the wallet from the internet immediately
- Create a new wallet on a brand new device
- Import the seed phrase of the compromised wallet and send all the remaining assets to your new wallet immediately
We hope that these tips are helpful in securing your crypto assets and preventing your funds from being hacked. Welcome to follow our Twitter or join our Discord community to equip yourself with more useful knowledge on how to protect crypto assets safely.
SafePal — Own Your Crypto Adventure