Decentralized finance (DeFi) is a peer-to-peer global financial system that cuts out the intermediaries and fees associated with traditional finance (TradFi). By interacting with code instead of a workforce, DeFi's users can make significant gains by themselves.
On the other side of the coin, this nascent financial system lacks many of the protections and safeguards that TradFi has established over decades. DeFi requires users to take responsibility for their actions and their security.
DeFi users can "choose their own adventure" with many financial services and products at their disposal. They're also trailblazing new paths in what has been called an economic Wild West, so many precautions are necessary.
In this article, we'll discuss a few DeFi safety tips and crypto best practices that can help users avoid the pitfalls that can leave them rekt.
Don't Use Your Phone or Untrusted Networks for Crypto and DeFi
A litany of crypto hacks can be linked to users using a crypto wallet on their phones. Phones have many attack surfaces that bad actors can exploit, and at this point, it's taking on an incredible amount of known risk to interact with blockchains via mobile wallets–a big reason why Solana is releasing a Web3 phone.
Hackers can copy your SIM card and access your accounts, or they can infiltrate your phone through backdoors in apps you've downloaded. Even worse, you can take every precaution necessary with your phone but still fall victim to a supply chain attack.
Vulnerabilities abound, cached in the software on our phones, and added to this nightmare is how any device connects to the internet. So when you participate in DeFi and sign transactions in your wallet, you want to make sure you trust your network to transmit this information.
Most of us depend on technology built by others to keep in touch with friends, surf the web, and participate in DeFi. The recent exploit that affected around 9,000 Solana users demonstrated how exposed this relationship with technology leaves users if a developer makes a mistake.
DeFi may be cutting out the intermediaries in financial services, but this doesn't mean there isn't a man (or woman) in the middle somewhere. A developer with the best intentions can make mistakes, and bad actors with the worst intentions can find ways to exploit nearly anything.
Do Get a Hardware Wallet to Maximize Your Crypto Security
One way to avoid falling victim to nearly every crypto hack is to set up a hardware wallet and use it correctly. A hardware wallet, also known as a cold wallet or cold storage, allows you to store your private keys on a physical drive and disconnect it from the rest of the world when not in use.
Reportedly, Solana Ledger users were unaffected by the recent exploit. If you're participating in DeFi on Solana, you can order a Ledger to help keep your crypto safe.
It's best to order your hardware wallet directly from the manufacturer, since third-party sellers can tamper with devices before shipping them. Also, you'll want to use a burner email address and receive the delivery somewhere other than your home to minimize the chances of this information falling into the wrong hands.
Once you get your hands on a hardware wallet, make sure you set it up with a new set of private keys, not the same keys you use with your hot wallets. Then, whenever you want to interact with a DeFi protocol, you can sign transactions from the keys on your cold wallet, which has never seen the light of day, minimizing the time this information can be exposed to the world.
Even if you go full degen and keep most of your crypto churning in DeFi smart contracts instead of in your wallet, you'll want to ensure your keys are as safe as possible. Once a hacker accesses your private keys, they can withdraw all of your deposits.
Don't Talk to Strangers or Click Strange Links Whatsoever
On the human side of things, you won't find customer service departments and customer support managers in DeFi. You're pretty much on your own.
If you need help, you can approach a DeFi project through their trusted channels and talk with a team member on Discord or Telegram. You still want to make sure you're in the correct server or group, not a spoof, and double-check you're talking to the right people.
DeFi projects will rarely message you out of the blue and never ask for sensitive information like a seed phrase. So even if you have a hardware wallet and share your seed phrase with a scammer, you're out of luck.
Social engineering is a crypto scam that sometimes catches experienced users off-guard, so take every precaution when interacting with others over the internet. Divulging information about your crypto and DeFi positions on social media can be like painting a target on your forehead, so it's best to keep mum about as many details as possible.
On a serious note, it took less than two days for the internet to figure out where Shia Labeouf hid a flag in the middle of nowhere, so revealing aspects of your crypto net worth and any other personal information over the web is a terrible idea. Meatspace crypto attacks have happened before, and you certainly don't want to encounter a five-dollar wrench.
Ignore anyone who messages you first about anything crypto or DeFi-related. Make this a hard and fast rule, since it's one of the best ways to avoid phishing scams. Don't click links you do not trust or any link that did not come from a trusted source (someone you know, and you're 100% sure it's their genuine account messaging you).
Take Heed: Your DeFi Safety Depends on You Alone
Your DeFi safety relies on your ability to secure your crypto and avoid risks. Remember, it might be impossible to recover your funds if your Solana private key ends up in the hands of a malicious actor, so you should venture into DeFi as cautiously as possible.
After the recent wallet attack that affected users of one specific wallet, nearly everyone who delayed getting a hardware wallet was kicking themselves as the exploit unfolded in real-time. You don't want to be scrambling to figure out how to set up a paper wallet the next time a mass crypto hack happens, and no one knows why it's happening.
DeFi operates through trustless technologies, but you still have to trust that every part of your system, which someone else has built, won't be exploited. You also have to trust that you won't be the weakest link in your DeFi security, which is a challenge for everyone.
Make sure you follow some DeFi safety best practices, know what you're up against, and be safe out there!
Keep in Touch