DeFi Security: Best Practices

In this article, we'll discuss a few DeFi safety tips and crypto best practices that can help users avoid the pitfalls that can leave them rekt.

Note: This article is not financial advice. Hubble Protocol does not endorse any tokens, platforms, or businesses mentioned in this article.

Key Takeaways

  • Don't use mobile devices to interact with DeFi.
  • Get a hardware wallet and use it correctly ASAP.
  • Don't click anything that is not 100% trustworthy.

Decentralized finance (DeFi) is a peer-to-peer global financial system that cuts out the intermediaries and fees associated with traditional finance (TradFi). By interacting with code instead of a workforce, DeFi's users can earn significant yields by themselves.

On the other side of the coin, this nascent financial system lacks many of the protections and safeguards that TradFi has established over decades. DeFi requires users to take responsibility for their actions and their security.

DeFi users can "choose their own adventure" with many utilities and dApps at their disposal. However, they're also trailblazing new paths in what has been called an economic Wild West, so many precautions are necessary.  

This article will discuss a few DeFi safety tips and crypto best practices that can help users avoid the pitfalls that can leave them rekt.

Don't Use Your Phone or Untrusted Networks for Crypto and DeFi

A litany of crypto hacks can be linked to users using a crypto wallet on their phones. Phones have many attack surfaces that bad actors can exploit, and at this point, it's taking on an incredible amount of known risk to interact with blockchains via mobile wallets–a big reason why Solana is releasing a Web3 phone.

Hackers can copy SIM cards and access accounts, or they can infiltrate phones through backdoors in apps users have downloaded. Even worse, users can take every precaution necessary with their phones but still fall victim to a supply chain attack.

Vulnerabilities abound, cached in the software on our phones, and added to this nightmare is how any device connects to the internet. So when participating in DeFi and signing transactions in a crypto wallet, make sure the network can be trusted.

Most peeople depend on technology built by others to keep in touch with friends, surf the web, and participate in DeFi. The recent exploit that affected around 9,000 Solana users demonstrated how exposed this relationship with technology leaves users if a developer makes a mistake.

DeFi may be cutting out the intermediaries in financial services, but this doesn't mean there isn't a man (or woman) in the middle somewhere. A developer with the best intentions can make mistakes, and bad actors with the worst intentions can find ways to exploit nearly anything.

Do Get a Hardware Wallet to Maximize Crypto Security

One way to avoid falling victim to nearly every crypto hack is to set up a hardware wallet and use it correctly. A hardware wallet, also known as a cold wallet or cold storage, allows users to store their private keys on a physical drive and disconnect it from the rest of the world when not in use.

Reportedly, Solana Ledger users were unaffected by the recent hot wallet exploit. Users participating in DeFi on Solana can order a Ledger to help keep their crypto safe.

solana ledger solana private key crypto hack
Ledger wallets are compatible with Solana.

It's best to order a hardware wallet directly from the manufacturer, since third-party sellers can tamper with devices before shipping them. Also, new users will want to use a burner email address and receive the delivery somewhere other than their home to minimize the chances of this information falling into the wrong hands.

Once you get your hands on a hardware wallet, make sure you set it up with a new set of private keys, not the same keys you use with your hot wallets. Then, whenever you want to interact with a DeFi protocol, you can sign transactions from the keys on your cold wallet, which has never seen the light of day, minimizing the time this information can be exposed to the world.

Even if you go full degen and keep most of your crypto churning in DeFi smart contracts instead of in your wallet, you'll want to ensure your keys are as safe as possible. Once a hacker accesses your private keys, they can withdraw all of your deposits from DeFi dApps.

On the human side of things, you won't find customer service departments and customer support managers in DeFi. Users are pretty much on their own.

If users need help, they can approach a DeFi project through its trusted channels and talk with a core contributor to the community on Discord or Telegram. However, users should make sure they're in the correct server or group, not a spoof, and double-check they're talking to the right people.

phishing crypto scam defi safety
Hubble's help desk lets users report problems directly to the protocol.

DeFi projects will rarely message users out of the blue and never ask for sensitive information like a seed phrase. So even if you have a hardware wallet and share your seed phrase with a scammer, you're out of luck.

Social engineering is a crypto scam that sometimes catches experienced users off-guard, so take every precaution when interacting with others over the internet. Divulging information about your crypto and DeFi positions on social media can be like painting a target on your forehead, so it's best to keep mum about as many details as possible.

On a serious note, it took less than two days for the internet to figure out where Shia Labeouf hid a flag in the middle of nowhere, so revealing aspects of your crypto net worth and any other personal information over the web is a terrible idea. Meatspace crypto attacks have happened before, and no one wants to encounter a five-dollar wrench.

crypto hack defi safety solana ledger
Source: xkcd

Ignore anyone who messages you first about anything crypto or DeFi-related. Make this a hard and fast rule, since it's one of the best ways to avoid phishing scams. Don't click links you do not trust or any link that did not come from a trusted source (someone you know, and you're 100% sure it's their genuine account messaging you).

Take Heed: Your DeFi Safety Depends on You Alone

Your DeFi safety relies on your ability to secure your crypto and avoid risks. Remember, it might be impossible to recover your funds if your Solana private key ends up in the hands of a malicious actor, so you should venture into DeFi as cautiously as possible.  

After the recent wallet attack that affected users of one specific wallet, nearly everyone who delayed getting a hardware wallet was kicking themselves as the exploit unfolded in real-time. You don't want to be scrambling to figure out how to set up a paper wallet the next time a mass crypto hack happens when no one knows why it's happening.

DeFi operates through trustless technologies, but you still have to trust that every part of your system, which someone else has built, won't be exploited. You also have to trust that you won't be the weakest link in your DeFi security, which is a challenge for everyone.

Make sure you follow some DeFi safety best practices, know what you're up against, and be safe out there!

Keep in Touch

Website | Twitter | Telegram | Discord | Email | Reddit

You've successfully subscribed to Hubble Blog
Great! Next, complete checkout to get full access to all premium content.
Error! Could not sign up. invalid link.
Welcome back! You've successfully signed in.
Error! Could not sign in. Please try again.
Success! Your account is fully activated, you now have access to all content.
Error! Stripe checkout failed.
Success! Your billing info is updated.
Error! Billing info update failed.